Douglas Bagnall [Wed, 27 May 2026 22:38:52 +0000 (10:38 +1200)]
bootstrap: we don't use python3-requests
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 28 18:42:21 UTC 2026 on atb-devel-224
Douglas Bagnall [Wed, 27 May 2026 22:37:34 +0000 (10:37 +1200)]
tests:gpo: drop unused mock requests module
Since 4c2db6489be1364a8ce2841f7eedcd976fa1463b (for CVE-2026-3012)
gp_cert_auto_enroll_ext does not use the requests module, so for the
test we no longer need to intercept it using monkey patching.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Gary Lockyer [Wed, 15 Apr 2026 01:32:11 +0000 (13:32 +1200)]
s3:libsmb:cliquota fix tautological-compare
The wrapping of pointer arithmetic is undefined behaviour. Clang from version 20
onwards will treat an overflow check of the following form:
ptr + offset < ptr
as always evaluating to false
Gary Lockyer [Wed, 15 Apr 2026 00:35:24 +0000 (12:35 +1200)]
s3:utils:clirap2 fix tautological-compare
The wrapping of pointer arithmetic is undefined behaviour. Clang from version 20
onwards will treat an overflow check of the following form:
ptr + offset < ptr
as always evaluating to false
Gary Lockyer [Wed, 15 Apr 2026 00:33:08 +0000 (12:33 +1200)]
s3/torture/test_smb1_dfs fix tautological-compare
The wrapping of pointer arithmetic is undefined behaviour. Clang from version 20
onwards will treat an overflow check of the following form:
ptr + offset < ptr
as always evaluating to false.
Gary Lockyer [Tue, 14 Apr 2026 23:13:16 +0000 (11:13 +1200)]
libcli:auth:msrpc_parse fix tautological-compare
The wrapping of pointer arithmetic is undefined behaviour. Clang from version 20
onwards will treat an overflow check of the following form:
ptr + offset < ptr
as always evaluating to false
Gary Lockyer [Tue, 14 Apr 2026 22:58:15 +0000 (10:58 +1200)]
s3:libsmb:clilist fix tautological-compare
The wrapping of pointer arithmetic is undefined behaviour. Clang from version 20
onwards will treat an overflow check of the following form:
ptr + offset < ptr
as always evaluating to false.
Gary Lockyer [Tue, 26 May 2026 23:00:30 +0000 (11:00 +1200)]
lib:util add pointer overflow checks
The wrapping of pointer arithmetic is undefined behaviour. Clang from version
20 onwards will treat checks like:
ptr + offset < ptr
As always evaluating to true.
This commit adds the macros:
offset_outside_range
ptr_overflow
Douglas Bagnall [Fri, 13 Mar 2026 02:16:09 +0000 (15:16 +1300)]
ndr:witness: ensure notifyResponse messages have size
If the type is message unknown, we look to read messages as data blobs
but if there is no data remaining, the blob is empty and the ndr
offset does not advance. This result in a potentially very long loop
from a tiny packet, expanding into many empty blobs.
With this we require that a message absorbs at least some NDR bytes.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Thu May 28 00:33:53 UTC 2026 on atb-devel-224
Björn Jacke [Fri, 10 Apr 2026 15:38:16 +0000 (17:38 +0200)]
bootstrap: add support for Ubuntu 26.04 (resolute)
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed May 27 12:28:36 UTC 2026 on atb-devel-224
s4:dsdb: let samaccountname_bad_chars_check() use strstr_for_invalid_account_characters()
We don't need this logic twice...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed May 27 09:42:29 UTC 2026 on atb-devel-224
Actual implementation clears existing registry configuration when
no section is specified and then re-imports configuration from the
provided smb.conf format input file.
Update the documentation to reflect the current implementation
behavior.
