s3:winbind: Add support for krb5_ccache_type = DEFAULT
This will use the ccache_type defined in the krb5.conf.
Pair-Programmed-With: Pavel Filipenský <pfilipen@samba.org> Signed-off-by: Pavel Filipenský <pfilipen@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
lib:krb5_wrap: Add function to read the default_ccache_name config value
krb5_cc_default_name() expands the config value %{uid} is expanded to the
current id. However when we call this as winbind, it is expanded to root and not
the user we are authenticating. This functions reads directly from the config.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
s3:winbind: Also support %{uid} substitution for krb5_ccache_type
Pair-Programmed-With: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Shachar Sharon [Sun, 22 Mar 2026 17:52:44 +0000 (19:52 +0200)]
vfs_ceph_new: do not set negative value in vfs_aio_state.error
Ceph uses negative error valuers but Samba's VFS expects error value as
non-negative values (errno style).
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Avan Thakkar <athakkar@redhat.com> Reviewed-by: Shweta Sodani <ssodani@redhat.com> Reviewed-by: Vinit Agnihotri <vagnihot@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: John Mulligan <jmulligan@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Mar 26 09:23:11 UTC 2026 on atb-devel-224
Pavel Filipenský [Wed, 11 Mar 2026 19:07:05 +0000 (20:07 +0100)]
auth: Remove talloc_set_name_const() if talloc_keep_secret() changes the talloc name
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(timing): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(timing): Wed Mar 25 21:16:35 UTC 2026 on atb-devel-224
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Mar 24 00:13:03 UTC 2026 on atb-devel-224
Gary Lockyer [Sun, 22 Mar 2026 19:43:39 +0000 (08:43 +1300)]
lib:util: Remove is_aligned prototype from alignment.h
is_aligned is now defined as static inline, so there's no need for the
prototype
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Mar 23 08:23:50 UTC 2026 on atb-devel-224
Gary Lockyer [Wed, 18 Mar 2026 00:28:53 +0000 (13:28 +1300)]
s3:lib:netapi set talloc type for GROUP_INFO_x
Call talloc_set_type setting the type name after copying the GROUP_INFO to the
buffer. This will allow the client code to use talloc_get_type_abort, if needed
to suppress any cast-align warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org>
Shweta Sodani [Wed, 18 Mar 2026 14:30:21 +0000 (20:00 +0530)]
vfs_ceph_new: fix typecast error in vfs_ceph_flistxattr
Signed-off-by: Shweta Sodani <ssodani@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: John Mulligan <jmulligan@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Mar 20 06:35:12 UTC 2026 on atb-devel-224
Running it twice in a debugger didn't hit any SMB_ASSERT
and printed the expected values:
smbd version 4.25.0pre1-DEVELOPERBUILD started.
Copyright Andrew Tridgell and the Samba Team 1992-2026
daemon 'smbd' : Starting process ...
streams_xattr_connect: default_ext_prefix[0x5555555ed930][19][user.DosStreamExt.]
streams_xattr_connect: ext_prefix[0x5555555ed930][user.DosStreamExt.]
streams_xattr_connect: ext_prefix[0x5555555ed930][user.DosStreamExt.]
streams_xattr_connect: config->ext_prefix[0x5555555ed930][19][user.DosStreamExt.]
streams_xattr_connect: using stream ext prefix: user.DosStreamExt.
smbd version 4.25.0pre1-DEVELOPERBUILD started.
Copyright Andrew Tridgell and the Samba Team 1992-2026
daemon 'smbd' : Starting process ...
streams_xattr_connect: default_ext_prefix[0x5555555ed6d0][19][user.DosStreamExt.]
streams_xattr_connect: ext_prefix[0x5555555ed6d0][user.DosStreamExt.]
streams_xattr_connect: ext_prefix[0x5555555ed6d0][user.DosStreamExt.]
streams_xattr_connect: config->ext_prefix[0x5555555ed6d0][19][user.DosStreamExt.]
streams_xattr_connect: using stream ext prefix: user.DosStreamExt.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 19 15:00:19 UTC 2026 on atb-devel-224
Martin Schwenke [Fri, 13 Mar 2026 06:38:43 +0000 (17:38 +1100)]
ctdb-tests: Tweak some NFS monitoring tests for portability
FreeBSD doesn't have an option to print time in nanoseconds.
