Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 6 02:42:06 UTC 2025 on atb-devel-224
If a field declared in a conformance file appears within a custom
CODE block in the conformance file, don't warn about the hf being
unused. This theoretically could have false negatives if a field
is mentioned only in a comment in the CODE block; we'd have to
remove the comments with something like Regexp::Common before
searching to avoid that.
The current conformance files in the Wireshark distribution don't
have any such false negative cases, but there are dozens of false
positives prevented by this change.
Signed-off-by: John Thacker <johnthacker@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 5 11:12:35 UTC 2025 on atb-devel-224
pidl: Do not produce a function that is replaced by MANUAL code
If a MANUAL directive in a conformance file causes a function not to be
emitted, do not bother calculating the function that will not be used.
This is similar to the NOEMIT directive, but has different logic because
MANUAL only prevents emitting the function for one level of an element
instead of all the functions and variables. This does not change the
dissectors produced at all, only skips some unnecessary compilation.
In particular, the messages when compiling the pidl-dissectors target:
dnsserver.idl:159: error: Inline arrays not supported
eventlog.idl:54: error: Inline arrays not supported
are no longer inaccurately produced. The inline arrays in those two IDL
files have long been supported through the MANUAL code blocks.
Expand on the error message to suggest the use of MANUAL directives
for implementation.
Signed-off-by: John Thacker <johnthacker@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
pidl: Fix filter names for subcontext length fields
The Perl variable $_->{NAME} never exists at the point in the code;
$e->{NAME} is almost surely intended instead, which makes the subcontext
length field have the same filter name as the parent field with
".subcontext" added.
This changes a few fields, including making some fields in the same
struct or union that incorrectly shared a filter name now have unique
filter names. Also prevents Perl warnings:
Use of uninitialized value in concatenation (.) or string at /builds/wireshark/wireshark/tools/pid
l/lib/Parse/Pidl/Wireshark/NDR.pm line 438.
Signed-off-by: John Thacker <johnthacker@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
If the switch type is not defined (e.g. in a union with no
discriminant) check for that first instead of doing a bunch of
comparisons with an uninitialized scalar variable. Doesn't change
the dissector results, but prevents a bunch of Perl warnings:
Use of uninitialized value $t in hash element at /wireshark/tools/pidl/lib/Parse/Pidl/Typelist.pm
line 194.
Use of uninitialized value in string eq at /wireshark/tools/pidl/lib/Parse/Pidl/Wireshark/NDR.pm l
ine 480.
Use of uninitialized value in string eq at /wireshark/tools/pidl/lib/Parse/Pidl/Wireshark/NDR.pm l
ine 482.
Use of uninitialized value in string eq at /wireshark/tools/pidl/lib/Parse/Pidl/Wireshark/NDR.pm l
ine 484.
Signed-off-by: John Thacker <johnthacker@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
pidl: Warn appropriately on unsupported switch_is discriminants
Microsoft's MIDL supports switch_is discriminants which have limited
C-language expressions including conditionals, logical, relational,
and arithmetic expressions. [1] Some of the distributed IDL files include
such expressions. The current handling in PIDL's Wireshark NDR.pm only
supports a single identifier (possibly a pointer), which appears to be
the way it is defined in the original DCE IDL. [2,3]
In addition, the switch_is discriminant may simply be misspelled or
otherwise not found when parsing, leading to an empty array reference.
Test for the empty array in order to produce a helpful warning message
with the filename and line number, instead of unhelpful Perl warnings.
This does not provide support for the construct not affect the generated
dissectors at all, only reduces 4 unclear warnings into a single useful
warning.
Before:
Use of uninitialized value $name in string ne at /home/johnthacker/wireshark/tools/pidl/lib/Parse/
Pidl/Wireshark/NDR.pm line 516.
Use of uninitialized value in string eq at /home/johnthacker/wireshark/tools/pidl/lib/Parse/Pidl/W
ireshark/NDR.pm line 525.
Use of uninitialized value $name in string ne at /home/johnthacker/wireshark/tools/pidl/lib/Parse/
Pidl/Wireshark/NDR.pm line 527.
Use of uninitialized value $name in string ne at /home/johnthacker/wireshark/tools/pidl/lib/Parse/
Pidl/Wireshark/NDR.pm line 531.
