kdc-heimdal: avoid NULL dereference when task is NULL
kdc_post_fork() may be called with NULL task pointer leading to a
call of task_server_terminate() with NULL pointer, where it will
be dereferenced.
Add an explicit NULL check and instead of attempting to terminate
a NULL task, log the error and return.
Pair-Programmed-With: Timofei Fedotov <sovtouch@altlinux.org> Signed-off-by: Daniil Sarafannikov <sarafannikovda@sgu.ru> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Jun 19 08:22:25 UTC 2026 on atb-devel-224
Vinit Agnihotri [Thu, 13 Nov 2025 05:37:59 +0000 (11:07 +0530)]
docs-xml/manpages: Add man page for vfs_ceph_rgw
Document all module parameters.
Signed-off-by: Vinit Agnihotri <vagnihot@redhat.com> Reviewed-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Jun 18 15:58:55 UTC 2026 on atb-devel-224
Vinit Agnihotri [Thu, 26 Feb 2026 06:57:37 +0000 (12:27 +0530)]
vfs_ceph_rgw: Add renameat method
rgw object store treats dirname as a prefix.
Thus if a particular prefix is part object name for number of objects,
renaming prefix does not reflect for other objects.
Therefor librgw do not recommend renaming directories, thus this
changelist fails dir renaming attempts. Renaming files are also
prohibited due to basic rgw limitation. See inline comments for details.
Signed-off-by: Vinit Agnihotri <vagnihot@redhat.com> Reviewed-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Vinit Agnihotri [Mon, 12 Jan 2026 07:27:25 +0000 (12:57 +0530)]
vfs_ceph_rgw: Add opendir, closedir, rewinddir and readdir method
readdir handling:
- rgw_readdir2() returns maximum 1000 entries per call. We cachec 100
entries and supply entries from this cache, we maintain 'whence'.
- This 'whence' then act as an argument to subsequent readdir calls
that it can begin giving entries after 'whence'.
- In case of more than cached entries we call readdir only after upper
layer consumes all previous entries. This is done to keep max memory
usage fix regardless of number of entries and also ensure we respond in
timely manner.
Signed-off-by: Vinit Agnihotri <vagnihot@redhat.com> Reviewed-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Vinit Agnihotri [Mon, 5 Jan 2026 10:03:19 +0000 (15:33 +0530)]
vfs_ceph_rgw: Add fgetxattr method
rgw_getxattrs always returns EINVAL on failure and sets errno.
Therefore use errno to return correct error code. In case of return code
is EINVAL but errno is 0, we return ENODATA as error.
Signed-off-by: Vinit Agnihotri <vagnihot@redhat.com> Reviewed-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Vinit Agnihotri [Wed, 12 Nov 2025 12:09:54 +0000 (17:39 +0530)]
source3/wscript: Add new vfs module 'vfs_ceph_rgw'
Define new vfs module 'vfs_ceph_rgw' which serves as a handler for
hosting s3 bucket over object store defined by ceph-rgw.
This shall make use of librgw library to interface with s3 bucket
We checked for "ops == NULL" above, and we never change it.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Jun 17 09:33:52 UTC 2026 on atb-devel-224
Volker Lendecke [Thu, 11 Jun 2026 11:44:59 +0000 (13:44 +0200)]
spnego: Simplify removing SPNEGO from a mech_types list
This will enable removing the "skip" logic from gensec_security_oids()
and gensec_security_by_oid_list(). I find in particular the latter
function hard to follow, this patch will make it possible to slightly
simplify it.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Sun, 10 May 2026 07:59:36 +0000 (09:59 +0200)]
lib: Add ssaddr_str_buf()
I know, this is the next variant of printing an IP address. Added
because I was tired of switch-casing for inet_ntop. This flavor is
in line with the type-safety of dom_sid_str_buf().
