charset: make strchr_m/strrchr_m/strstr_m const-correct via C11 _Generic
Since glibc-2.43 and C23, strchr/strrchr/strstr use _Generic macros to
return const char * when given const char * input. This caused build
failures in strchr_m and strrchr_m whose fast-path returns passed the
const char * result through as char *:
lib/util/charset/util_str.c:370: error: return discards 'const'
qualifier from pointer target type [-Werror=discarded-qualifiers]
Rather than wrapping the returns in discard_const_p (which the project
discourages adding more of), fix the API properly: rename the
implementations to strchr_m_const/strrchr_m_const/strstr_m_const
returning const char *, and expose C11 _Generic macros under the
original names. The macros preserve the caller's const qualification:
char * input yields char *, const char * input yields const char *.
This matches C23 strchr semantics and requires no changes at call sites.
libcli:auth: fix BURN_DATA_SIZE on array-decayed pointer parameter
_encode_pwd_buffer_from_str() declares `buf` as uint8_t buf[N],
which decays to a pointer. BURN_DATA_SIZE(buf, N) expands to
memset_explicit(&buf, 0, N), taking the address of the pointer
variable (8 bytes) rather than the buffer itself, triggering a
GCC -Wstringop-overflow error.
Gary Lockyer [Tue, 19 May 2026 22:18:43 +0000 (10:18 +1200)]
build: clang 23 enable unused-but-set-global
All the offending code has been fixed so re-enable the warning as an error.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu May 21 08:18:46 UTC 2026 on atb-devel-224
Gary Lockyer [Tue, 19 May 2026 22:16:14 +0000 (10:16 +1200)]
s3:torture:torture remove unread global got_alarm
Removed as it was declared and updated, but never read. This triggers the
clang 23 warning unused-but-set-global
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Tue, 19 May 2026 22:11:13 +0000 (10:11 +1200)]
lib:talloc:testsuite remove unread global test_abort_stop
Removed as it was declared and updated, but never read. This triggers the
clang 23 warning unused-but-set-global
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Tue, 19 May 2026 21:58:56 +0000 (09:58 +1200)]
s4:torture:raw:offline remove unread global num_connected
Removed as it was declared and updated, but never read. This triggers the
clang 23 warning unused-but-set-global
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Tue, 19 May 2026 21:26:15 +0000 (09:26 +1200)]
s4:torture:util_smb remove unread global procnum
Removed as as it was declared and updated, but never read. This triggers the
clang 23 warning unused-but-set-global
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Tue, 19 May 2026 21:25:15 +0000 (09:25 +1200)]
s4:torture:util_smb fix trailing white space
Fix trailing white space issues
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Tue, 19 May 2026 21:19:09 +0000 (09:19 +1200)]
tdb:tools:tdbtool remove unread global total_bytes
Removed as as it was declared and updated, but never read. This triggers the
clang 23 warning unused-but-set-global
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Tue, 19 May 2026 04:47:05 +0000 (16:47 +1200)]
build: Allow developer builds with clang 23
Disable the unused-but-set-global warning to allow samba to be compiled with
clang 23
Subsequent commits will fix the offending code.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
s3/smb_prometheus_endpoint: single function to export profile stats
Avoid duplicated defines: use 'export_profile_stats' to export both
global profile counters and per-share counters.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu May 21 06:41:46 UTC 2026 on atb-devel-224
Using multiple sections defines (both SMBPROFILE_STATS_ALL_SECTIONS
and SMBPROFILE_STATS_PERSVC_SECTIONS) creates maintenance burden with
no real benefit. Use only single definition with the penalty of emitting
all zeros on unused fields in the case of persvc profile.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The function `smbprofile_persvc_unref` may be called by smb2_service.c
due to `on_err_call_profile_unref`. In such case, need to protect from
possible negative refcnt of persvc entry.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Set proper level value, within valid range [0,2], for MSG_PROFILELEVEL.
Fixes a bug in existing code where return 'level' my be in non-valid
values 3 or 7.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Anoop C S [Tue, 19 May 2026 10:47:56 +0000 (16:17 +0530)]
source4/librpc: Add NULL check in dcerpc_secondary_auth_connection()
When dcerpc_secondary_auth_connection_send() fails, it returns NULL.