After:
drsuapi.idl:828: warning: ctr switch_is discriminant `level|(type<<16)' not found. (Only single id
entifiers are supported, not expressions as in MIDL.)
The "USED" indicator is never set for params, which results in many
bogus "warning: dissector param never used" messages when compiling
the pidl dissectors. Set it when used, to reduce the number of messages.
Signed-off-by: John Thacker <johnthacker@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Jennifer Sutton [Mon, 3 Nov 2025 03:50:52 +0000 (16:50 +1300)]
docs-xml: Document samba-tool subcommand to generate Certificate Signing Requests
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Nov 5 05:13:01 UTC 2025 on atb-devel-224
Jennifer Sutton [Wed, 8 Oct 2025 01:34:25 +0000 (14:34 +1300)]
samba-tool: Add subcommand to generate Certificate Signing Requests with SID extension
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Jennifer Sutton [Sun, 2 Nov 2025 21:45:44 +0000 (10:45 +1300)]
python: Factor out asn.1 methods into their own module
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Jennifer Sutton [Tue, 7 Oct 2025 21:58:53 +0000 (10:58 +1300)]
samba-tool: Fix comments
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Jennifer Sutton [Thu, 23 Oct 2025 23:25:15 +0000 (12:25 +1300)]
python:tests: Fix code spelling
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Cause: recycle_do_touch() fails since the path ".deleted/administrator/./file"
contains a dot '.' - openat_pathref_fsp_nosymlink() loops over all
components and fails if there is a dot:
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Nov 4 11:38:52 UTC 2025 on atb-devel-224
David Mulder [Thu, 28 Aug 2025 19:09:36 +0000 (13:09 -0600)]
Remove previous himmelblau integration attempt
This was a project attempting to integrate
Himmelblau into Samba, but it has been
abandoned.
Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Tue Nov 4 09:09:40 UTC 2025 on atb-devel-224
nsswitch: Do not leak memory in wbinfo_pam_logon() of wbinfo
We need to always free the memory, not only if verbose mode is wanted.
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7f4df73215a3 in calloc (/lib64/libasan.so.8+0x1215a3) (BuildId: 388ee9ac193f74c177c6f52988d2d0dab110de41)
#1 0x7f4df712833f in wbcAllocateMemory ../../nsswitch/libwbclient/wbclient.c:216
#2 0x7f4df712d996 in wbc_create_logon_info ../../nsswitch/libwbclient/wbc_pam.c:326
#3 0x7f4df712d996 in wbcCtxLogonUser ../../nsswitch/libwbclient/wbc_pam.c:1288
#4 0x7f4df712dda5 in wbcLogonUser ../../nsswitch/libwbclient/wbc_pam.c:1311
#5 0x00000021c014 in wbinfo_pam_logon ../../nsswitch/wbinfo.c:1995
#6 0x00000021c014 in main ../../nsswitch/wbinfo.c:3209
#7 0x7f4df422b2fa in __libc_start_call_main (/lib64/libc.so.6+0x2b2fa) (BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
#8 0x7ffc9aee3e03 ([stack]+0x20e03)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Oct 30 09:11:26 UTC 2025 on atb-devel-224
Remove NULL check for fsp. A NULL fsp is a fatal error
that should never occur in this context.
Signed-off-by: Shwetha K Acharya <Shwetha.K.Acharya@ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Oct 29 14:43:28 UTC 2025 on atb-devel-224
lib:ldb:tests: Fix memory leaks in ldb_lmdb_free_list_test
Found by Leak Sanitizer
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Oct 29 12:18:43 UTC 2025 on atb-devel-224
lib:ldb:tests: Avoid memory leaks in ldb_kv_ops test
Detected by Leak Sanitizer.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Wed, 22 Oct 2025 05:13:29 +0000 (07:13 +0200)]
WHATSNEW: Mention MR 4212
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Oct 26 09:10:57 UTC 2025 on atb-devel-224
s3:client: Use talloc to avoid memory leaks in smbspool
The function uri_unescape_alloc() is called by main() which has a talloc
stackframe.