Signed-off-by: Himanshu Mishra <hmishra@ddn.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue May 26 17:01:18 UTC 2026 on atb-devel-224
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 26 13:54:03 UTC 2026 on atb-devel-224
CVE-2026-4480: s3:printing: mask and/or single quote jobname passed as %J to "print command"
Fix an unauthenticated remote code execution vulnerability with
printing set to anything *but* cups and iprint, for example "lprng",
so that "print command" is executed upon job submission. If the
client-controlled job name is handed to the "print command" via %J,
rpcd_spoolssd passes this to the shell without escaping critical
characters.
Using single quotes (directly) around %J, '%J' would avoid the
problem, we now try to autodetect if we can use '%J' implicitly
or we fallback to a fixed "__CVE-2026-4480_FallbackJobname__"
string instead of the client provided jobname.
This is the basic helper function for the security problems.
talloc_string_sub_mixed_quoting() checks for strange quoting
in smb.conf options.
And talloc_string_sub_unsafe() tries to autodetect how the unsafe
(client controlled value) and masked and single quote it,
as a fallback for strange quoting a fixed fallback string
is used and the caller should warn the admin and give
hints how to fix the configuration.
CVE-2026-4480/CVE-2026-4408: s3:lib: let realloc_string_sub2() use realloc_string_sub_raw()
We don't need this logic more than once!
But we leave the strange calling convention of
realloc_string_sub2(), where the caller it
not allowed to use the passed pointer when
NULL is returned...
Douglas Bagnall [Fri, 27 Feb 2026 01:46:04 +0000 (14:46 +1300)]
CVE-2026-3012: gpo tests should use real certificates
Or at least, more real than a short arbitrary byte string, so that
the certificates can be parsed.
This shows that certificate enrolment works via LDAP in the situations
where we would have fetched them via HTTP.
This does not fix the advanced_gp_cert_auto_enroll_ext test which
wants to install certificates it has no access too. This will not be
fixed in the security release.
Douglas Bagnall [Thu, 26 Feb 2026 01:21:01 +0000 (14:21 +1300)]
CVE-2026-3012: gp_auto_enrol: skip CAs not found in LDAP
If a certificate is mentioned in a GPO but is not present as a
cACertificate attribute on a pKIEnrollmentService object, we have no way
of obtaining it, so we might as well forget it.
Douglas Bagnall [Sun, 22 Feb 2026 22:01:57 +0000 (11:01 +1300)]
CVE-2026-3012: do not fetch certificate over http
In the case where a certificate was found via HTTP, it was trusted
without verification and put in the global CA store.
There is no means to check the certificate other than by comparing it
to certificates we may have gathered via LDAP, but in that case there
is no advantage over just using the LDAP-derived certificates.
Using the LDAP certificates was already the fallback case if HTTP
failed, so we just make it the default.
The HTTP fetch depends on the NDES service, which is a variant of
Simple Certificate Enrolment Protocol (SCEP, RFC8894), but in fact
Samba implements none of that protocol other than the HTTP fetch. SCEP
is for clients that are not true domain members. Domain members can
access to certificates over LDAP. This patch is not reducing SCEP
client support because Samba never had it.
Reported-by: Arad Inbar, DREAM Security Research Team Reported-by: Nir Somech, DREAM Security Research Team Reported-by: Ben Grinberg, DREAM Security Research Team Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Douglas Bagnall [Thu, 26 Feb 2026 22:30:40 +0000 (11:30 +1300)]
CVE-2026-3012: gpo tests: fix test cleanup
These tests are going to fail soon but as currently written they do
not clean up after themselves, erroring instead of failing and causing
cascading errors in subsequent tests. For now we don't care to make
the other tests less fragile.
Pavel Kohout [Fri, 13 Feb 2026 02:51:41 +0000 (15:51 +1300)]
CVE-2026-2340: vfs_worm: Check destination WORM status in rename
vfs_worm_renameat() only checked if the source file was WORM-protected,
but not the destination. This allowed overwriting immutable files via
SMB2 rename with ReplaceIfExists=1, bypassing WORM protection.
