s3:libads: Allocate cli_credentials on a stackframe

This fixes:
ERROR: talloc_free with references at ../../source3/libads/ldap_utils.c:158

What happens:

* `struct cli_credentials *creds` is allocated on `ads` talloc context
* gensec_set_credentials() creates a talloc_reference to `creds`
* TALLOC_FREE(creds) sees two parents and complains

All other code is using temporary talloc_stackframe() for `creds`.
Do it here as well.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan 23 11:20:28 UTC 2026 on atb-devel-224

docs-xml:smb.conf: Fix "ctdbd socket" documentation

This has been wrong for a very long time.  I only noticed it just
now...  :-(

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15977

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jan 22 23:06:20 UTC 2026 on atb-devel-224

s3:libads: Separate use of ads->config.flags for NBT_* and DS_* values

Use of ads->config.flags is overloaded.

It is used to:

- pass DS_* flags down to cldap_netlogon()
- store the server_type from NETLOGON_SAM_LOGON_RESPONSE

Both cases use different values and cannot be combined.
E.g. flags mess up with value 0x00000080

NBT_SERVER_CLOSEST  0x00000080
DS_PDC_REQUIRED     0x00000080

Let's create two separate flags

nbt_server_type server_flags; /* NBT_* cldap flags identifying the services. */
uint32 required_flags; /* DS_* - Netlogon flags */

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15972

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Thu Jan 22 09:14:25 UTC 2026 on atb-devel-224

s3:libads: Reset ads->config.flags in ads_disconnect()

This is doing the same thing in ads_disconnect() as commit
a26f535 Clear previous CLDAP ping flags when reusing the ADS_STRUCT
did in ads_current_time()

In this case we:

1) found cached ADS_STRUCT which already has ads->config.flags set:

  lookup_groupmem()
    ads_cached_connection()
      ads_cached_connection_reuse()

2) started search which immediately timeouts (the cached conn. was dead)

  ads_do_search_retry_internal()
    ldap_search_with_timeout() - IO_TIMEOUT

3) Retry loop finds a new DC and tries to connect

  ads_do_search_retry_internal()
    ads_disconnect()
    ads_find_dc()
    ads_try_connect()
      netlogon_pings()
        check_cldap_reply_required_flags()

4) check_cldap_reply_required_flags() fails since ads->config.flags
   (stored possibly long time ago) contain:

   NBT_SERVER_CLOSEST  0x00000080
     which is misinterpreted as:
   DS_PDC_REQUIRED     0x00000080

   the newly found DC is not PDC (we asked for DS_ONLY_LDAP_NEEDED)
   and since previous DC had NBT_SERVER_CLOSEST we want DS_PDC_REQUIRED
   and fail.

We should anyway avoid mixing independent namespaces  NBT_* and DS_*
in the same flag.
Next commit will do that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15972

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

printing: Fix compilation error for native 32-bit time_t

commit#e9a7dce599eb12d broke samba compilation for 32-bit time_t.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15976
Used correct pointer type to fix the warning to fix compialtion.

Pair-Programmed-With: Vinit Agnihotri <vagnihot@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Vinit Agnihotri <vagnihot@redhat.com>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 21 19:23:29 UTC 2026 on atb-devel-224

s3:libads: Do not reduce the page size in case of immediate timeouts

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 21 11:38:40 UTC 2026 on atb-devel-224

s3:libads: Fix trailing whitespaces in ldap_utils.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: Set NT_STATUS_UNSUCCESSFUL for IP address entry

This is what we do in libads/ldap.c too.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15975

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

selftest: Set the ‘report_canonical_client_name’ option in krb5.conf

This will do something later when MIT Kerberos supports this option. For Heimdal
it shouldn’t make a difference.

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jan 21 04:46:43 UTC 2026 on atb-devel-224

selftest: Add functionality for setting extra krb5.conf options

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

selftest: Disable implicit dollar match without canonicalization for promoted_dc

This puts promoted_dc and ad_dc_ntvfs in sync, and avoids an issue in the former
environment where the Heimdal KDC will use the smb.conf from one of the two DCs,
and the MIT KDC will use the smb.conf from the other.

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:kdc: Return SDB_ERR_NOENTRY if canonicalization is required

MIT Kerberos maps this error code to KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, avoiding
problems from the KDC returning KRB5KRB_ERR_GENERIC.