Direct leak of 13 byte(s) in 1 object(s) allocated from:
#0 0x7fc31351b9a0 in strdup (/lib64/libasan.so.8+0x11b9a0) (BuildId: 388ee9ac193f74c177c6f52988d2d0dab110de41)
#1 0x7fc3129cfb50 in smb_xstrdup ../../lib/util/util.c:760
#2 0x0000002059f8 in uri_unescape_alloc ../../source3/client/smbspool.c:888
#3 0x00000020752a in main ../../source3/client/smbspool.c:347
#4 0x7fc30f62b2fa in __libc_start_call_main (/lib64/libc.so.6+0x2b2fa) (BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
#5 0x7ffd8bb806be ([stack]+0x3b6be)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Oct 24 07:42:37 UTC 2025 on atb-devel-224
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Jennifer Sutton <jsutton@samba.org>
Autobuild-Date(master): Thu Oct 23 01:03:36 UTC 2025 on atb-devel-224
s3:passdb: Fix memory leak in pdb_default_del_groupmem()
Indirect leak of 496 byte(s) in 1 object(s) allocated from:
#0 0x7f1e45121c2b in malloc (/lib64/libasan.so.8+0x121c2b) (BuildId: 388ee9ac193f74c177c6f52988d2d0dab110de41)
#1 0x7f1e44b586a0 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f1e44b59f75 in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f1e44b59f75 in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7f1e44b59f75 in _talloc_zero ../../lib/talloc/talloc.c:2421
#5 0x7f1e42a18460 in samu_new ../../source3/passdb/passdb.c:63
#6 0x7f1e42a381ef in pdb_default_del_groupmem ../../source3/passdb/pdb_interface.c:1098
#7 0x7f1e42a364b1 in pdb_del_groupmem ../../source3/passdb/pdb_interface.c:1130
#8 0x000000388a57 in net_sam_delmem ../../source3/utils/net_sam.c:1324
#9 0x00000038ff79 in net_run_function ../../source3/utils/net_util.c:451
#10 0x00000038bfb6 in net_sam ../../source3/utils/net_sam.c:2306
#11 0x00000038ff79 in net_run_function ../../source3/utils/net_util.c:451
#12 0x0000002ea182 in main ../../source3/utils/net.c:1474
#13 0x7f1e3fc2b2fa in __libc_start_call_main (/lib64/libc.so.6+0x2b2fa) (BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
#14 0x7ffe6b22b79f ([stack]+0x2079f)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Oct 22 15:21:22 UTC 2025 on atb-devel-224
lib:ldb:tools: Do not leak memory in ldb_cmdline_process_internal()
If add_control() hasn't been called before, it will be NULL. Use ret as
the context to allocate memory on.
Direct leak of 110 byte(s) in 1 object(s) allocated from:
#0 0x7fc1b5921c2b in malloc (/lib64/libasan.so.8+0x121c2b) (BuildId: 388ee9ac193f74c177c6f52988d2d0dab110de41)
#1 0x7fc1b56ed6a0 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7fc1b56ee9e8 in __talloc ../../lib/talloc/talloc.c:825
#3 0x7fc1b56ee9e8 in __talloc_strlendup ../../lib/talloc/talloc.c:2454
#4 0x7fc1b56ee9e8 in talloc_strdup ../../lib/talloc/talloc.c:2470
#5 0x7fc1b5f1ad18 in ldb_cmdline_process_internal ../../lib/ldb/tools/cmdline.c:389
#6 0x7fc1b5f1b53c in ldb_cmdline_process ../../lib/ldb/tools/cmdline.c:544
#7 0x000000202a19 in main ../../lib/ldb/tools/ldbdel.c:97
#8 0x7fc1b542b2fa in __libc_start_call_main (/lib64/libc.so.6+0x2b2fa) (BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
#9 0x7ffdced96847 ([stack]+0x38847)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 22 09:25:35 UTC 2025 on atb-devel-224
Direct leak of 376 byte(s) in 1 object(s) allocated from:
#0 0x7ff48b520b4b (/lib64/libasan.so.8+0x120b4b) (BuildId: 388ee9ac193f74c177c6f52988d2d0dab110de41)
#1 0x7ff48bb079d3 in _talloc_realloc ../../lib/talloc/talloc.c:2035
#2 0x7ff48bb0824c in _talloc_realloc_array ../../lib/talloc/talloc.c:2810
#3 0x00000021ab91 in wbinfo_xids_to_sids ../../nsswitch/wbinfo.c:1122
#4 0x00000021ab91 in main ../../nsswitch/wbinfo.c:3065
#5 0x7ff48842b2fa in __libc_start_call_main (/lib64/libc.so.6+0x2b2fa) (BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
#6 0x7ffd3dc6866e ([stack]+0x2066e)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Noel Power <npower@samba.org>
lib:replace: Implement setproctitle() based on PRCTL_MM_MAP
This should work on Linux. It requires CAP_SYS_RESOURCE, but our daemons
run as root anyway.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 22 08:03:35 UTC 2025 on atb-devel-224
Douglas Bagnall [Wed, 3 Sep 2025 02:20:24 +0000 (14:20 +1200)]
CVE-2025-10230: s4:wins: restrict names fed to shell
If the "wins hook" smb.conf parameter is set, the WINS server will
attempt to execute that value in a shell command line when a client
asks to modify a name. The WINS system is a trusting one, and clients
can claim any NETBIOS name they wish.