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
s3:vfs_streams_xattr: Use dirfsp in streams_xattr_unlinkat()
Since commit 09f49fb56a4 ("smbd: Simplify delete_all_streams()"),
delete_all_streams() uses synthetic_smb_fname() instead of
synthetic_pathref(), passing a relative base_name to SMB_VFS_UNLINKAT()
that is relative to dirfsp, not the share root.
streams_xattr_unlinkat() creates a synthetic_pathref() for the base file
when fsp is NULL, but was using handle->conn->cwd_fsp (the share root)
instead of the passed dirfsp. This caused path resolution to fail for
files in subdirectories, leaving xattr streams intact after an OVERWRITE
or OVERWRITE_IF disposition.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 16 12:41:25 UTC 2026 on atb-devel-224
s3:smbd: Allow STREAM_INFORMATION query on alternate stream handles
according to MS-FSA querying for SMB_FILE_STREAM_INFORMATION on a stream is
valid and MS-FSA 2.1.5.12.29 FileStreamInformation tells us to return the streams
associated with the underlying File object:
s4:torture: Use torture_result() in check_stream_list() in smb2.streams
This change reveals a bug in the server: currently we do fail a getinfo request
SMB_FILE_STREAM_INFORMATION with NT_STATUS_INVALID_PARAMETER when issued on a
stream handle, but according to MS-FSA this is wrong, as "2.1.5.12.29
FileStreamInformation" just tells us to return the streams associated with the
underlying File object:
* For each Stream ThisStream of Open.File ...
The existing streams tests "io" and "create-disposition" make use of this
indirectly via the helper function check_stream_list(). As these tests didn't
check the return value from check_stream_list() and check_stream_list() doesn't
update the torture result state with a failure code, the tests were passing.
Mark these tests as knownfail until we've fixed the server code.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
The code below uses account[strlen(account)-1] but there is
no clear guarantees that account can not be empty string.
Add the check for non-emptiness of account and return error
code in case it is empty.
Pair-Programmed-With: Sergey Zhidkih <rx1513@altlinux.org> Signed-off-by: Daniil Sarafannikov <sarafannikovda@sgu.ru> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sat Jun 13 19:22:29 UTC 2026 on atb-devel-224
s3:tests: Fix argument checks in test shell scripts
Fix the argument count check to match the number of required
positional parameters.
Sample failure:
[595(5736)/3145 at 15m52s, 1 errors] samba3.blackbox.update_keytab(ad_member_idmap_nss:local)
source3/script/tests/test_update_keytab.sh: line 16: shift: 2: shift count out of range
Pair-Programmed-With: Anoop C S <anoopcs@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sat Jun 13 10:30:59 UTC 2026 on atb-devel-224
kshumikhina [Thu, 11 Jun 2026 14:23:08 +0000 (18:23 +0400)]
s4:torture: Fix NULL pointer dereference in lpcfg_set_cmdline
If orig_share is NULL, the program will jump to the done label, where the
lpcfg_set_cmdline function will be called without any checks; within that
function, no checks are performed either, and orig_share will be dereferenced.
Added a check if (orig_share != NULL) before calling lpcfg_set_cmdline
in the cleanup block.
Pair-Programmed-With: Dmitry Mikhalchenko <tascad@altlinux.org> Signed-off-by: Shumikhina Ksenia <shumikhinaka@sgu.ru> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Jun 13 09:25:05 UTC 2026 on atb-devel-224
nsswitch:tests: Use testit_grep to get error printed if cmd fails
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Jun 12 17:30:41 UTC 2026 on atb-devel-224
kshumikhina [Wed, 3 Jun 2026 21:50:52 +0000 (01:50 +0400)]
s3: fix NULL pointer dereference in tcopy_passwd via pw_gecos
If gecos, displayName, and cn attributes are all missing from the LDAP entry,
unix_pw.pw_gecos remains NULL. This causes a crash inside tcopy_passwd due
to a NULL pointer dereference.
Fix this by falling back to an empty string, matching the behavior of
pw_dir and pw_shell.