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:test: Add kdc-canon-mit tests

These are modelled after the kdc-canon-heimdal tests.

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

selftest: Remove unused variables

These have gone unused since commit bd60c605ca1cf3f3568646dc3c0ca3501f0bfbec.

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s3:lib: Remove unused code

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

lib:ldb-samba:ildap: fix empty attribute list handling

An LDB request interprets an empty attribute list as a request for no
attributes, but LDAP interprets an empty list as a request for all attributes,
and ["1.1"] as a request for no attributes, as per
RFC4511:4.5.1.8(SearchRequest.attributes).  We need to convert [] to ["1.1"]
in the ildap module before the request goes out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13852

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jan 21 03:29:23 UTC 2026 on atb-devel-224

WHATSNEW: Start release notes for Samba 4.21.0pre1.

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Tue Jan 20 15:00:48 UTC 2026 on atb-devel-224

VERSION: Bump version up to 4.25.0pre1...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

VERSION: Disable GIT_SNAPSHOT for the Samba 4.24.0rc1 release.

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

WHATSNEW: Up to Samba 4.24.0rc1.

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

tdb: version 1.4.15

tdb: Fix parse_hex during `tdbtool storehex`

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

lib: Delay get_iconv_handle() in strchr_m()

Do it the same way as in strrchr_m()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jan 20 12:56:27 UTC 2026 on atb-devel-224

lib: Move a variable declaration closer to its use

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Remove extern const data_blob_null

This actually saves some .text bytes in the code referencing this constant. The
compiler should be smarter to do the right thing than to copy from a shared
location.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Remove &data_blob_null refs

The next patch will remove the data_blob_null global constant. The
APIs here are a bit weird in that they don't work fine with a NULL
pointer but require a reference to a NULL blob. But that's few enough
to add the special case in the callers.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

printing: Inline oneliners used just once

This patch and the 2 previous ones could be squashed, but it's the way those
unfolded :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

printing: Simplify mapping permissions

Use security_acl_map_generic()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

printing: Make structures const static

While there, remove an unused mapping

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

printing: Simplify file_version_is_newer()

We don't need to call fstat(), driver_unix_convert() already does it
via filename_convert_dirfsp().

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

printing: Make file_version_is_newer() more precise

We have timespec_compare, we don't have to loose info.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

printing: Fix file_version_is_newer()

fstring as a function parameter does not really make sense...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

printing: Apply some const

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

printing: Simplify driver_unix_convert()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

printing: Remove indentation with a "goto done"

Review with "git show -w".

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

printing: A little bit of README.Coding in nt_printing.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

printing: Slightly simplify move_driver_file_to_download_area()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

printing: Modernize a few DEBUGs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_fruit: Introduce two helper variables

Makes it a bit easier to read for me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_fruit: Move two variable declarations closer to their use

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_fruit: Fix short-term error path talloc leaks

In the error returns we leaked "streams" on "req". Fix this and
simplify the error paths by using "streams" as temporary talloc
context.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_fruit: Introduce a helper variable

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_fruit: Modernize DEBUGs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Remove a function unused since 2016

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

srvsvc: Move valid_share_pathname() to where it's used

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Remove the pointless unix_format() macro

One of the two callers even had a comment what it does...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

printing: Simplify move_driver_to_download_area()

No need to call strlen() here. Just came across this while looking at
SMB_VFS_CREATE_FILE callers...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

ldb: Avoid a few memset()s with direct structs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

auth: Avoid a memset with calloc

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Reduce indentation with an early return

Review with "git show -w"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Fix a panic message

%s is not a proper file name :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

torture: Apply some "static const"

Only used in this file and never modified

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

loadparm: Simplify canonicalize_servicename()

We have strlower_talloc()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

loadparm: Modernize DEBUGs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

libgpo: Use ISDOT/ISDOTDOT

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Remove unused STR_TO_SMB_BIG_UINT

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Scan output of get quota command with sscanf

sscanf can skip white space and also parse uint32/uint64 for us.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Add a NULL check for get quota command output

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Reduce indentation with an early return

Review with "git show -w"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Replace dfree command output parsing with sscanf

No need to do manual parsing with STR_TO_SMB_BIG_UINT and manually
skipping whitespace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Add a NULL check for dfree command output

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Reduce indentation in handle_dfree_command with early returns

Review with git show -w

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Factor out handling of dfree command into a separate function

Will enable code simplifications with early returns

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Modernize a few DEBUGs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

manpages/vfs_ceph_new: document fscrypt and keybridge options

Document the option used to enable fscrypt-style subvolume encryption
on cephfs. Document the options used to get key material for fscrypt
using the varlink-based keybridge local RPC protocol.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Gunther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Jan 20 06:52:32 UTC 2026 on atb-devel-224

vfs_ceph_new: add keybridge and ceph fscrypt support

Add support for CephFS's new fscrypt feature. Fetch the key material
using the new keybridge varlink local RPC API.

