Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Sep 9 13:50:00 UTC 2025 on atb-devel-224
Cause: recycle_do_touch() fails since the path ".deleted/administrator/./file"
contains a dot '.' - openat_pathref_fsp_nosymlink() loops over all
components and fails if there is a dot:
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Nov 4 11:38:52 UTC 2025 on atb-devel-224
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5124acec34c20391cdfeb9d9005365047b7d7eee)
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 498984cf346630c17169dbdb13a232854309f6a8)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Oct 20 10:59:03 UTC 2025 on atb-devel-224
in a Spotlight query produces the following log message:
map_fts: Mapping fts [757378800] unexpected op [~]
However, when
elasticsearch:ignore unknown attribute = yes
is set, the parser will ignore the failed expression and continue
parsing given the expression is part of a larger expression like
"subexpression1 OR subexpression2". Avoid spamming the log and reduce
the loglevel when we hit this case.
Martin Schwenke [Thu, 16 Oct 2025 02:54:22 +0000 (13:54 +1100)]
ctdb-scripts: Avoid failing updateip when IP is not assigned
There is no use failing this when it could behave more like takeip.
Use old interface of "__none__" as a hint that ctdbd doesn't think the
IP is assigned either. In this case print a warning instead of an
error. Take some care to avoid spurious errors in updateip.
After commit 0536d7a98b832fc00d26b09c26bf14fb63dbf5fb (which improves
IP address state checking), this will almost certainly not occur on
platforms with getifaddrs(3) (e.g. Linux). This means it is only
likely to occur in 4.21 when net.ipv4.ip_nonlocal_bind=1.
Reported-by: Bailey Allison <ballison@45drives.com> Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Oct 17 06:28:30 UTC 2025 on atb-devel-224
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
(cherry picked from commit 01d3d25c0139a3dd49a2322a9416698d08733377)
Martin Schwenke [Wed, 15 Oct 2025 23:42:22 +0000 (10:42 +1100)]
ctdb-tests: Add an event script unit test for updateip
This illustrates the current failure where an unassigned public IP
address causes updateip to fail.
After commit 0536d7a98b832fc00d26b09c26bf14fb63dbf5fb (which improves
IP address state checking), this will almost certainly not occur on
platforms with getifaddrs(3) (e.g. Linux). This means it is only
likely to occur in 4.21 when net.ipv4.ip_nonlocal_bind=1.
Reported-by: Bailey Allison <ballison@45drives.com> Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
(cherry picked from commit a98ffb96efc4a9ea2110c654860a4ba3896ab3d5)
Martin Schwenke [Wed, 15 Oct 2025 21:17:44 +0000 (08:17 +1100)]
ctdb-daemon: Fix a crash due to a failed updateip
This should really be a takeip. However, CTDB's weak check of the IP
address state (using bind(2)) incorrectly indicates that the IP
address is assigned to an interface so it is converted to an updateip.
After commit 0536d7a98b832fc00d26b09c26bf14fb63dbf5fb (which improves
IP address state checking), this will almost certainly not occur on
platforms with getifaddrs(3) (e.g. Linux). This means it is only
likely to occur in 4.21 when net.ipv4.ip_nonlocal_bind=1.
Reported-by: Bailey Allison <ballison@45drives.com> Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
(cherry picked from commit d08f9ebd2755671d30c73a4e979029d353848828)
Ralph Boehme [Sat, 27 Sep 2025 11:01:32 +0000 (13:01 +0200)]
smbtorture: add test "smb2.lease.lease-epoch"
Verifies the lease epoch is not incremented by the server (returns what the
client sent in the request) if a lease was not granted ie lease_level=NONE.
Test passes against Windows 2025.