Pair-Programmed-With: Dmitry Mikhalchenko <tascad@altlinux.org> Signed-off-by: Shumikhina Ksenia <shumikhinaka@sgu.ru> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun 12 15:22:01 UTC 2026 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Jun 12 09:41:28 UTC 2026 on atb-devel-224
python: Catch UnsupportedAlgorithm in get_public_key()
cryptography.exceptions.UnsupportedAlgorithm is raised by
load_der_public_key() when the DER data references an unknown key OID,
which the test exercises with a bogus OID.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
libcli: Fix another stringop-overflow false positive
libcli/auth/netlogon_creds_cli.c: In function ‘netlogon_creds_cli_check_negotiate_caps’:
lib/replace/replace.h:850:24: error: ‘memset_explicit’ writing 16 bytes into a
region of size 8 overflows the destination [-Werror=stringop-overflow=]
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
In file included from source3/include/includes.h:23,
from source3/lib/dbwrap/dbwrap_watch.c:20:
source3/lib/dbwrap/dbwrap_watch.c: In function ‘dbwrap_watched_watch_remove_instance’:
lib/replace/replace.h:850:24: error: ‘memset_explicit’ writing 32 bytes into a
region of size 24 overflows the destination [-Werror=stringop-overflow=]
GCC 15's -Wstringop-overflow analysis of memset_explicit (via the ZERO_STRUCT
macro) tracks the pointer through the (char *) cast and misidentifies the
destination as the first member pid (24 bytes) rather than the enclosing struct
dbwrap_watcher (32 bytes). This is a GCC false positive.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Mon, 1 Jun 2026 12:05:28 +0000 (14:05 +0200)]
tsocket: Use direct struct initialization
Avoid a ZERO_STRUCTP
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jun 11 13:19:34 UTC 2026 on atb-devel-224
Volker Lendecke [Thu, 11 Jun 2026 08:51:40 +0000 (10:51 +0200)]
lib: Convert dos_PutUniCode() to use an externally visible fn
push_string_check() is a macro calling into push_string_check_fn(),
which calls directly into push_ucs2() if STR_UNICODE is set and
STR_ASCII is not set, which is the case in this calling site.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Shachar Sharon [Sun, 7 Jun 2026 07:26:14 +0000 (10:26 +0300)]
vfs_ceph_new: use proper 'name' in unlinkat
Commit 5cab6a9be79 ("vfs_ceph_new: Enhance logging for improved
debugging and code flow visibility") improved logging by using the
modern 'smb_fname_str_dbg' function. However, it also changed unlinkat
hook to use this debug-logging function for 'name'. Revert this specific
change.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Shweta Sodani <ssodani@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: John Mulligan <jmulligan@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Jun 11 06:37:38 UTC 2026 on atb-devel-224
Volker Lendecke [Fri, 5 Jun 2026 10:21:42 +0000 (12:21 +0200)]
libsmb: Fix dsgetdcname in cases where IPv6 addresses might be available
Previous code stored a struct NETLOGON_SAM_LOGON_RESPONSE_EX in
gencache for later retrieval. NETLOGON_SAM_LOGON_RESPONSE_EX can not
hold IPv6 addresses, so we had to replace it with "127.0.0.1". When
retrieving this later, we were using "127.0.0.1" as the DC address
that we were returning from dsgetdcname() via
dsgetdcname_cache_fetch(). This turns out to be not the right answer.
This changes dsgetdcname() to store the full struct
netr_DsRGetDCNameInfo that can hold IPv6 addresses. We also store it
under a different cache key including all function arguments, so that
existing cache entries can not mislead us.
This patch moves all cache handling to the main routine, which to me
makes it simpler to read.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jun 8 19:59:49 UTC 2026 on atb-devel-224
Volker Lendecke [Tue, 2 Jun 2026 10:47:39 +0000 (12:47 +0200)]
libsmb: Simplify dsgetdcname()
Using talloc_stackframe() is a common pattern in Samba for temporary
storage. Avoid the explicit "ptr_to_free" and replace it with a more
common pattern.
Also, the information that is stored "retry_query_with_null" is
available further down, use that directly.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 5 Jun 2026 09:37:55 +0000 (11:37 +0200)]
tests: Fix some wbinfo_lookuprids_cache flakyness
If the key contains spaces, the shell qouting through "testit" does
not work properly. Avoid having to fix that quoting by replacing
spaces with '\20'.