The NULL pointer is passed to dcerpc_secondary_auth_connection_recv()
which dereferences it without checking, causing a NULL pointer
dereference.
Add NULL check before calling the recv function and return
NT_STATUS_NO_MEMORY.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu May 21 03:24:09 UTC 2026 on atb-devel-224
Anoop C S [Tue, 19 May 2026 10:43:40 +0000 (16:13 +0530)]
source4/dsdb: Fix NULL dereference in attribute_list_from_class()
When dsdb_class_by_lDAPDisplayName_ldb_val() returns NULL due
to a missing class in the schema, the result is passed to
attribute_list_from_class() without validation. The function
immediately dereferences sclass when calling dsdb_attribute_list(),
causing a NULL pointer dereference.
Add NULL check at the entry of attribute_list_from_class() and return
NULL for missing schema classes.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Tue, 19 May 2026 10:38:02 +0000 (16:08 +0530)]
source4/dsdb: Fix NULL dereference in vlv_results()
When vlv_search_by_dn_guid() returns an error other than
LDB_SUCCESS, the result pointer remains uninitialized. The
subsequent condition uses OR logic that only guards result->count
when ret equals LDAP_NO_SUCH_OBJECT. For any other error code,
result remains NULL and is dereferenced, causing a NULL pointer
dereference.
Fix by reorganizing the if condition to ensure the dereferencing
statement only executes when LDB_SUCCESS is returned.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Tue, 19 May 2026 10:31:55 +0000 (16:01 +0530)]
source4/dsdb: Fix NULL dereference in log_membership_changes()
When get_parsed_dns() fails due to OOM, it returns NULL. Without
checking for NULL before the comparison loop, old_val and new_val
are dereferenced causing a NULL pointer dereference.
Add explicit NULL guards after both get_parsed_dns() calls and return
early if either fails when the corresponding element has values.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Wed, 13 May 2026 08:37:49 +0000 (14:07 +0530)]
source3/smbd: Fix NULL dereference in smbXsrv_open_cleanup_fn()
If smbXsrv_open_global_parse_record() fails, global remains NULL. The
do_delete path then attempts to dereference it, causing a crash. Add a
NULL check before accessing global->client_guid and global->create_guid.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Tue, 19 May 2026 10:07:28 +0000 (15:37 +0530)]
source3/passdb: Fix NULL dereference in _lsa_LookupSids()
When lookup_sids() returns NT_STATUS_NONE_MAPPED but exits early without
populating the names array, the subsequent dereference of names causes a
NULL pointer dereference.
Return an appropriate error status that allows existing error handling
to catch this case before the NULL dereference occurs.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Wed, 13 May 2026 08:20:40 +0000 (13:50 +0530)]
source3/passdb: Add NULL check in pdb_samba_dsdb_update_sam_account()
pdb_samba_dsdb_get_samu_private() can return NULL on memory allocation or
database query failures. Add an explicit NULL check to prevent dereference
and return an error status early.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Wed, 13 May 2026 08:44:38 +0000 (14:14 +0530)]
vfs_fruit: Fix uninitialized variable in fruit_fstatat_meta()
The variable smb_relname is used uninitialized in fruit_fstatat_meta().
This appears to be a copy-paste error where _smb_relname (the function
parameter) should have been used instead.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Anoop C S [Wed, 13 May 2026 06:25:06 +0000 (11:55 +0530)]
source3/adouble: Assert fsp is not NULL in ad_fget()
The DBG_DEBUG() in ad_open() dereferences smb_fname, which can be NULL
when ad_fget() calls ad_get_internal(). Add an SMB_ASSERT() guard in
ad_fget() to catch this early.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Björn Baumbach <bb@sernet.de>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Tue May 12 11:19:12 UTC 2026 on atb-devel-224
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon May 11 21:24:02 UTC 2026 on atb-devel-224
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Bjoern Jacke <bjacke@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Sun May 10 23:22:27 UTC 2026 on atb-devel-224
s3:winbindd: ignore unsupported anonymous smb sessions for AD trusts
This is handles the cases where a DC has
'Require NTLMv2 session security' activated which
disables anonymous NTLMSSP and let the server return
NT_STATUS_NOT_SUPPORTED.
Similar problems happen with a Samba DC that
uses 'restrict anonymous = 2' and the
tcon to ipc$ fails with NT_STATUS_ACCESS_DENIED.