From MS-SMB2 3.3.5.9.11 "Handling the SMB2_CREATE_REQUEST_LEASE_V2 Create
Context":
If the object store succeeds this request, Lease.LeaseState MUST be set to the
new caching state. The server MUST increment Lease.Epoch by 1.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
(backported from commit a112978ed1240c399eb90e4472d5c43d867c49d9)
[slow@samba.org: conflict due to option veto_localized present only in master]
Ralph Boehme [Thu, 18 Sep 2025 18:35:22 +0000 (20:35 +0200)]
smbd: hang directory pattern matching case sensitivity on the pathname
For the SMB3 POSIX client both posix_open=true and (fsp->fsp_name->flags &
SMB_FILENAME_POSIX_PATH) will always be the case, so this is no change in
behaviour for that case.
However, for the macOS client fruit will carefully setup both flags as
posix_open=true but SMB_FILENAME_POSIX_PATH will not be set.
This is a deliberate hack to give the macOS client POSIX behaviour for some
operations, but not for others, while also allowing the POSIX-ified macOS client
to continue to get case insensitive behavour.
Ralph Boehme [Thu, 18 Sep 2025 21:44:34 +0000 (23:44 +0200)]
smbd: hang posix brl per-handle check on the pathname
For the SMB3 POSIX client both posix_open=true and (fsp->fsp_name->flags &
SMB_FILENAME_POSIX_PATH) will always be the case, so this is no change in
behaviour for that case.
However, for the macOS client fruit will carefully setup both flags as
posix_open=true but SMB_FILENAME_POSIX_PATH will not be set.
This is a deliberate hack to give the macOS client POSIX behaviour for some
operations, but not for others, while also allowing the POSIX-ified macOS client
to continue to get case insensitive behavour.
Tags alls opens as POSIX by setting fsp_flags.posix_open to true.
POSIX handles have different behaviour compared to Windows:
Behaviour | POSIX | Windows | macOS |fruit:posix_opens = yes
-----------------------------------+------------+----------------------------------------
Deleting files with open handles | yes | no | yes | yes
Moving directories with open files | yes | no | yes | yes
Byterange locks behaviour | POSIX-ish | Window-ish | POSIX-ish | POSIX-ish
Sticky writetime | no | yes | no | no
Case sensitive | no | yes | yes | yes
Streams allowed | no | yes | yes | yes
macOS follows POSIX for the first four, but needs case insensitive behaviour
and needs streams.
By carefully setting fsp_flags.posix_open to true *after* going through the path
resolution logic, but before opens are added to locking.tdb, with
"fruit:posix_opens = yes" we get closest to macOS semantics.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
(backported from commit e86f0c2de80e2409bfe3fc12df24e94470988e3c)
[slow@samba.org: conflict due to optino veto_localized only present in master]
This commit fixes a situation in which vfs_streams_xattr could
write unitialized memory into alternate data streams if the
user writes to an offset that is beyond the current end of file
to insert a hole in it.
Douglas Bagnall [Wed, 3 Sep 2025 02:20:24 +0000 (14:20 +1200)]
CVE-2025-10230: s4:wins: restrict names fed to shell
If the "wins hook" smb.conf parameter is set, the WINS server will
attempt to execute that value in a shell command line when a client
asks to modify a name. The WINS system is a trusting one, and clients
can claim any NETBIOS name they wish.
With the source3 nmbd WINS server (since the 1999 commit now called 3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7) the wins hook will not be
run for names that contain shell metacharacters. This restriction has
not been present on the source4 nbt WINS server, which is the WINS
server that will be used in the event that an Active Directory Domain
Controller is also running WINS.
This allowed an unauthenticated client to execute arbitrary commands
on the server.
This commit brings the nmbd check into the nbt WINS server, so that
the wins hook will only be run for names that contain only letters,
digits, hyphens, underscores and periods. This matches the behaviour
described in the smb.conf man page.
The source3 nmbd WINS server has another layer of protection, in that
it uses the smb_run() exec wrapper that tries to escape arguments. We
don't do that here.