We need to run something to produce fake "statistics" that are
guaranteed to change. I think this will do - the chances of getting
the same 256 bytes twice in a row seems small enough.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Mar 18 12:33:13 UTC 2026 on atb-devel-224
Martin Schwenke [Fri, 13 Mar 2026 06:12:38 +0000 (17:12 +1100)]
ctdb-scripts: Trim "wc -l" output for FreeBSD compatibility
tests/UNIT/eventscripts/10.interface.020.sh fails in case
"10.interface.script releaseip dev123 10.0.0.3 24" with:
--------------------------------------------------
Output (Exit status: 0):
--------------------------------------------------
Killed 10/10 TCP connections to released IP 10.0.0.3, using ss -K
--------------------------------------------------
Required output (Exit status: 0):
--------------------------------------------------
Killed 10/10 TCP connections to released IP 10.0.0.3, using ss -K
FAILED
==========================================================================
TEST FAILED: ./tests/UNIT/eventscripts/10.interface.020.sh (status 1) (duration: 1s)
==========================================================================
We have seen this type of thing before when output doesn't match
because FreeBSD wc -l space-pads output. For example, see commit c6c81ea287924c2924aebc6dc0cdea1dc4322ae2.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Martin Schwenke [Fri, 13 Mar 2026 04:53:54 +0000 (15:53 +1100)]
ctdb-event: Fix the build on FreeBSD
FreeBSD does not have ENODATA. Sorry, I wasn't thinking about
portability when I made the changes that introduced the use of ENODATA
here. :-(
Use ENOMSG instead, for lack of anything better, to indicate a script
slot containing no result. ENOENT might seem more appropriate but it
is already involved in this code (where it is sometimes mapped to
ENOEXEC). The choice of error number only needs to be consistent
within the event code.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Tue, 3 Mar 2026 15:41:03 +0000 (16:41 +0100)]
smbd: Fix getting fs capabilities
The change from statvfs to fstatvfs has a bug: When this is called in
make_connection_snum, conn->cwd_fsp is not fully set up yet. So the
"This happens in create_conn_struct_as_root()" comment applies
everywhere. We need to look at the share rootdir, so open a pathref
fsp on it. This is called only once per tcon, so it's not in our hot
code path.
Found by a user who has "/" mounted readonly, and MacOS denied
writing.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Mar 4 10:01:41 UTC 2026 on atb-devel-224
[4102/5009] Compiling source4/torture/rpc/spoolss_notify.c
../../source4/torture/rpc/spoolss.c:3984:48: error: variable 'data' is
uninitialized when passed as a const pointer argument here
[-Werror,-Wuninitialized-const-pointer]
3984CHECK_NEEDED_SIZE_LEVEL(spoolss_PrinterData, &data, type, needed, 1);
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Mar 3 05:55:25 UTC 2026 on atb-devel-224
Volker Lendecke [Tue, 17 Feb 2026 11:22:12 +0000 (12:22 +0100)]
vfs: Remove unused SMB_VFS_GETWD()
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Mar 1 21:22:24 UTC 2026 on atb-devel-224
Volker Lendecke [Mon, 16 Feb 2026 16:38:02 +0000 (17:38 +0100)]
torture: Use SINGLETON_CACHE_TALLOC in tests
GETWD_CACHE is on its way out. Despite not having _TALLOC in its name
nor it being marked as talloc in memcache.h, memcache_is_talloc()
shows it as being talloc'ed.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Mon, 16 Feb 2026 15:55:58 +0000 (16:55 +0100)]
vfs: Significantly simplify vfs_ChDir_shareroot()
Now that we are sure we don't chdir to arbitrary paths, and nobody
except vfs_ChDir_shareroot() calls vfs_GetWd() anymore, we can get rid
of the getwd cache and replace the LastDir-check with a simple
if (conn == chdir_lastconn_cache) {
return 0;
}
The places where we reset LastDir to NULL, forcing a real chdir, are
replaced by a call to reset_chdir_lastconn_cache().