You can force it by setting the
my $samsid = "S-1-5-21-1-32-" . int(rand(4294967295));
in selftest/target/Samba3.pm.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jun 8 14:49:01 UTC 2026 on atb-devel-224
With claims and conditions, ACEs are no longer simple blobs, they
themselves are structures with talloc children. This means
talloc_memdup() is no longer sufficient to copy an ACE. Copy the whole
ACL via NDR.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=16095 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jun 8 11:47:54 UTC 2026 on atb-devel-224
shumikhinaka [Wed, 3 Jun 2026 21:31:45 +0000 (01:31 +0400)]
lib:printer_driver: Added pointer validation
If no comma is found, strchr_m will return NULL. p will be set to NULL, and
if (p) will not be executed. The variable p will remain set to NULL and will
be passed to the spoolss_driver_version_to_qword function.
If strchr_m returns NULL, the function immediately terminates and returns the
status NT_STATUS_INVALID_PARAMETER. This prevents invalid data from being
passed to subsequent functions.
Pair-Programmed-With: Dmitry Mikhalchenko <tascad@altlinux.org> Signed-off-by: Shumikhina Ksenia <shumikhinaka@sgu.ru> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jun 4 12:05:45 UTC 2026 on atb-devel-224
parse_ace() accepted strings like "ALLOWED123" as valid ACE
types because strncmp() compared only prefixes without
NULL terminators.
Switch to exact string comparison to ensure only valid
ACE type names are accepted.
Pair-Programmed-With: Dmitry Mikhalchenko <tascad@altlinux.org> Signed-off-by: Daniil Sarafannikov <sarafannikovda@sgu.ru> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Jun 3 08:26:04 UTC 2026 on atb-devel-224
printer_driver: fix incorrect processing of empty string
get_string_token() accessed s[strlen(s) - 1] without checking
for empty strings. If a configuration value is present but empty,
this results in an out-of-bound read.
Add explicit empty string check before accessing last character.
Pair-Programmed-With: Dmitry Mikhalchenko <tascad@altlinux.org> Signed-off-by: Daniil Sarafannikov <sarafannikovda@sgu.ru> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
generate_random_str_list_buf() fills the buffer with random bytes
using generate_secret_buffer(), but later uses the values as
char (possibly signed) when calculating the index into the
character list.
On platforms where char is signed, this may result in a negative
index and out-of-bounds read.
Cast buffer values to uint8_t before calculating modulo to ensure
the index is non-negative.
Pair-Programmed-With: Dmitry Mikhalchenko <tascad@altlinux.org> Signed-off-by: Daniil Sarafannikov <sarafannikovda@sgu.ru> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Thu, 9 Apr 2026 01:22:58 +0000 (13:22 +1200)]
s4:dsdb: count_attrs fix cast-align warning
data.dptr is allocated by malloc, so dptr will be correctly aligned.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Fri May 29 04:15:56 UTC 2026 on atb-devel-224
Gary Lockyer [Wed, 8 Apr 2026 22:33:39 +0000 (10:33 +1200)]
s4:lib:messaging:handlers fix cast-align warning
Have added asserts to check the alignment, as do_inject_build and do_sleep are
only enabled in developer and selftest builds.
The pointers sig_p and seconds_p where added for code readability, you can
dereference the result of discard_align_p directly i.e.
int sig = *discard_align_p(int, data->data);
but that's not immediately obvious
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Douglas Bagnall [Wed, 27 May 2026 22:38:52 +0000 (10:38 +1200)]
bootstrap: we don't use python3-requests
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 28 18:42:21 UTC 2026 on atb-devel-224
Douglas Bagnall [Wed, 27 May 2026 22:37:34 +0000 (10:37 +1200)]
tests:gpo: drop unused mock requests module
Since 4c2db6489be1364a8ce2841f7eedcd976fa1463b (for CVE-2026-3012)
gp_cert_auto_enroll_ext does not use the requests module, so for the
test we no longer need to intercept it using monkey patching.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
projects / thirdparty / samba.git / log
