Use path_helperdir() to help construct the path and then cache the
result in the existing static buffer (with length adjusted because
POSIX says the +1 is not necessary). Given the way this is used by
cluster_mutex_test, there is no (other) sane place to cache it.
path_helperdir_append() could be used to construct the path, but then
there would be an unnecessary talloc() result to free.
The flexibility in unit test cluster_mutex_003.sh was never used, so
remove this test. If other cluster mutex helpers are added then they
can be tested by separate tests.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Martin Schwenke [Wed, 29 Oct 2025 04:22:22 +0000 (15:22 +1100)]
ctdb-tests: Add CTDB_TEST_HELPER_BINDIR
Now that generated scripts are linked into bin/, nothing needs to be
run from the tools/ directory anymore during self-test. So, introduce
CTDB_TEST_HELPER_BINDIR to replace both CTDB_SCRIPTS_TOOLS_HELPER_DIR
and CTDB_SCRIPTS_HELPER_BINDIR. Add this directory to PATH.
CTDB_TEST_HELPER_BINDIR will also be used in combination with
CTDB_TEST_MODE to allow helpers to be found via a single mechanism
that uses this single variable. This will replace the multiple
mechanisms and variables currently used.
For simplicity, leave the old variables alone for now. Replacing them
in a comprehensible way will take a few steps.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Martin Schwenke [Mon, 27 Oct 2025 06:32:47 +0000 (17:32 +1100)]
ctdb-build: Ensure generated scripts are executable and symlinked
Ensure that all generated scripts are executable. All of the
generated scripts (except test harnesses ctdb_run_tests,
ctdb_local_daemons) also need to be linked into the bin/ directory so
they can be more easily run during self-test.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Jennifer Sutton <jsutton@samba.org>
Autobuild-Date(master): Mon Feb 23 21:18:57 UTC 2026 on atb-devel-224
Gary Lockyer [Wed, 18 Feb 2026 23:18:38 +0000 (12:18 +1300)]
s4:kdc:db-glue altSecurityIdentities DN and serial reversed
When altSecurityIdentities is set by RSAT / ADUC they store the
Issuer and Subject DN in last to first order i.e.
CN=Common Name, O=Organization, C=Country
Need to reverse that to first to last order, i.e.
C=Country, O=Organization, CN=Common name
Which is how they're stored on the X509 certificates.
Also the serial number is stored in reverse order.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Feb 23 12:37:28 UTC 2026 on atb-devel-224
Martin Schwenke [Mon, 23 Feb 2026 03:42:17 +0000 (14:42 +1100)]
ctdb-tools: Fix CID 1681637 - Drop unnecessary if-statements
The first was found by Coverity:
>>> CID 1681637: Incorrect expression (IDENTICAL_BRANCHES)
>>> The same code is executed when the condition "ret != 0" is
true or false, because the code in the if-then branch and
after the if statement is identical. Should the if statement
be removed?
The second and third are also obvious.
Sorry, missed these in review.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Signed-off-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Feb 23 08:43:29 UTC 2026 on atb-devel-224
docs: smbget: Fix typos and misleading options in manpage
This patch corrects several issues in the smbget documentation:
- Removed duplicate '-O' from the synopsis (it conflicted with socket
options).
- Clarified that '-o' conflicts with '--recursive', not '-R' (which is
name resolve order).
- Fixed malformed example syntax (changed '-resume' to '--resume').
- Fixed spelling typo of 'recursive' in the BUGS section.
RN: Fixed misleading documentation for smbget options (-O vs --stdout)
and corrected typos.