Adds the following configuration parameters for the vfs_ceph_new module:
```
ceph_new:keybridge socket = unix:/run/keybridge.sock
ceph_new:keybridge scope = mem
ceph_new:keybridge name = test
ceph_new:keybridge kind = B64
ceph_new:fscrypt = keybridge
```

Where the various keybridge parameters configure what keybridge server
to use and what key to fetch. The `ceph_new:fscrypt` parameter defaults to
'disabled' and can be set to 'keybridge'. An enum is used here in case
we ever need to support something other than keybridge in the future.

Pair-Programmed-With: Shachar Sharon <ssharon@redhat.com>
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Gunther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

build: add '--with-varlink' configure option

When building with varlink support, require explicit '--with-varlink'
configure option to be set. If set, allow ceph+fscrypt configuration.

Pair-Programmed-With: Shachar Sharon <ssharon@redhat.com>
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Gunther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs: add files to access the varlink keybridge API

Add a pair of helper files that will allow vfs modules to make use of
the keybridge - a varlink API and server that is defined by the sambacc
project. The keybridge server exists to act as a proxy between smbd and
various possible "secrets management" backends. Currently, the sambacc
keybridge server implements a "mem" backend, for testing only, and a
KMIP backend.

Using a local RPC protocol, like varlink + keybridge allows the smbd
side to be very simple and only know how to talk the keybridge API,
versus having to teach it about various other APIs that may need to
make use of things like mTLS.

Furthermore, samba already has an (currently optional) dependency on
libvarlink so adding another use of varlink seems like a fairly
minimal change to samba's set of dependencies. This feature will
not be built on if libvarlink is not enabled. The plan is to add this
to vfs_ceph_new in a future patch.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Gunther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

WHATSNEW: update with vfs_aio_ratelimit details

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Gunther Deschner <gd@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Jan 19 14:25:41 UTC 2026 on atb-devel-224

lib/pthreadpool: protect jobs list from concurrent thread access

ThreadSanitizer identifies a data race with pool->jobs with concurrent
threads in test added in previous commit.

This commit protects the pool->jobs list

(trace and line numbers are from before glue fix in previous commit)

WARNING: ThreadSanitizer: data race (pid=13574)
  Write of size 8 at 0x7b6000020260 by thread T16:
    #0 pthreadpool_tevent_job_done ../../lib/pthreadpool/pthreadpool_tevent.c:405 (pthreadpool_tevent_unit_test_san+0x407080)
    #1 tevent_common_invoke_immediate_handler ../../lib/tevent/tevent_immediate.c:190 (libtevent-private-samba.so+0x8dbf)
    #2 pthreadpool_tevent_job_fn ../../lib/pthreadpool/pthreadpool_tevent.c:351 (pthreadpool_tevent_unit_test_san+0x406bc4)
    #3 pthreadpool_server ../../lib/pthreadpool/pthreadpool.c:655 (pthreadpool_tevent_unit_test_san+0x4043bd)
    #4 <null> <null> (libtsan.so.0+0x323cf)

  Previous write of size 8 at 0x7b6000020260 by thread T13:
    #0 pthreadpool_tevent_job_send ../../lib/pthreadpool/pthreadpool_tevent.c:342 (pthreadpool_tevent_unit_test_san+0x406a09)
    #1 do_nested_pthread_job ../../lib/pthreadpool/test_pthreadpool_tevent.c:463 (pthreadpool_tevent_unit_test_san+0x408932)
    #2 pthreadpool_tevent_job_fn ../../lib/pthreadpool/pthreadpool_tevent.c:351 (pthreadpool_tevent_unit_test_san+0x406bc4)
    #3 pthreadpool_server ../../lib/pthreadpool/pthreadpool.c:655 (pthreadpool_tevent_unit_test_san+0x4043bd)
    #4 <null> <null> (libtsan.so.0+0x323cf)