Douglas Bagnall [Tue, 9 Sep 2025 01:36:16 +0000 (13:36 +1200)]
CVE-2025-10230: s4/tests: check that wins hook sanitizes names
An smb.conf can contain a 'wins hook' parameter, which names a script
to run when a WINS name is changed. The man page says
The second argument is the NetBIOS name. If the name is not a
legal name then the wins hook is not called. Legal names contain
only letters, digits, hyphens, underscores and periods.
but it turns out the legality check is not performed if the WINS
server in question is the source4 nbt one. It is not expected that
people will run this server, but they can. This is bad because the
name is passed unescaped into a shell command line, allowing command
injection.
For this test we don't care whether the WINS server is returning an
error code, just whether it is running the wins hook. The tests show
it often runs the hook it shouldn't, though some characters are
incidentally blocked because the name has to fit in a DN before it
gets to the hook, and DNs have a few syntactic restrictions (e.g.,
blocking '<', '>', and ';').
The source3 WINS server that is used by Samba when not run as a DC is
not affected and not here tested.
Martin Schwenke [Fri, 15 Aug 2025 05:01:58 +0000 (15:01 +1000)]
ctdb-common: Only respect CTDB_SOCKET in CTDB_TEST_MODE
At the moment CTDB_SOCKET can be used outside of test mode even though
nobody should do this. So, no longer allow this.
This means ensuring CTDB_TEST_MODE is set in the in the
"clusteredmember" selftest environment, so that CTDB_SOCKET is
respected there..
Details...
The associated use of chown(2) and chmod(2), used to secure the socket
in ctdb_daemon.c:ux_socket_bind(), potentially enables a symlink race
attack. However, the chown(2) is currently not done in test mode, so
restricting the use of CTDB_SOCKET to test mode solves the potential
security issue.
Also, sprinkle warnings about use of CTDB_TEST_MODE in appropriate
places, just to attempt to limit unwanted behaviour.
An alternative could be to use the socket file descriptor with
fchown(2) and fchmod(2). However, these system calls are not well
defined on sockets. Still, this was previously done in CTDB's early
days (using the poorly documented method where they are allowed in
Linux (only?) before calling bind(2)). It was removed (due to
portability issues, via commits cf1056df94943ddcc3d547d4533b4bc04f57f265 and 2da3fe1b175a468fdff4aa4f65627facd2c28394) and replaced with the
current post-bind chown(2) and chmod(2).
I would like to remove the CTDB_SOCKET environment variable entirely,
since setting CTDB_TEST_MODE and CTDB_BASE covers all reasonable test
environments. However, I have a feeling that people use it for
interactive testing, and that can still be done in CTDB_TEST_MODE.
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sat Sep 20 06:49:37 UTC 2025 on atb-devel-224
vfs_ceph_new: dont use ceph_ll_nonblocking_readv_writev for fsync_send
Commit 4ae922413844 ("vfs_ceph_new: use libcephfs nonblocking API for
async-io ops") uses ceph_ll_nonblocking_readv_writev for fsync_send.
However, the actual behaviour of libcephfs when using this API with
'fsync=true' is not async-fsync, as one may assume. Instead,
vfs_ceph_new should use a nonblocking fsync API[1], once it is ready.
Removed the usage of ceph_ll_nonblocking_readv_writev for fsync.
../../ctdb/utils/pmda/pmda_ctdb.c:52:9: warning: 'pmdaResult' redefined
52 | #define pmdaResult pmResult
| ^~~~~~~~~~
In file included from ../../ctdb/utils/pmda/pmda_ctdb.c:35:
/usr/include/pcp/pmda.h:30:9: note: this is the location of the previous definition
30 | #define pmdaResult pmResult_v2
| ^~~~~~~~~~
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sat Sep 13 08:12:42 UTC 2025 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Sep 11 17:05:00 UTC 2025 on atb-devel-224
gh-135034: Normalize link targets in tarfile, add `os.path.realpath(strict='allow_missing')` (#135037)
Addresses CVEs 2024-12718, 2025-4138, 2025-4330, and 2025-4517.