Add destination check using FSTATAT on the destination dirfsp, as
suggested by the maintainer.
CWE-284 (Improper Access Control)
Reported-by: Pavel Kohout, Aisle Research, www.aisle.com
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15997
Signed-off-by: Pavel Kohout <pavel.kohout@aisle.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
CVE-2026-1933: smbd: Add access checks to reparse point operations
On a share marked "read only = yes" and on file handles opened R/O
users can set or delete the reparse point xattrs on files that the
user has write-access in the file system for. Add the required access
checks.
Thanks to Asim Viladi Oglu Manizada for reporting the issue.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 21 18:27:37 UTC 2026 on atb-devel-224
C26: add explicit casts where const must be stripped for mutation
For cases where code intentionally writes through a pointer returned by
strchr/strrchr/strstr, add explicit discard_const_p casts or adjust variable
types to non-const to make the mutability intent clear.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
C26: refactor to avoid modifying data via const pointer
Refactor code that assigns to a struct member, then calls strchr/strrchr on it
for in-place modification. Use a local mutable variable for modification, then
assign the final result to the struct member.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Use C99 static array size in function parameters (e.g. uint8_t buf[static 516])
to document minimum array size requirements and enable compiler diagnostics.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
C26: use strchr_m/strrchr_m/strstr_m for multibyte-safe search
Replace strchr/strrchr/strstr with their multibyte-aware
Samba equivalents where appropriate. These wrappers return
char * regardless of input constness.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
charset: make strchr_m/strrchr_m/strstr_m const-correct via C11 _Generic
Since glibc-2.43 and C23, strchr/strrchr/strstr use _Generic macros to
return const char * when given const char * input. This caused build
failures in strchr_m and strrchr_m whose fast-path returns passed the
const char * result through as char *:
lib/util/charset/util_str.c:370: error: return discards 'const'
qualifier from pointer target type [-Werror=discarded-qualifiers]
Rather than wrapping the returns in discard_const_p (which the project
discourages adding more of), fix the API properly: rename the
implementations to strchr_m_const/strrchr_m_const/strstr_m_const
returning const char *, and expose C11 _Generic macros under the
original names. The macros preserve the caller's const qualification:
char * input yields char *, const char * input yields const char *.
This matches C23 strchr semantics and requires no changes at call sites.
libcli:auth: fix BURN_DATA_SIZE on array-decayed pointer parameter
_encode_pwd_buffer_from_str() declares `buf` as uint8_t buf[N],
which decays to a pointer. BURN_DATA_SIZE(buf, N) expands to
memset_explicit(&buf, 0, N), taking the address of the pointer
variable (8 bytes) rather than the buffer itself, triggering a
GCC -Wstringop-overflow error.
Gary Lockyer [Tue, 19 May 2026 22:18:43 +0000 (10:18 +1200)]
build: clang 23 enable unused-but-set-global
All the offending code has been fixed so re-enable the warning as an error.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu May 21 08:18:46 UTC 2026 on atb-devel-224
Gary Lockyer [Tue, 19 May 2026 22:16:14 +0000 (10:16 +1200)]
s3:torture:torture remove unread global got_alarm
Removed as it was declared and updated, but never read. This triggers the
clang 23 warning unused-but-set-global
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Tue, 19 May 2026 22:11:13 +0000 (10:11 +1200)]
lib:talloc:testsuite remove unread global test_abort_stop
Removed as it was declared and updated, but never read. This triggers the
clang 23 warning unused-but-set-global
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Tue, 19 May 2026 21:58:56 +0000 (09:58 +1200)]
s4:torture:raw:offline remove unread global num_connected