  Thread T16 (tid=13591, running) created by main thread at:
    #0 pthread_create <null> (libtsan.so.0+0x5ed75)
    #1 pthreadpool_create_thread ../../lib/pthreadpool/pthreadpool.c:711 (pthreadpool_tevent_unit_test_san+0x4045ac)
    #2 pthreadpool_add_job ../../lib/pthreadpool/pthreadpool.c:792 (pthreadpool_tevent_unit_test_san+0x40496f)
    #3 pthreadpool_tevent_job_send ../../lib/pthreadpool/pthreadpool_tevent.c:329 (pthreadpool_tevent_unit_test_san+0x4065e2)
    #4 test_pthreadpool_tevent_job_send_multiple_3 ../../lib/pthreadpool/test_pthreadpool_tevent.c:515 (pthreadpool_tevent_unit_test_san+0x408c25)
    #5 cmocka_run_one_test_or_fixture ../../third_party/cmocka/cmocka.c:2948 (libcmocka-private-samba.so+0x6f92)
    #6 __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 (libc.so.6+0x40e6b)

  Thread T13 (tid=13588, running) created by main thread at:
    #0 pthread_create <null> (libtsan.so.0+0x5ed75)
    #1 pthreadpool_create_thread ../../lib/pthreadpool/pthreadpool.c:711 (pthreadpool_tevent_unit_test_san+0x4045ac)
    #2 pthreadpool_add_job ../../lib/pthreadpool/pthreadpool.c:792 (pthreadpool_tevent_unit_test_san+0x40496f)
    #3 pthreadpool_tevent_job_send ../../lib/pthreadpool/pthreadpool_tevent.c:329 (pthreadpool_tevent_unit_test_san+0x4065e2)
    #4 test_pthreadpool_tevent_job_send_multiple_3 ../../lib/pthreadpool/test_pthreadpool_tevent.c:515 (pthreadpool_tevent_unit_test_san+0x408c25)
    #5 cmocka_run_one_test_or_fixture ../../third_party/cmocka/cmocka.c:2948 (libcmocka-private-samba.so+0x6f92)
    #6 __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 (libc.so.6+0x40e6b)

SUMMARY: ThreadSanitizer: data race ../../lib/pthreadpool/pthreadpool_tevent.c:405 in pthreadpool_tevent_job_done

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15958
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Jan 18 15:16:59 UTC 2026 on atb-devel-224

lib/pthreadpool: Fix possible concurrent access to pool->glue_list

ThreadSanitizer run against tests added in previous commit
identify a race condition with pool->glue_list with concurrent
thread access

WARNING: ThreadSanitizer: data race (pid=13574)
  Read of size 8 at 0x7b2000000368 by thread T7:
    #0 pthreadpool_tevent_job_signal ../../lib/pthreadpool/pthreadpool_tevent.c:370 (pthreadpool_tevent_unit_test_san+0x406c6e)
    #1 pthreadpool_server ../../lib/pthreadpool/pthreadpool.c:657 (pthreadpool_tevent_unit_test_san+0x40443b)
    #2 <null> <null> (libtsan.so.0+0x323cf)

  Previous write of size 8 at 0x7b2000000368 by main thread:
    #0 pthreadpool_tevent_glue_destructor ../../lib/pthreadpool/pthreadpool_tevent.c:165 (pthreadpool_tevent_unit_test_san+0x405aed)
    #1 _tc_free_internal ../../lib/talloc/talloc.c:1158 (libtalloc-private-samba.so+0x3419)
    #2 _tc_free_internal ../../lib/talloc/talloc.c:1158 (libtalloc-private-samba.so+0x3419)
    #3 cmocka_run_one_test_or_fixture ../../third_party/cmocka/cmocka.c:2948 (libcmocka-private-samba.so+0x6f92)
    #4 __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 (libc.so.6+0x40e6b)