Signed-off-by: Łukasz Langa <lukasz@langa.pl> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Co-authored-by: Petr Viktorin <encukou@gmail.com> Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
our ../../ test that looks for a tarfile.OutsideDestinationError now
meets a NotADirectoryError in recent Python versions (this from 3.13,
Fedora 42):
UNEXPECTED(error): samba.tests.safe_tarfile.samba.tests.safe_tarfile.SafeTarFileTestCase.test_dots(none)
REASON: Exception: Exception: Traceback (most recent call last):
File "/tmp/samba-testbase/b1/samba-o3/bin/python/samba/tests/safe_tarfile.py", line 48, in test_dots
self.assertRaises(tarfile.OutsideDestinationError,
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
stf.extractall,
^^^^^^^^^^^^^^^
tarname)
^^^^^^^^
File "/usr/lib64/python3.13/unittest/case.py", line 795, in assertRaises
return context.handle('assertRaises', args, kwargs)
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/unittest/case.py", line 238, in handle
callable_obj(*args, **kwargs)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/tarfile.py", line 2343, in extractall
tarinfo, unfiltered = self._get_extract_tarinfo(
~~~~~~~~~~~~~~~~~~~~~~~~~^
member, filter_function, path)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/tarfile.py", line 2432, in _get_extract_tarinfo
self._handle_fatal_error(e)
~~~~~~~~~~~~~~~~~~~~~~~~^^^
File "/usr/lib64/python3.13/tarfile.py", line 2430, in _get_extract_tarinfo
filtered = filter_function(unfiltered, path)
File "/usr/lib64/python3.13/tarfile.py", line 842, in tar_filter
new_attrs = _get_filtered_attrs(member, dest_path, False)
File "/usr/lib64/python3.13/tarfile.py", line 783, in _get_filtered_attrs
target_path = os.path.realpath(os.path.join(dest_path, name),
strict=os.path.ALLOW_MISSING)
File "<frozen posixpath>", line 457, in realpath
NotADirectoryError: [Errno 20] Not a directory: '/tmp/samba-testbase/b1/samba-o3/bin/ab/tmp/tmpbn6e69ci/tar.tar'
In this commit, we say that a NotADirectoryError is OK.
When we started safe_tarfile we were acting in advance of upstream
Python, but now they are well ahead of us. If we trust their work in
recent versions and accept the error conditions they choose, we can
more easily get rid of our safe_tarfile when the time is right.
For the moment we still support as far back as Python 3.6 for some old
enterprise distros, and it is for those that we continue to maintain
safe_tarfile. In versions before 3.11 we will see
tarfile.ExtractError, and the test for that is unaffected by this
change.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 7a5b22e4221ea2a0960a26cf79339168f0899d0c)
Autobuild-User(v4-23-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-23-test): Thu Sep 11 10:18:00 UTC 2025 on atb-devel-224
selftest: Do not use wrappers for samba.tests.docs
We will run into issues with Python 3.14 passing sockets for
concurrently running tasks.
https://bugzilla.samba.org/show_bug.cgi?id=15910
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Sep 10 19:21:55 UTC 2025 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Pair-Programmed-With: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Fri Sep 5 13:38:33 UTC 2025 on atb-devel-224
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 36f6ac547c09f492d1dcab11570e8bcbd377cf26)
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 5d2f60ae5aa96751b74901ae5384291ef338b152)
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Sep 8 04:47:37 UTC 2025 on atb-devel-224
GSS-Proxy stores its credential in encrypted form in the Kerberos ccache
with a start and end time of 0 and a server principal in the realm named
'X-GSSPROXY:'. This credential is accessed through GSS-Proxy interposer
mechanism in MIT Kerberos and cannot be analysed with raw krb5 API.
As MIT Kerberos has no krb5_cc_get_lifetime() implementation, add check
for the GSS-Proxy credential to smb_krb5_cc_get_lifetime() wrapper to
return KRB5_PLUGIN_NO_HANDLE. The two places where
smb_krb5_cc_get_lifetime() is used then handle this return code to avoid
deciding on the 'expired' lifetime to cause a kinit.