For active directory related trusts we only use
ncacn_ip_tcp (or ncalrpc), so there's no need for
a valid smb connection.
Historically it very hard to restructure the code
in order to only connect smb for ncacn_np, so
this is more a hack to let us work in real world
scenarios.
s3:winbind: fix response array leak on error paths
Free map_ids_out.ids unconditionally when it differs from
map_ids_in.ids, not only on success.
Signed-off-by: Shweta Sodani <ssodani@redhat.com> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sat May 9 11:51:32 UTC 2026 on atb-devel-224
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Vinit Agnihotri <vagnihot@redhat.com> Reviewed-by: Avan Thakkar <athakkar@redhat.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed May 6 05:28:48 UTC 2026 on atb-devel-224
Shachar Sharon [Tue, 5 May 2026 10:04:22 +0000 (13:04 +0300)]
ctdb-server: Fix use-after-free bug
When 'rev_hdl->fde' is NULL due to failure in tevent_add_fd bail-out
with free-and-error in order to avoid pointer dereferencing 'rev_hdl'
after it is freed.
A failure to tevent_wakeup_recv(subreq) should trigger oom call on 'req'
(instead on 'subreq', which has already been free).
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Noel Power <npower@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sat May 2 14:51:58 UTC 2026 on atb-devel-224
libcli/dns: Add TCP parallel fallback after 1 second UDP timeout
Comes with refactoring: Add EDNS0 only to the UDP request, try TCP on
any UDP failure. This patch should probably be split up into several
micro-commits, but the code is very simply structured, so I'd propose
to put this in as is. For review, just look at the final code :-)
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr 29 17:40:38 UTC 2026 on atb-devel-224
Volker Lendecke [Tue, 31 Mar 2026 16:28:41 +0000 (18:28 +0200)]
libcli/dns: Simplify dns over tcp requests, save 39 lines :-)
tstream_readv_pdu_send() is overkill here, tstream_read_packet_send()
is sufficient. The only downside is that dns_tcp_request_recv() does
not return a talloc context on its own in reply anymore, but as the
reply is immediately ndr-parsed, so we keep that around only a tiny
bit longer.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Ralph Boehme [Wed, 1 Apr 2026 09:58:03 +0000 (11:58 +0200)]
smbd: do S_ISDIR check even earlier
Doing this in open_file() is too late, as when the client requests an open with
SEC_FLAG_MAXIMUM_ALLOWED on a directory that has FILE_ATTRIBUTE_READ_ONLY set,
this will currently trigger an NT_STATUS_ACCESS_DENIED by the following code in
open_file_ntcreate() if the ACL grants write access to the user:
if (((flags & O_ACCMODE) != O_RDONLY) && file_existed &&
(!CAN_WRITE(conn) ||
(existing_dos_attributes & FILE_ATTRIBUTE_READONLY))) {
DEBUG(5,("open_file_ntcreate: write access requested for "
"file %s on read only %s\n",
smb_fname_str_dbg(smb_fname),
!CAN_WRITE(conn) ? "share" : "file" ));
return NT_STATUS_ACCESS_DENIED;
}
Fixes this bug, but should otherwise cause no change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 29 12:00:18 UTC 2026 on atb-devel-224
Ralph Boehme [Wed, 1 Apr 2026 12:04:40 +0000 (14:04 +0200)]
smbd: ignore FILE_ATTRIBUTE_READONLY for the "MxAC" create context
As much as I dislike adding a boolean parameter to control this behaviour, I
don't see a different clean way to do it.
Note that I'm not touching the case where the share is realy-only, I just don't
want to open that additional can of worms now and instead focus on fixing the
FILE_ATTRIBUTE_READONLY case.
Ralph Boehme [Wed, 1 Apr 2026 10:28:55 +0000 (12:28 +0200)]
smbtorture: add test smb2.maximum_allowed.read_only_dir
Verifies that FILE_ATTRIBUTE_READONLY is effectively ignored on directories.
Passes against Windows, fails against Samba: Samba enforces read-only access in
fsp->access_mask and "MxAC" create context response for directories with
FILE_ATTRIBUTE_READONLY. This is wrong, Windows doesn't do this.