Signed-off-by: Hugo Chia <hugochiaxyz.nus@gmail.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: John Mulligan <jmulligan@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sun Feb 22 06:10:46 UTC 2026 on atb-devel-224
Ralph Boehme [Mon, 26 Jan 2026 14:59:44 +0000 (15:59 +0100)]
s3/passdb: add parameter to control handling of wellknown SIDs in pdb_tdb
With "tdbsam:map wellknown", one can control if pdb_tdb should be used
to map entries of wellknown SIDs or not. By default, they will not be
mapped, as in previous releases.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Feb 20 08:37:17 UTC 2026 on atb-devel-224
John Mulligan [Mon, 9 Feb 2026 18:02:01 +0000 (13:02 -0500)]
ctdb-doc: add section to manpage for -j/--json option
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Feb 20 01:50:20 UTC 2026 on atb-devel-224
Shachar Sharon [Sun, 8 Feb 2026 11:15:02 +0000 (13:15 +0200)]
ctdb-tools: add --json support to 'version' sub-command
When building ctdb with json-outpuit support, enable json output when
running 'ctdb version --json'. This may be used as indication to json
support in other sub-commands.
Pair-Programmed-With: John Mulligan <jmulligan@redhat.com> Signed-off-by: Shachar Sharon <ssharon@redhat.com> Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Anoop C S <anoopcs@samba.org>
John Mulligan [Thu, 12 Feb 2026 22:47:58 +0000 (17:47 -0500)]
ctdb-tools: add a --json option for ctdb status
Add a new --json option that prints JSON as a higher-level machine
parse-able output. The --json option is only supported if the
jansson library is available.
The --json option will ONLY print json. If the subcommand does not
(yet) support json it will raise an error rather than fall back to
emitting human readable text. This way a json parser is never given
"invalid" input.
Pair-Programmed-With: Shachar Sharon <ssharon@redhat.com> Signed-off-by: Shachar Sharon <ssharon@redhat.com> Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Anoop C S <anoopcs@samba.org>
John Mulligan [Tue, 10 Feb 2026 18:55:11 +0000 (13:55 -0500)]
ctdb-tools: reformat ctdb.c with clang-format
This is the result of running:
clang-format -i ctdb/tools/ctdb.c
This is in preparation for some upcoming changes that add fields to the
struct tables and general recommendations to use `clang-format` and/or
`git clang-format` to keep samba code formatted consistently.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Anoop C S <anoopcs@samba.org>
Signed-off-by: Peter Schwenke <pschwenke@ddn.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Feb 18 12:29:16 UTC 2026 on atb-devel-224
Peter Schwenke [Tue, 29 Apr 2025 06:33:45 +0000 (16:33 +1000)]
ctdb-scripts: Only send notifies for newly taken IPs
We no longer delete shared state (and send notifies) for
IPs previously held by the current node. The NFS lock manager
won't have released locks for these IPs, so won't generate
SM_MON on reclaim attempts. Therefore, there will be
no add-client to put them back.
We now record newly taken IP addresses in takeip,
and only send notifies for those during
ipreallocated. The extra notifies were also confusing
statd.
Update existing tests to always simulate taking all of a node's IPs.
This causes no output changes.
Test updates confirm the subtleties of the statd_callout_helper
behaviour change. These pretend to only take a single IP, so
SM_NOTIFY must not be sent for other IPs. Shared state should
remain for these other files.
Martin Schwenke [Thu, 15 May 2025 05:20:25 +0000 (15:20 +1000)]
ctdb-tests: Update statd-callout unit test infrastructure
Don't cheat. Keep some state about what is happening, similar to what
statd_callout and statd_callout_helper are expected to keep. This
means hinting arguments to check_shared_storage_statd_state() and
check_statd_callout_smnotify() can be dropped.
Anoop C S [Tue, 17 Feb 2026 16:21:35 +0000 (21:51 +0530)]
vfs_ceph_new: Reduce a level of indirection for SMB_VFS_FSTATVFS
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Feb 18 11:12:23 UTC 2026 on atb-devel-224
Jennifer Sutton [Wed, 4 Feb 2026 00:51:38 +0000 (13:51 +1300)]
CVE-2026-20833: WHATSNEW: Document new default for ‘kdc default domain supported enctypes’
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Feb 18 01:52:23 UTC 2026 on atb-devel-224
cli_credentials_get_keytab() uses the sAMAccountName to calculate the salt via
cli_credentials_get_salt_principal(). Changing the sAMAccountName means that
cli_credentials_get_keytab() will generate AES Kerberos keys using the wrong
salt, and gensec authentication will fail.