This fixes FreeIPA use case where an IPA API endpoint uses Samba Python
bindings with a GSS-Proxy-controlled credential cache.
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Sep 3 10:15:50 UTC 2025 on atb-devel-224
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 26 22:00:26 UTC 2025 on atb-devel-224
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 49e179963f56e749dac4e20284dc567e382ccdb2)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 6116bc64961fb2330df5ff4256b4ef75dca08cf0)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Mon Aug 25 12:08:22 UTC 2025 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 5879410caf9303a378f3d90365e60928a735e65a)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit e848671f34f969634d55eb7b846d70e6334034ae)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit f86739e3abd63ba0b7ba632d796968fec9fa2f8f)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 34482f4ad014a09c84b484097a8d03dfec4f6512)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 705db6c8b295f65f40b7dcd0d5dc0f6db901c8d7)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 67c2feba290764c62ab01602d5bc9d4d122c2c12)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 4f8ff3a567d6318c71b0960345592224721c9594)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit e5608cdb2e5a7ef2641ec0e7b0ce0b4640a02ce1)
Gary Lockyer [Thu, 14 Aug 2025 21:38:07 +0000 (09:38 +1200)]
third_party:quic_ko_wrapper Fix compilation with clang-20
Rework the code to remove the non portable variable length array in the union.
Based on the code in wrap_msghdr_add_cmsghdr().
NOTE: this removes the 64 bit alignment, which I think should be ok.
./../third_party/quic_ko_wrapper/quic_ko_wrapper.c:3523:11: error:
fields must have a constant size: 'variable length array in structure'
extension will never be supported
3523 | uint8_t cmbuf[cmspace];
| ^
1 error generated.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Wed Aug 20 15:04:34 UTC 2025 on atb-devel-224
Gary Lockyer [Thu, 14 Aug 2025 21:33:24 +0000 (09:33 +1200)]
third_party:quic Fix compilation with clang-20
Add -Wno-error=format-nonliteral so that quic builds with clang 20
../../third_party/quic/libquic/handshake.c:106:35: error:
format string is not a string literal [-Werror,-Wformat-nonliteral]
106 | rc = vsnprintf(msg, sizeof(msg), fmt, arg);
| ^~~
../../third_party/quic/libquic/handshake.c:135:35: error:
format string is not a string literal [-Werror,-Wformat-nonliteral]
135 | rc = vsnprintf(msg, sizeof(msg), fmt, arg);
| ^~~
../../third_party/quic/libquic/handshake.c:164:35: error:
format string is not a string literal [-Werror,-Wformat-nonliteral]
164 | rc = vsnprintf(msg, sizeof(msg), fmt, arg);
| ^~~
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit de7932ea8d12348208f50f7b050b826d236ea597)
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 149933854f39b4628b14abc5dcd57e73e2a0a637)
Ralph Boehme [Thu, 24 Jul 2025 10:59:30 +0000 (12:59 +0200)]
libads: change netlogon_pings() behaviour wrt to min_servers parameter
Currently if a caller passes min_servers=X with X>1, netlogon_pings() will fail
if it can't contact X DCs. This is not really what we want. What we want is: we
want at least one DC, and up to X.
Change implemenentation in that sense and rename the min_servers argument to
wanted_servers to express this behaviour change.
Ralph Boehme [Thu, 24 Jul 2025 13:49:19 +0000 (15:49 +0200)]
idmap_ad: add and use ldap_timeout and fix LDAP server failover
The key parts are:
1. If an LDAP search fails with the hardcoded fatal error, remove the
retry. That would only retry the query against the same server, taken
from the DCINFO cache key. Instead, force a DC rediscovery.
2. Set a default ldap_timeout and pass it to tldap_search(). This
avoids tldap_search() hanging forever on a stale TCP connection.
3. The LDAP server idmap_ad is using is not necessarily the same DC
we're using for RPC, so in case we learn about a dead DC, put it in
the negative-conn-cache.
projects / thirdparty / samba.git / log