Note that MS-FSA doesn't quite has all these details right, the correct
behaviour was taken from a modern Windows server.
docs-xml: Improve documentation for 'winbind reconnect delay'
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 29 09:32:21 UTC 2026 on atb-devel-224
Martin Schwenke [Wed, 4 Feb 2026 03:53:54 +0000 (14:53 +1100)]
ctdb-server: Avoid removing connections for released IP
Commit c6602b686b4e50d93272667ef86d3904181fb1ab causes TCP connections
to be cleared whenever an associated client goes away. This shouldn't
happen when the associated public IP is being released, since the
takeover node will need the connection details to send tickle ACKs.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Apr 29 02:58:12 UTC 2026 on atb-devel-224
s3:winbindd: let wb_irpc_SamLogon reject the local domain as RWDC
If the clients use a subdomain of our domain the
'sam' auth backend passed the request along to
the 'winbind' auth backend. If winbindd tries
to use the local domain we hit the case that
an unknown domain was used. So we need to
bounce the request back to 'sam_ignoredomain'.
s3:loadparm: return NULL upon memalloc failure in lp_idmap_backend
Return NULL instead of valid-but-misleading cast from 'false' to
pointer.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Noel Power <npower@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Apr 23 20:53:10 UTC 2026 on atb-devel-224
s4:torture: Retry DsExecuteKCC on NT_STATUS_DS_BUSY
The KCC service runs a periodic samba_kcc child process (every 300s,
first at 15s after startup) with a 40 second timeout. If a test calls
DsExecuteKCC while the periodic child is running, kccsrv returns
NT_STATUS_DS_BUSY which propagates as EPT_NT_CANT_PERFORM_OP to the
client, causing flaky test failures.
UNEXPECTED(error): samba4.drs.samba_tool_drs_showrepl.python(schema_pair_dc).samba_tool_drs_showrepl.SambaToolDrsShowReplTests.test_samba_tool_showrepl(schema_pair_dc:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "/builds/samba-testbase/samba-def-build/source4/torture/drs/python/samba_tool_drs_showrepl.py", line 57, in test_samba_tool_showrepl
kcc_out = self.check_output("samba-tool drs kcc %s %s" % (self.dc1,
File "/builds/samba-testbase/samba-def-build/bin/python/samba/tests/__init__.py", line 593, in check_output
raise BlackboxProcessError(retcode, line, stdoutdata, stderrdata)
samba.tests.BlackboxProcessError: Command 'python3 bin/samba-tool drs kcc liveupgrade1dc -USCHEMADOMAIN/Administrator%locDCpass1'; shell True; exit status 255;
stdout: ''; stderr: 'ERROR(runtime): DsExecuteKCC failed - (3221356597, 'The operation cannot be performed.')
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 23 07:55:04 UTC 2026 on atb-devel-224
s3:tests: Improve debugging for test_wbinfo_lookuprids_cache.sh
Note that if this test fails, it is like something else creating keys.
The last time it was a crashing smbd which left a key in the database
and this test failed as a result.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Apr 22 16:35:58 UTC 2026 on atb-devel-224
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 22 14:19:03 UTC 2026 on atb-devel-224
vfs_ceph_release_fh() was called explicitly then again via the FSP
extension destructor triggered by vfs_ceph_remove_fh(). Drop the
explicit call and let the destructor handle cleanup.
Signed-off-by: Shweta Sodani <ssodani@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: John Mulligan <jmulligan@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Apr 21 22:18:42 UTC 2026 on atb-devel-224
vfs_ceph_new: fix return type mismatch in disk_free
-ENOMEM cast to uint64_t is not the error sentinel UINT64_MAX and
leaves errno unset. Set errno and return UINT64_MAX instead.
Also replace UINT64_MAX instead of (uint64_t)-1) in all error path.
Signed-off-by: Shweta Sodani <ssodani@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: John Mulligan <jmulligan@redhat.com>
The functions 'brl_lock_windows_default' and 'brl_lock_posix' uses
explicit 'errno_ret' value to avoid possible errno overwrite. Use in
failure case.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Shwetha Acharya <Shwetha.K.Acharya@ibm.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Apr 21 02:05:57 UTC 2026 on atb-devel-224
This adds a new global parameter "automount fs types" that allows
administrators to configure additional filesystem types that should
trigger automounting, beyond the always-supported autofs filesystem.
