Ralph Boehme [Tue, 8 Jul 2025 12:47:24 +0000 (14:47 +0200)]
smbd: simplify create_action handling
(state->info == FILE_WAS_OVERWRITTEN) can only happen when returning
SMB_VFS_CREATE_FILE(), not for a Durable Handle reconnect or Replay, hence we
can move the check and adjustment of state->info to smbd_smb2_create_send()
after the call to SMB_VFS_CREATE_FILE().
This nicely simplifies the logic in smbd_smb2_create_finish() where we can now
just set state->op->create_action and state->out_create_action to the value of
state->info.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug 5 14:51:51 UTC 2025 on atb-devel-224
Pavel Filipenský [Wed, 23 Jul 2025 13:09:21 +0000 (15:09 +0200)]
s3:winbindd: Resolve dc name using CLDAP also for ROLE_IPA_DC
server role ROLE_IPA_DC (introduced in e2d5b4d) needs special handling
in dcip_check_name(). We should resolve the DC name using:
- CLDAP in dcip_check_name_ads()
instead of:
- NETBIOS in nbt_getdc() that fails if Windows is not providing netbios.
The impacted environment has:
domain->alt_name = example.com
domain->active_directory = 1
security = USER
server role = ROLE_IPA_DC
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org>
Pair-programmed-with: Andreas Schneider <asn@samba.org>
s3:tests: Fix shellcheck warning of test_wbinfo_lookuprids_cache.sh
In source3/script/tests/test_wbinfo_lookuprids_cache.sh line 27:
key=$("$TDBDUMP" "$cache" | grep ^key.*NDR.*/"$opnum"/ | cut -d\" -f2)
^-------------------^ SC2062 (warning):
Quote the grep pattern so the shell won't
interpret it.
Lets better use awk for matching the pattern.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
docs-xml: Update documentation for --use-kerberos and --use-krb5-ccache
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug 5 11:49:35 UTC 2025 on atb-devel-224
Ensure print_queue_struct *q is initialized to NULL to avoid
undefined behavior when freeing on error paths. Move SAFE_FREE(q)
outside the ret > 0 block to ensure q is always freed.
Signed-off-by: Shwetha K Acharya <Shwetha.K.Acharya@ibm.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Vinit Agnihotri <vagnihot@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Aug 5 09:20:17 UTC 2025 on atb-devel-224
coverity: Add some additional check for strequal()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Shwetha K Acharya <Shwetha.K.Acharya@ibm.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Aug 5 07:09:04 UTC 2025 on atb-devel-224
Unless there is a striking reason not to do so tdbtool should return a
non-zero return code when a failure was encountered. Most known callers
have to parse stdout to check whether a command has succeeded or failed.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sat Aug 2 08:20:53 UTC 2025 on atb-devel-224
This script is using tdbtool for deleting keys of a particular
winbind NDR operation for regression testing. There are two issues here:
The opnum for this winbind NDR operation has changed (as new calls have
been added to the interface), it is no longer 16 but now 17. Better try
to lookup the current opnum from the IDL.
As tdbtool always returns with success error code regardless of the
success of its command - in this case a delete key operation - the test
is simply not able to fail at all (patch following to fix tdbtool
itself).
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
*** CID 1660828: Control flow issues (UNREACHABLE)
/librpc/ndr/ndr_keycredlink.c: 752 in pull_DER_RSA_KEY()
746 goto out;
747 }
748 if (!asn1_end_tag(asn)) { /* PublicKeyInfo */
749 return ndr_pull_error(ndr,
750 NDR_ERR_UNREAD_BYTES,
751 "ASN1 element PublicKeyInfo");
>>> CID 1660828: Control flow issues (UNREACHABLE)
>>> This code cannot be reached: "goto out;".
752 goto out;
753 }
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Aug 1 14:21:17 UTC 2025 on atb-devel-224
Signed-off-by: Shweta Sodani <ssodani@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Shwetha K Acharya <Shwetha.K.Acharya@ibm.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Aug 1 11:03:06 UTC 2025 on atb-devel-224
Douglas Bagnall [Wed, 30 Jul 2025 09:18:09 +0000 (21:18 +1200)]
librpc:bcrypt_rsakey_blob: exponent and modulus lengths can't be zero
Apart from it making no sense, without these ranges we end up
allocating a NULL buffer and aborting.