With the source3 nmbd WINS server (since the 1999 commit now called 3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7) the wins hook will not be
run for names that contain shell metacharacters. This restriction has
not been present on the source4 nbt WINS server, which is the WINS
server that will be used in the event that an Active Directory Domain
Controller is also running WINS.
This allowed an unauthenticated client to execute arbitrary commands
on the server.
This commit brings the nmbd check into the nbt WINS server, so that
the wins hook will only be run for names that contain only letters,
digits, hyphens, underscores and periods. This matches the behaviour
described in the smb.conf man page.
The source3 nmbd WINS server has another layer of protection, in that
it uses the smb_run() exec wrapper that tries to escape arguments. We
don't do that here.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Oct 21 19:43:25 UTC 2025 on atb-devel-224
Douglas Bagnall [Tue, 9 Sep 2025 01:36:16 +0000 (13:36 +1200)]
CVE-2025-10230: s4/tests: check that wins hook sanitizes names
An smb.conf can contain a 'wins hook' parameter, which names a script
to run when a WINS name is changed. The man page says
The second argument is the NetBIOS name. If the name is not a
legal name then the wins hook is not called. Legal names contain
only letters, digits, hyphens, underscores and periods.
but it turns out the legality check is not performed if the WINS
server in question is the source4 nbt one. It is not expected that
people will run this server, but they can. This is bad because the
name is passed unescaped into a shell command line, allowing command
injection.
For this test we don't care whether the WINS server is returning an
error code, just whether it is running the wins hook. The tests show
it often runs the hook it shouldn't, though some characters are
incidentally blocked because the name has to fit in a DN before it
gets to the hook, and DNs have a few syntactic restrictions (e.g.,
blocking '<', '>', and ';').
The source3 WINS server that is used by Samba when not run as a DC is
not affected and not here tested.
We don't really need "fsp" and "smb_fname_src" arguments anymore
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 21 18:35:59 UTC 2025 on atb-devel-224
With SMB_VFS_RENAME_STREAM and the src parent fsp and src relname
available, we can save a lot of string handling in
rename_internals_fsp(). Subsequent patches will remove a lot of code
that's no longer used after this patch.
Better look at the result than the patch for review.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
[MS-FSA] 2.1.5.15.12.1 Algorithm for Performing Stream Rename
is simpler and diffent enough from renaming a file or directory that I
believe a separate VFS operation is justified instead of tunneling it
through the renameat call. For example it's only possible to rename
streams within a file, so only one stream open fsp and a newname which
is guaranteed to be a stream name is necessary.
Add stub implementations to our streams modules, to be filled later.
Signed-off-by: Volker Lendecke <vl@samba.org>
vfs_streams_xattr: rename_streams Reviewed-by: Ralph Boehme <slow@samba.org>
Avoid calling parent_pathref() in hardlink_internals. All but one
callers have the required information anyway. Unfortunately the one
that does not have it is the SMB2 one. So for SMB2+ this is not a real
optimization, but in some distant future we might have a dirfsp
attached to every fsp, so this might at some point also solve itself.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
We call filename_convert_dirfsp() on the old name. Use the parsing
done there, we don't need to scan for a ":" in reply_ntrename() where
filename_convert_dirfsp() already does it.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
See the comment at the top of this patch for a description of the data
format.
The lowerlevel xattr_multi routines now take the raw stream name
instead of the xattr name because they have to build up the real xattr
name attached to the file themselves.
The patch is a bit larger than I would like it, but the mechanics in
the _multi() routines don't make sense in isolation, and the rest is
mostly handling the raw_stream_name instead of the xattr_name.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
projects / thirdparty / samba.git / log