Removed as it was declared and updated, but never read. This triggers the
clang 23 warning unused-but-set-global
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Tue, 19 May 2026 21:26:15 +0000 (09:26 +1200)]
s4:torture:util_smb remove unread global procnum
Removed as as it was declared and updated, but never read. This triggers the
clang 23 warning unused-but-set-global
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Tue, 19 May 2026 21:25:15 +0000 (09:25 +1200)]
s4:torture:util_smb fix trailing white space
Fix trailing white space issues
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Tue, 19 May 2026 21:19:09 +0000 (09:19 +1200)]
tdb:tools:tdbtool remove unread global total_bytes
Removed as as it was declared and updated, but never read. This triggers the
clang 23 warning unused-but-set-global
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Tue, 19 May 2026 04:47:05 +0000 (16:47 +1200)]
build: Allow developer builds with clang 23
Disable the unused-but-set-global warning to allow samba to be compiled with
clang 23
Subsequent commits will fix the offending code.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
s3/smb_prometheus_endpoint: single function to export profile stats
Avoid duplicated defines: use 'export_profile_stats' to export both
global profile counters and per-share counters.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu May 21 06:41:46 UTC 2026 on atb-devel-224
Using multiple sections defines (both SMBPROFILE_STATS_ALL_SECTIONS
and SMBPROFILE_STATS_PERSVC_SECTIONS) creates maintenance burden with
no real benefit. Use only single definition with the penalty of emitting
all zeros on unused fields in the case of persvc profile.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The function `smbprofile_persvc_unref` may be called by smb2_service.c
due to `on_err_call_profile_unref`. In such case, need to protect from
possible negative refcnt of persvc entry.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Set proper level value, within valid range [0,2], for MSG_PROFILELEVEL.
Fixes a bug in existing code where return 'level' my be in non-valid
values 3 or 7.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Anoop C S [Tue, 19 May 2026 10:47:56 +0000 (16:17 +0530)]
source4/librpc: Add NULL check in dcerpc_secondary_auth_connection()
When dcerpc_secondary_auth_connection_send() fails, it returns NULL.
The NULL pointer is passed to dcerpc_secondary_auth_connection_recv()
which dereferences it without checking, causing a NULL pointer
dereference.
Add NULL check before calling the recv function and return
NT_STATUS_NO_MEMORY.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu May 21 03:24:09 UTC 2026 on atb-devel-224
Anoop C S [Tue, 19 May 2026 10:43:40 +0000 (16:13 +0530)]
source4/dsdb: Fix NULL dereference in attribute_list_from_class()
When dsdb_class_by_lDAPDisplayName_ldb_val() returns NULL due
to a missing class in the schema, the result is passed to
attribute_list_from_class() without validation. The function
immediately dereferences sclass when calling dsdb_attribute_list(),
causing a NULL pointer dereference.
Add NULL check at the entry of attribute_list_from_class() and return
NULL for missing schema classes.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Tue, 19 May 2026 10:38:02 +0000 (16:08 +0530)]
source4/dsdb: Fix NULL dereference in vlv_results()
When vlv_search_by_dn_guid() returns an error other than
LDB_SUCCESS, the result pointer remains uninitialized. The
subsequent condition uses OR logic that only guards result->count
when ret equals LDAP_NO_SUCH_OBJECT. For any other error code,
result remains NULL and is dereferenced, causing a NULL pointer
dereference.
Fix by reorganizing the if condition to ensure the dereferencing
statement only executes when LDB_SUCCESS is returned.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Tue, 19 May 2026 10:31:55 +0000 (16:01 +0530)]
source4/dsdb: Fix NULL dereference in log_membership_changes()
When get_parsed_dns() fails due to OOM, it returns NULL. Without
checking for NULL before the comparison loop, old_val and new_val
are dereferenced causing a NULL pointer dereference.