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Mon, 16 Feb 2026 14:19:49 +0000 (15:19 +0100)]
smbd: Avoid the VFS' chdir() call in close_cnum()
The purpose of this call here is to make a file system
unmountable. For shares backed by a local file system, a direct
chdir(2) syscall to "/" will achieve the same, and shares like cephfs
backed by libraries without a local mount will not be affected
anyway. For them, a VFS level chdir("/") relative to a connection does
not make much sense anyway.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Mon, 16 Feb 2026 14:12:59 +0000 (15:12 +0100)]
fss_srv: Use create_conn_struct_chdir()
This is the last user of the non-chdir create_conn_struct_tos(). While
I don't fully understand the code, this is an RPC server that *should*
not care about the current working directory. There are some tests for
this in the rpc.fsrvp group of tests, so I don't think this breaks too
badly.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Mon, 16 Feb 2026 13:16:46 +0000 (14:16 +0100)]
smbd: Call create_conn_struct_chdir() in get_referred_path()
create_conn_struct_tos_cwd() provides an attempt to chdir() back to
where we came from. This is flawed, because SMB_VFS_CHDIR() is always
relative to a connection, and conn_struct_tos_destructor() calls
vfs_ChDir() on the fake connection, not the one we came from.
Remove the flawed attempt to chdir() back in get_referred_path(). The
one caller in vfswrap_get_dfs_referrals() changes back to the "real"
connection that issued the dfs call from SMB, and the RPC server
callers don't care. They rely on the chdir("/") in
conn_wrap_destructor().
This adds one chdir("/") in smbd's "get referral" calls, but those
should be rare enough not to cause performance problems.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Mon, 16 Feb 2026 13:11:57 +0000 (14:11 +0100)]
dfssrv: Call create_conn_struct_chdir()
This is inside an rpc server, where we don't depend on an implicit
current working directory. We don't need the "jump back to old cwd"
that create_conn_struct_tos_cwd() provided.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Mon, 16 Feb 2026 13:03:57 +0000 (14:03 +0100)]
srvsvc: Call create_conn_struct_chdir()
This is inside an rpc server, where we don't depend on an implicit
current working directory. We don't need the "jump back to old cwd"
that create_conn_struct_tos_cwd() provided.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Mon, 16 Feb 2026 12:57:08 +0000 (13:57 +0100)]
eventlog: Use create_conn_struct_chdir()
I did not find any use of cwd-dependent calls in this code, the
eventlog tdb's are all relative to state_path(), which is absolute. As
this is in a rpc server we don't have to preserve any cwd.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Mon, 16 Feb 2026 12:48:54 +0000 (13:48 +0100)]
printing: Call create_conn_struct_chdir()
This is only linked from rpcd_spoolss, where we don't depend on an
implicit current working directory. We don't need the "jump back to
old cwd" that create_conn_struct_tos_cwd() provided.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Mon, 16 Feb 2026 12:14:24 +0000 (13:14 +0100)]
pysmbd: Use create_conn_struct_chdir()
pysmbd is the one user of fake connection_structs that depends on
not changing to "/" after the connection has been torn down. Add
special handling here.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Thu, 12 Feb 2026 19:54:54 +0000 (20:54 +0100)]
smbd: Leave sconn->ev_ctx as NULL for internal fake connections
These connection_structs are only there to access files like msdfs
symlinks or printer driver files. They will never participate in async
processing like sending out events or getting delayed for oplocks. Any
such use is a bug, because if you look at create_conn_struct_tos() we
create an event context that we will never poll on, so events posted
there will never finish. Leave the ev_ctx NULL so that we get an early
crash instead of running into problems later.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Wed, 11 Feb 2026 17:25:30 +0000 (18:25 +0100)]
rpc_server: Move dfs helper routines to srv_dfs_nt.c
This makes it clear that these callers of create_conn_struct_tos_cwd()
don't really need to chdir() back to whatever cwd the process was in
before. RPC servers don't really have a concept of "implicit" current
working directory that is assumed to be the root dir of the current
share.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Anoop C S [Sun, 1 Mar 2026 05:55:09 +0000 (11:25 +0530)]
s3/include: Remove unused BIG_UINT
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sun Mar 1 11:18:37 UTC 2026 on atb-devel-224
Avan Thakkar [Tue, 2 Dec 2025 08:50:42 +0000 (14:20 +0530)]
vfs_aio_ratelimit: Add per-share TDB persistence for local rate limiter state
Introduce local TDB storage for saving and restoring ratelimiter state
(iops_tokens, bytes_tokens, last timestamp). Each share now persists
its read/write limiter state under aio_ratelimit.tdb.
Added VERSION pseudo-key for schema versioning
On disconnect, save the latest state and close TDB.
Avan Thakkar [Mon, 1 Dec 2025 12:34:54 +0000 (18:04 +0530)]
vfs_aio_ratelimit: introduce burst-aware token bucket model
Refactor the rate limiter to use a continuous token-bucket model with
configurable burst multiplier. This replaces the older time-window and
delay_max logic.
projects / thirdparty / samba.git / log