To enable 'samba unaware FS' automounting, add:
automount fs types = 0x12345678
This allows e.g. ZFS snapshots in <dataset root>/.zfs/snapshot to be
mounted. To find out the magic number that is not listed
in /usr/include/linux/magic.h, run:
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Apr 20 19:57:42 UTC 2026 on atb-devel-224
This avoids mixing malloc and talloc allocation patterns and
aligns the code with Samba's memory management conventions.
Signed-off-by: Shwetha Acharya <Shwetha.K.Acharya@ibm.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sat Apr 18 20:58:22 UTC 2026 on atb-devel-224
Martin Schwenke [Thu, 9 Apr 2026 07:52:20 +0000 (17:52 +1000)]
ctdb-scripts: Support interface altnames
This avoids generating a warning like:
WARNING: Public IP <ip> hosted on interface <iface> but VNN says <altname>
every time a public IP is removed from an interface that is configured
via an altname.
The new check will nearly always be successful because the IP will be
on the expected interface during releaseip/updateip.
The original check is now used as a backup when the IP is not on the
expected interface. To allow the mask bits check to cover both cases,
the original check and the associated interface check needs to be
inside the else clause.
Update the unit test to reflect the change.
Best reviewed with "git show -w" or similar.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Apr 17 00:11:50 UTC 2026 on atb-devel-224
Martin Schwenke [Fri, 10 Apr 2026 01:22:19 +0000 (11:22 +1000)]
ctdb-scripts: Add an extra variable to help reviewers
Using $_bcast to determine if the address is an IPv6 one is lazy. It
causes anyone reading the code (including the original author) to have
to go back and confirm that the condition makes sense.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com>
Martin Schwenke [Thu, 9 Apr 2026 02:15:33 +0000 (12:15 +1000)]
ctdb-scripts: Only warn when removing an unassigned public IP
get_iface_ip_maskbits() now sets iface="" when the IP is unassigned,
allowing dependent code to be conditional.
Currently, ctdb_takeover.c:ctdb_control_release_ip() ensures no
releaseip event is triggered if the public address is not on the node.
So, no change of behaviour for releaseip.
The previous attempt at making updateip behave more like takeip when
the IP isn't currently assigned caused commands with missing mask bits
to be run. Avoid this.
Best reviewed with "git show -w" or similar.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com>
Martin Schwenke [Thu, 9 Apr 2026 12:02:24 +0000 (22:02 +1000)]
ctdb-scripts: Simplify by taking advantage of early return/exit
Negate the condition in the if-statement so the current else part goes
first. It always returns or exits, so the remainder (current if part)
can just follow.
This makes a subsequent change easier to understand.
Probably best reviewed with "git show -w" or similar.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com>
Martin Schwenke [Thu, 9 Apr 2026 02:08:40 +0000 (12:08 +1000)]
ctdb-scripts: Add address with specified mask bits in updateip
That is, add using $_maskbits, not $maskbits.
In the rare case where the mask bits were inconsistent on the old
interface, $maskbits will be needed for removal from the old
interface.
However, the specified mask bits ($_maskbits) must always be used when
adding to the new interface. Circumstances where this matters are
likely to be very rare.
It matters more if the address is unexpectedly not assigned at all.
In this case $maskbits will not be set, so the address can't be added
to the new interface using that variable.
Martin Schwenke [Fri, 10 Apr 2026 00:51:53 +0000 (10:51 +1000)]
ctdb-scripts: Change style to use if-statements
Well known, explicit structured programming constructs are arguably
easier to understand than implicit shell magic.
Only change instances that will be updated by subsequent commits.
Doing this separately, instead of in each subsequent commit, will make
those commits easier to understand.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com>
Martin Schwenke [Thu, 2 Apr 2026 01:41:14 +0000 (12:41 +1100)]
ctdb-scripts: Avoid a shellcheck complaint
In ctdb/config/events/legacy/11.natgw.script line 174:
read _old_natgwleader <"$natgw_leader_old"
^--^ SC2162 (info): read without -r will mangle backslashes.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com>
smbd: handle synthetic_smb_fname failure properly in delete_all_streams
When 'synthetic_smb_fname' fails due to memory error, it returns NULL.