Douglas Bagnall [Mon, 2 Feb 2026 21:24:14 +0000 (10:24 +1300)]
build: allow `./configure _foo=x` to work like FOO=x
OpenWRT passes arguments like '_python_sysroot=x' after the './configure',
which it expects to work as if the occurred before the './configure'
-- that is, setting environment variables (let's assume its build
system is necessarily complex due to all the cross-compiles).
This used to work (or at least not cause a failure return code) until
the upgrade to waf 2.1.5 or 2.1.6 in mid-2025, when waf started using
the argparse parser.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Feb 18 00:00:30 UTC 2026 on atb-devel-224
Noel Power [Mon, 19 Jan 2026 16:18:02 +0000 (16:18 +0000)]
s3/libsmb: block anon authentication fallback is use-kerberos = desired
When cli_credentials_get_kerberos_state returns CRED_USE_KERBEROS_REQUIRED
libsmbclient method SMBC_server_internal will still try to fallback to
anon NTLM. This patch prevents that.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15789 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Feb 17 16:06:18 UTC 2026 on atb-devel-224
Noel Power [Mon, 19 Jan 2026 16:10:10 +0000 (16:10 +0000)]
s3/libsmb: cli_session_creds_init fails when kerberos is desired
There is a regression with code using cli_session_creds_init when
cli_credentials_get_kerberos_state() returns CRED_USE_KERBEROS_DESIRED
Authentication succeeds when boolean fallback_after_kerberos is false
and fails when true.
There doesn't seem to be a good reason why the value of
fallback_after_kerberos should initialise the krb5 ccache or not.
It would seems that krb5 cache should be setup for creds
for *any* kerberos auth (whether fallback is enabled or not)
Partial patch from <will69@gmx.de> (see bug referenced below)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15789 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
gensec_kerberos_possible() will always fail when
cli_credentials_get_kerberos_state() returns CRED_USE_KERBEROS_DESIRED
It seems since use kerberos == desired is the default that it isn't
necessary to see if credentials were modified to indicated authentication
was requested. gensec_kerberos_possible() should afaics return true
if kerberos is desired OR required (regardless of whether credentials
were requested)
This commit removes the knownfail associated with this bug.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15789 Signed-off-by: <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
Anoop C S [Sun, 15 Feb 2026 04:27:18 +0000 (09:57 +0530)]
vfs_ceph: Handle absolute paths with dirfd = ‑1 in openat
ceph_openat() does not follow the convention of ignoring 'dirfd' when
the pathname is absolute, resulting in EBADF. As a temporary workaround,
handle this special case in cephwrap_openat() by calling ceph_open()
directly instead of ceph_openat().
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Shwetha K Acharya <Shwetha.K.Acharya@ibm.com> Reviewed-by: Xavi Hernandez <xhernandez@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Feb 16 17:27:03 UTC 2026 on atb-devel-224
s3:utils: Fix misleading recursive flag in smbget error message
The error message in smbget incorrectly instructs users to use "-R" for
recursive downloads.
In recent Samba versions, the "-R" flag was repurposed for
"--name-resolve" to align with other tools. The correct flag for
recursion is now "--recursive". This mismatch causes confusion as using
"-R" triggers a parameter parsing error rather than enabling recursion.
This patch updates the error string to correctly suggest "--recursive"
instead of "-R".
RN: smbget: Fix error message suggesting wrong flag for recursion.
Signed-off-by: Hugo Chia hugochiaxyz.nus@gmail.com Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: John Mulligan <jmulligan@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Feb 16 15:37:04 UTC 2026 on atb-devel-224
Volker Lendecke [Mon, 9 Feb 2026 12:10:07 +0000 (13:10 +0100)]
vfs: Simplify xattr_tdb_getxattrat_send()
Avoid calls to SMB_VFS_CHDIR and SMB_VFS_GETWD by using
openat_pathref_fsp()
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sun Feb 15 11:45:52 UTC 2026 on atb-devel-224
projects / thirdparty / samba.git / log