  Location is heap block of size 120 at 0x7b2000000300 allocated by main thread:
    #0 malloc <null> (libtsan.so.0+0x35799)
    #1 __talloc_with_prefix ../../lib/talloc/talloc.c:783 (libtalloc-private-samba.so+0x2a99)
    #2 test_pthreadpool_tevent_job_send_multiple_2 ../../lib/pthreadpool/test_pthreadpool_tevent.c:399 (pthreadpool_tevent_unit_test_san+0x40856f)
    #3 cmocka_run_one_test_or_fixture ../../third_party/cmocka/cmocka.c:2948 (libcmocka-private-samba.so+0x6f92)
    #4 __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 (libc.so.6+0x40e6b)

  Thread T7 (tid=13582, running) created by main thread at:
    #0 pthread_create <null> (libtsan.so.0+0x5ed75)
    #1 pthreadpool_create_thread ../../lib/pthreadpool/pthreadpool.c:711 (pthreadpool_tevent_unit_test_san+0x4045ac)
    #2 pthreadpool_add_job ../../lib/pthreadpool/pthreadpool.c:792 (pthreadpool_tevent_unit_test_san+0x40496f)
    #3 pthreadpool_tevent_job_send ../../lib/pthreadpool/pthreadpool_tevent.c:329 (pthreadpool_tevent_unit_test_san+0x4065e2)
    #4 test_pthreadpool_tevent_job_send_multiple_2 ../../lib/pthreadpool/test_pthreadpool_tevent.c:423 (pthreadpool_tevent_unit_test_san+0x4086b2)
    #5 cmocka_run_one_test_or_fixture ../../third_party/cmocka/cmocka.c:2948 (libcmocka-private-samba.so+0x6f92)
    #6 __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 (libc.so.6+0x40e6b)

SUMMARY: ThreadSanitizer: data race ../../lib/pthreadpool/pthreadpool_tevent.c:370 in pthreadpool_tevent_job_signal

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15958
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib/pthreadpool: fix free of already freed glue object

The lines are a bit skewed from actual sources (due to temp
debug lines) but I have inserted the relevant source code below

basically if we free ev_link then this will free the glue object, so
deleting the glue object on the next line is not what we want to do.

==14263== Invalid read of size 4
==14263==    at 0x4D13E90: talloc_chunk_from_ptr (talloc.c:527)
==14263==    by 0x4D1621E: _talloc_free (talloc.c:1770)
  249 #ifdef HAVE_PTHREAD
  250 glue->tctx = tevent_threaded_context_create(glue, ev);
  251 if (glue->tctx == NULL) {
  252 TALLOC_FREE(ev_link);
* 253 TALLOC_FREE(glue);
  254 return ENOMEM;
  250 }
==14263==    by 0x51FA0AF: pthreadpool_tevent_register_ev (pthreadpool_tevent.c:253)
==14263==    by 0x51FA302: pthreadpool_tevent_job_send (pthreadpool_tevent.c:324)
==14263==    by 0x4B01E68: vfswrap_fsync_send (vfs_default.c:1104)
==14263==    by 0x49CD9B1: smb_vfs_call_fsync_send (vfs.c:1998)
==14263==    by 0x49CDBF9: smb_vfs_fsync_sync (vfs.c:2057)
==14263==    by 0x494B1E5: sync_file (fileio.c:320)
==14263==    by 0x497CC77: reply_flush (reply.c:5398)
==14263==    by 0x49E28CB: switch_message (process.c:1726)
==14263==    by 0x49E2AA4: construct_reply (process.c:1762)
==14263==    by 0x49E37F8: process_smb (process.c:2017)
==14263==  Address 0xcb415d0 is 0 bytes inside a block of size 144 free'd
==14263==    at 0x484494B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14263==    by 0x4D14F81: _tc_free_internal (talloc.c:1222)
==14263==    by 0x4D15025: _talloc_free_internal (talloc.c:1248)
==14263==    by 0x4D162ED: _talloc_free (talloc.c:1792)