Fix this error-case logic in 'delete_all_streams'.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Apr 16 13:48:23 UTC 2026 on atb-devel-224
Douglas Bagnall [Wed, 1 Apr 2026 20:35:01 +0000 (09:35 +1300)]
ndr:dns_utils.h: add header guards
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Apr 16 01:57:42 UTC 2026 on atb-devel-224
Douglas Bagnall [Tue, 19 May 2020 22:05:16 +0000 (10:05 +1200)]
ndr: pull_dns_string: don't allow dots or '\0' in labels
We use a copy function that returns false if the copied string
contains the bad characters, and true otherwise.
As a special case, we allow a '.' as the last character, because an
NBT name with a trailing dot is sometimes used as a username, and we
need to match these exactly, even though the dotless form is
semantically the same (per RFC).
librpc/tests: Initialize name _test_ndr_pull_dns_string_list
When ndr_pull_struct_blob fails (which it will for labels containing
dots, now rejected by the new dns_component_copy check), name remains
uninitialized and the subsequent push call dereference it.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Sat, 6 Jun 2020 11:22:16 +0000 (23:22 +1200)]
ndr: pull_dns_string: check length, use buffers/memcpy
RFC 1035 says the maximum length for a DNS name is 255 characters, and
one of the factors that allowed CVE-2020-10745 is that Samba did not
enforce that directly, enabling names around 8k long.
We fix that by keeping track of the name length. It is easier and more
efficient to use a 64 byte buffer for the components, and this will
help us to introduce further hardening in the next commit.
Douglas Bagnall [Wed, 20 May 2020 07:18:14 +0000 (19:18 +1200)]
ndr: pull_dns_string: drop nbt/dns mem_ctx difference
Until now NBT and DNS have used talloc contexts of different lifetimes
to allocate component strings. The actual talloc context doesn't
really matter -- these strings are immediately copied and can be freed
straight after. So that is what we do.
Douglas Bagnall [Wed, 3 Jun 2020 02:42:41 +0000 (14:42 +1200)]
pytests: dns_packet tests check rcodes match Windows
the dns_packet tests originally checked only for a particular DoS
situation (CVE-2020-10745) but now we widen them to ensure Samba's
replies to invalid packets resembles those of Windows (in particular,
Windows 2012r2). We want Samba to reply only when Windows replies, and
with the same rcode.
At present we fail a lot of these tests.
The original CVE-2020-10745 test is retained and widened indirectly --
any test that leaves the server unable to respond within 0.5 seconds
will count as a failure.
Noel Power [Fri, 10 Apr 2026 15:50:55 +0000 (16:50 +0100)]
s3/modules: fix snapper_gmt_fstatat
snapper_gmt_fstatat is failing when called on items in a
'previous version' snapshot because the wrong timestamp value is
passed (the raw timewarp value is used) and snapper_gmt_convert cannot
find the valid snapshot instance to use.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Apr 15 15:29:38 UTC 2026 on atb-devel-224
Noel Power [Fri, 10 Apr 2026 10:08:08 +0000 (11:08 +0100)]
s3/modules: Fix vfs snapper not finding files in subdirs
when trying to browse on windows a snapper share (exposed via windows previous versions) files in subdirs are not visible. In other words only files that are in the root dir of the versioned share can be seen
For example with the file hierarchy above only file1, file2 and subdir are visible. Navigating into subdir shows an empty dir
snapper_gmt_openat is failing because when calling snapper_gmt_convert
it doesn't take into account the path to the subdirectory.
snapper_gmt_convert is just passed the leaf name where it constructs the
snapper path based on the base dir of the share.
Jeremy Allison [Fri, 10 Apr 2026 21:24:34 +0000 (14:24 -0700)]
s3:loadparm: fix NULL pointer dereference in volume_label()
volume_label() calls lp_servicename() as a fallback when lp_volume()
returns an empty string. lp_servicename() is a FN_LOCAL_SUBSTITUTED_STRING
that falls back to sDefault.szService when the service is invalid. Since
sDefault.szService is initialized to NULL and is never set by
init_globals(), the substitution returns NULL, and the subsequent
strlen() call crashes with a segmentation fault.
Add a NULL guard so volume_label() returns an empty string instead
of crashing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 15 00:07:12 UTC 2026 on atb-devel-224
projects / thirdparty / samba.git / log