We also put a maximum size on the RSA key, in case we could get
tricked into a DoS by pulling a large buffer and trying crypto maths
on it.
6 0x572ebce2749a in talloc_abort samba/lib/talloc/talloc.c:506:3
7 0x572ebce271d4 in talloc_chunk_from_ptr samba/lib/talloc/talloc.c:0
8 0x572ebce271d4 in __talloc_with_prefix samba/lib/talloc/talloc.c:762:12
9 0x572ebce235f9 in __talloc samba/lib/talloc/talloc.c:825:9
10 0x572ebce235f9 in _talloc_named_const samba/lib/talloc/talloc.c:982:8
11 0x572ebce235f9 in _talloc_memdup samba/lib/talloc/talloc.c:2441:9
12 0x572ebc8f6a4f in data_blob_talloc_named samba/lib/util/data_blob.c:56:25
13 0x572ebc7d23bd in pull_BCRYPT_RSAPUBLIC_BLOB samba/librpc/ndr/ndr_keycredlink.c:878:17
14 0x572ebc7d23bd in ndr_pull_KeyMaterialInternal samba/librpc/ndr/ndr_keycredlink.c:959:10
15 0x572ebc788e90 in LLVMFuzzerTestOneInput samba/bin/default/lib/fuzzing/fuzz_ndr_keycredlink_TYPE_STRUCT.c:282:13
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jul 31 05:45:07 UTC 2025 on atb-devel-224
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 30 02:03:40 UTC 2025 on atb-devel-224
The issue is not a real bug as it is implemented, but it's better to not
mix signed and unsigned types to avoid potential future issues.
Signed-off-by: Xavi Hernandez <xhernandez@gmail.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 30 00:44:28 UTC 2025 on atb-devel-224
Gary Lockyer [Fri, 25 Jul 2025 01:22:27 +0000 (13:22 +1200)]
s4:kdc Support for key trust authentication
Extract the public kes from msDS-KeyCredentialLink and populate the sdb
structure. These values can then be passed to Kergeros to allow key
trust authentication.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Jul 29 05:31:10 UTC 2025 on atb-devel-224
Gary Lockyer [Wed, 16 Jul 2025 23:47:39 +0000 (11:47 +1200)]
s4:kdc: Fix clang-tidy error in db-glue.c
../../source4/kdc/db-glue.c:968:14: warning: Access to field 'kvno' results in a dereference of a null pointer (loaded from variable 'entry') [clang-analyzer-core.NullDereference]
968 | entry->kvno = returned_kvno;
| ~~~~~ ^ Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Gary Lockyer [Mon, 30 Jun 2025 21:43:07 +0000 (09:43 +1200)]
librpc/idl: Add idl for tpm20_rsakey_blob
Idl and tests for TPM20_RSAKEY_BLOB, one of the possible encoding of
msDSKeyCredentialLink KeyMaterial
Derived from:
https://dox.ipxe.org/Tpm20_8h_source.html#l00164
https://stackoverflow.com/questions/78958315/cannot-parse-tpm2-0-public-key
Note: this is a greatly simplified implementation that only handles TPM
version 2, RSA public keys.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Gary Lockyer [Mon, 23 Jun 2025 03:01:37 +0000 (15:01 +1200)]
librpc/idl: Add idl for BCRYPT_RSAKEY_BLOB
Idl and tests for BCRYPT_RSAKEY_BLOB
See https://learn.microsoft.com/en-us/windows/win32/api/
bcrypt/ns-bcrypt-bcrypt_rsakey_blob
This is one of the encodings of msDSKeyCredentialLink KeyMaterial when
KeyUsage is KEY_USAGE_NGC. As there appears to be no official
documentation on the contents of KeyMaterial have based this on.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Jul 28 06:45:51 UTC 2025 on atb-devel-224
Martin Schwenke [Fri, 7 Oct 2016 03:30:19 +0000 (14:30 +1100)]
ctdb-tests: Fix CID 1373387 - Time of check time of use (TOCTOU)
Coverity doesn't like the fopen(3) after stat(2). This is test code
that runs in a simple test environment, so this doesn't really matter.