  190 static int pthreadpool_tevent_glue_link_destructor(
  191  struct pthreadpool_tevent_glue_ev_link *ev_link)
  192 {
* 193  TALLOC_FREE(ev_link->glue);
  194  return 0;
  195 }
==14263==    by 0x51F9EC3: pthreadpool_tevent_glue_link_destructor (pthreadpool_tevent.c:193)
==14263==    by 0x4D14CA9: _tc_free_internal (talloc.c:1158)
==14263==    by 0x4D15025: _talloc_free_internal (talloc.c:1248)
==14263==    by 0x4D162ED: _talloc_free (talloc.c:1792)
  249 #ifdef HAVE_PTHREAD
  250   glue->tctx = tevent_threaded_context_create(glue, ev);
  251   if (glue->tctx == NULL) {
* 252           TALLOC_FREE(ev_link);
  253           TALLOC_FREE(glue);
  254           return ENOMEM;
  250   }
==14263==    by 0x51FA08D: pthreadpool_tevent_register_ev (pthreadpool_tevent.c:252)
==14263==    by 0x51FA302: pthreadpool_tevent_job_send (pthreadpool_tevent.c:324)
==14263==    by 0x4B01E68: vfswrap_fsync_send (vfs_default.c:1104)
==14263==    by 0x49CD9B1: smb_vfs_call_fsync_send (vfs.c:1998)
==14263==  Block was alloc'd at
==14263==    at 0x4841984: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14263==    by 0x4D14339: __talloc_with_prefix (talloc.c:783)
==14263==    by 0x4D144D3: __talloc (talloc.c:825)
==14263==    by 0x4D1486C: _talloc_named_const (talloc.c:982)
==14263==    by 0x4D1734D: _talloc_zero (talloc.c:2421)
==14263==    by 0x51F9F46: pthreadpool_tevent_register_ev (pthreadpool_tevent.c:222)
==14263==    by 0x51FA302: pthreadpool_tevent_job_send (pthreadpool_tevent.c:324)
==14263==    by 0x4B01E68: vfswrap_fsync_send (vfs_default.c:1104)
==14263==    by 0x49CD9B1: smb_vfs_call_fsync_send (vfs.c:1998)
==14263==    by 0x49CDBF9: smb_vfs_fsync_sync (vfs.c:2057)
==14263==    by 0x494B1E5: sync_file (fileio.c:320)
==14263==    by 0x497CC77: reply_flush (reply.c:5398)
==14263==
==14263== Invalid read of size 4
==14263==    at 0x4D13EAE: talloc_chunk_from_ptr (talloc.c:528)
==14263==    by 0x4D1621E: _talloc_free (talloc.c:1770)
==14263==    by 0x51FA0AF: pthreadpool_tevent_register_ev (pthreadpool_tevent.c:253)
==14263==    by 0x51FA302: pthreadpool_tevent_job_send (pthreadpool_tevent.c:324)
==14263==    by 0x4B01E68: vfswrap_fsync_send (vfs_default.c:1104)
==14263==    by 0x49CD9B1: smb_vfs_call_fsync_send (vfs.c:1998)
==14263==    by 0x49CDBF9: smb_vfs_fsync_sync (vfs.c:2057)
==14263==    by 0x494B1E5: sync_file (fileio.c:320)
==14263==    by 0x497CC77: reply_flush (reply.c:5398)
==14263==    by 0x49E28CB: switch_message (process.c:1726)
==14263==    by 0x49E2AA4: construct_reply (process.c:1762)
==14263==    by 0x49E37F8: process_smb (process.c:2017)
==14263==  Address 0xcb415d0 is 0 bytes inside a block of size 144 free'd
==14263==    at 0x484494B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-l

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15957
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Add unit cmocka tests for pthreadpool_tevent

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15958
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Add basic cmocka unit tests for pthreadpool

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15958
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Noel Power <noel.power@suse.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

docs-xml/manpages: doc for 'vfs_aio_ratelimit' module

Documentation for newly introduced async-I/O rate-limiting module.

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Gunther Deschner <gd@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sun Jan 18 07:23:19 UTC 2026 on atb-devel-224

s3:selftest: test vfs_aio_ratelimit module

Test VFS aio_ratelimit module: ensure that a (read) delay is indeed
injected.

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Gunther Deschner <gd@samba.org>

vfs_aio_ratelimit: rate-limiting module for async I/O

A new stackable module to allow rate-limiting functionality for async
I/O operations. When the number of IOPS or bytes-per-sec overflow a
user-defined threshold, inject a delay before allowing an operation to
complete, yielding an implicit throughput ceiling. Uses token-based
algorithm to calculate the actual delay.