Add explicit NULL guards after both get_parsed_dns() calls and return
early if either fails when the corresponding element has values.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Wed, 13 May 2026 08:37:49 +0000 (14:07 +0530)]
source3/smbd: Fix NULL dereference in smbXsrv_open_cleanup_fn()
If smbXsrv_open_global_parse_record() fails, global remains NULL. The
do_delete path then attempts to dereference it, causing a crash. Add a
NULL check before accessing global->client_guid and global->create_guid.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Tue, 19 May 2026 10:07:28 +0000 (15:37 +0530)]
source3/passdb: Fix NULL dereference in _lsa_LookupSids()
When lookup_sids() returns NT_STATUS_NONE_MAPPED but exits early without
populating the names array, the subsequent dereference of names causes a
NULL pointer dereference.
Return an appropriate error status that allows existing error handling
to catch this case before the NULL dereference occurs.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Wed, 13 May 2026 08:20:40 +0000 (13:50 +0530)]
source3/passdb: Add NULL check in pdb_samba_dsdb_update_sam_account()
pdb_samba_dsdb_get_samu_private() can return NULL on memory allocation or
database query failures. Add an explicit NULL check to prevent dereference
and return an error status early.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Wed, 13 May 2026 08:44:38 +0000 (14:14 +0530)]
vfs_fruit: Fix uninitialized variable in fruit_fstatat_meta()
The variable smb_relname is used uninitialized in fruit_fstatat_meta().
This appears to be a copy-paste error where _smb_relname (the function
parameter) should have been used instead.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Wed, 13 May 2026 06:25:06 +0000 (11:55 +0530)]
source3/adouble: Assert fsp is not NULL in ad_fget()
The DBG_DEBUG() in ad_open() dereferences smb_fname, which can be NULL
when ad_fget() calls ad_get_internal(). Add an SMB_ASSERT() guard in
ad_fget() to catch this early.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Björn Baumbach <bb@sernet.de>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Tue May 12 11:19:12 UTC 2026 on atb-devel-224
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon May 11 21:24:02 UTC 2026 on atb-devel-224
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Bjoern Jacke <bjacke@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Sun May 10 23:22:27 UTC 2026 on atb-devel-224
s3:winbindd: ignore unsupported anonymous smb sessions for AD trusts
This is handles the cases where a DC has
'Require NTLMv2 session security' activated which
disables anonymous NTLMSSP and let the server return
NT_STATUS_NOT_SUPPORTED.
Similar problems happen with a Samba DC that
uses 'restrict anonymous = 2' and the
tcon to ipc$ fails with NT_STATUS_ACCESS_DENIED.
For active directory related trusts we only use
ncacn_ip_tcp (or ncalrpc), so there's no need for
a valid smb connection.
Historically it very hard to restructure the code
in order to only connect smb for ncacn_np, so
this is more a hack to let us work in real world
scenarios.
s3:winbind: fix response array leak on error paths
Free map_ids_out.ids unconditionally when it differs from
map_ids_in.ids, not only on success.
Signed-off-by: Shweta Sodani <ssodani@redhat.com> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sat May 9 11:51:32 UTC 2026 on atb-devel-224
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Vinit Agnihotri <vagnihot@redhat.com> Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed May 6 05:28:48 UTC 2026 on atb-devel-224
Shachar Sharon [Tue, 5 May 2026 10:04:22 +0000 (13:04 +0300)]
ctdb-server: Fix use-after-free bug
When 'rev_hdl->fde' is NULL due to failure in tevent_add_fd bail-out
with free-and-error in order to avoid pointer dereferencing 'rev_hdl'
after it is freed.
A failure to tevent_wakeup_recv(subreq) should trigger oom call on 'req'
(instead on 'subreq', which has already been free).
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Noel Power <npower@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sat May 2 14:51:58 UTC 2026 on atb-devel-224
libcli/dns: Add TCP parallel fallback after 1 second UDP timeout
Comes with refactoring: Add EDNS0 only to the UDP request, try TCP on
any UDP failure. This patch should probably be split up into several
micro-commits, but the code is very simply structured, so I'd propose
to put this in as is. For review, just look at the final code :-)
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr 29 17:40:38 UTC 2026 on atb-devel-224
projects / thirdparty / samba.git / log