Pair-Programmed-With: Avan Thakkar <athakkar@redhat.com>
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Gunther Deschner <gd@samba.org>

s4:torture/smb2: add smb2.bench.write test

This test opens one file for each loop (for nprocs * qdepth loops)
and for each file it loops in write requests for the first
io_size bytes.

time smbtorture //127.0.0.1/m -Uroot%test smb2.bench.write \
        --option="torture:timelimit=600" \
        --option="torture:nprocs=1" \
        --option="torture:qdepth=4" \
        --option="torture:io_size=4096"

In order to generate constant load for profiles
--option="torture:looplimit=150000" can be used to stop
after the given number of loops before the timelimit hits.

Sometimes the bottleneck is the smbtorture process.
In order to bring the smbd process to 100% cpu, you can use
'--option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4"'
and run multiple instances of the test at the same time,
which both talk to the same smbd process.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 16 16:50:46 UTC 2026 on atb-devel-224

s4:torture/smb2: let bench.c tests use the initial connection of just once is needed

This makes it easier to analyze wireshark traces,
it will be important for smbdirect over roce, as
wireshark has some problems there.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s4:torture/smb2: fix using uninitialized memory in test_lease_dynamic_share()

We left basically the Channel value of the SMB2 write with a high chance
of being non 0, which means the server should reject the request
as rdma offload is not used.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:smb2_negprot: make use of xconn->transport.type != SMB_TRANSPORT_TYPE_NBT

This is better than relying on the magic port 139.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 16 12:48:19 UTC 2026 on atb-devel-224

s3:utils:status_json fix Non-boolean returned

Fix cppcheck

source3/utils/status_json.c:1385:3: style: Non-boolean value returned
    from function returning bool [returnNonBoolInBooleanFunction]

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15924

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Jan 15 09:18:21 UTC 2026 on atb-devel-224

s4:client:http_test fix Non-boolean returned

fix cppcheck

source4/client/http_test.c:85:3: style: Non-boolean value returned from
    function returning bool [returnNonBoolInBooleanFunction]

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15924

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Anoop C S <anoopcs@samba.org>

s3:tests: Use awk for parsing hexkeys

This just uses valid hex values and doesn't rely on special positions.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jan 15 08:01:36 UTC 2026 on atb-devel-224

s3:tests: Add debug output to test_net_tdb.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Anoop C S <anoopcs@samba.org>

source3:tests: Fix all shellcheck errors found in test_net_tdb.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Anoop C S <anoopcs@samba.org>

Update WHATSNEW with kerberos changes

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jan 15 02:50:59 UTC 2026 on atb-devel-224

ci:autobuild: add MIT schema_dc krb5 tests

The schema_dc environment has the 'require canonicalization = yes' option,
which we want to test with MIT kerberos, but only with relevant tests.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pytest:krb5:as_req: adjust for 'require canonicalization'

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pytest:krb5:ms_kile: adjust for 'require canonicalization'

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pytest:krb5: as_canonicalization recognises require canon option

If the test is run against a

  require canonicalization = yes

server, requests that do not use the canonicalize flag will be
rejected at the preauth stage, so we check that and nothing more.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

s4:test: fix kdc-canon-heimdal tests for 'require canonicalization'

The combination of the server 'require canonicalization' option with a
lack of a 'canonicalize' flag from the client will result in AS_REPs
with PRINCIPAL UNKNOWN.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

s4:test: fix kdc-heimdal simple tests for 'require canonicalization'

The client doesn't request canonicalization here, so we always expect
its AS_REP to be C_PRINCIPAL_UNKNOWN.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pytest:krb5: notice require canonicalization option

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

tests: schema_dc krb5 tests with 'require canonicalization = yes'

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

s4:kdc: honour "kdc require canonicalization = yes"

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

loadparm: add "kdc require canonicalization"

Has no effect yet.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pytest:krb5 as_canonicalization checks no implicit $ return code

We check here instead of selftest/expectedfail.d/* in part because
on MIT some of these cases will fail to fail to ask for preauth.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

tests: run more kdc tests with no implicit $ without canonicalization

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

kdc: match implicit dollar without canon affects AS_REQ client only

The smb.conf option

  kdc name match implicit dollar without canonicalization = no

is supposed to avoid the dollar ticket attack by refusing to consider
"foo$" as a match for "foo" unless canonicalization is requested.

This was rather blunt however, as the only time we care about this is for
the client name in an AS_REQ, and we can easily check whether that is the
case.

This makes the option less intrusive, allowing the use of "SERVER" for a
server name rather than "SERVER$". A number of tests no longer fail.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pytest:krb5:as_canonicalization debug formatting

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>