However, reorder the code to put the stat(2) after the fopen(3). This
means that the test still does all the same checks and it should now
make Coverity happy.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Thu, 24 Jul 2025 23:24:37 +0000 (11:24 +1200)]
gitignore: remove clang-format
As we do have a project blessed clang-format, it should not be in
gitignore
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jul 26 06:02:34 UTC 2025 on atb-devel-224
Martin Schwenke [Sat, 28 Jun 2025 02:01:41 +0000 (12:01 +1000)]
ctdb-tests: Add logging support to the tunables unit test
Make tunable_test respect CTDB_DEBUGLEVEL. Using test_options.[ch]
would be overkill here. This means including logging.c - we can't
link to the subsystem containing logging.c because the file being
tested (tunable.c) is part of that subsystem.
Support logging in the test script. tunable_ok() builds the logging
output for the good path. Set the debug level to NOTICE and update
expected results for individual failure path tests.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 25 Jun 2025 10:46:26 +0000 (20:46 +1000)]
ctdb-common: Require separate initialisation of tunable defaults
Dropping this from ctdb_tunable_load_file() allows that function to be
called multiple times for different files. The caller sets the
defaults.
In the test script, factor out the handling of a single tunables file
in a similar way. Ignoring missing/unreadable files is OK because
this function will only be called for test successes (hence "ok" in
the name). There will never be existing, unreadable files. The code
being tested ignores missing files, so do that here too.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Ralph Boehme [Sat, 19 Jul 2025 12:26:50 +0000 (14:26 +0200)]
libcli/smb: make smbXcli_session_dump_keys() usable for the server side
By passing the individual keys directly instead of passing the wrapping state
objects, smbXcli_session_dump_keys() can later also be used by the server code.
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Jul 22 08:55:10 UTC 2025 on atb-devel-224
vfs_virsufilter: Fix the invocation of SMB_VFS_NEXT_CONNECT
virusfilter is failing if path is defined for virusfilter:quarantine
as next module is not initialized by mean time. So rearranged invocation
of SMB_VFS_NEXT_CONNECT call
Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Jul 21 11:28:12 UTC 2025 on atb-devel-224
possibly_set_archive is being passed smb_fname->st.st_ex_mode.
Inside the function same variable is getting assigned to itself.
Fixed this to send unx_mode to possibly_set_archive.
Signed-off-by: Srinivas Rao V <Srinivas.Rao.V@ibm.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jul 18 22:25:05 UTC 2025 on atb-devel-224
s3:selftest: run smb2.{bench,connect,credits,ioctl,rw} over quic-ngtcp2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 17 10:00:51 UTC 2025 on atb-devel-224
lib/tsocket: optimize tdgram_recvfrom_done() into tdgram_recvfrom_send()
For callers using tdgram_bsd_optimize_recvfrom() it is every useful
to know it data was already waiting in the socket.
In that case the result from tdgram_bsd_recvfrom_send() would
already report tevent_req_is_in_progress() as false.
But the result of tdgram_recvfrom_send() available to the
caller would see tevent_req_is_in_progress() reporting true.
With this change also the result of tdgram_recvfrom_send()
would report tevent_req_is_in_progress() as false,
which will be useful for callers, which would otherwise
set a timeout on the request.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
third_party: add quic_ko_wrapper to simulate IPPROTO_QUIC sockets
For now this is only part of Samba, so no real third_party,
but in future we may decide have a standalone repository
or move it to https://github.com/lxin/quic.git
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s3:libsmb: add support for SMB_TRANSPORT_TYPE_QUIC
This requires https://github.com/lxin/quic, which provides a kernel
module quic.ko for Linux (tested with Linux 6.8 and 6.14).
The userspace libquic is mirrored under third_party/quic for now.
This can be activated by adding 'quic' to 'client smb transports'.
The following smb.conf options are also relevant:
'tls enabled'
'tls ca directories'
'tls trust system cas'
'tls cafile'
'tls crlfile'
'tls verify peer'
Note that tools like smbclient are able to take
--option='client smb transports = quic" --option='tls verify peer=no_check'
in order to test it without changing smb.conf,
You may not want to use 'tls verify peer=no_check' for
production, it would make the transport as unprotected
as a tcp connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
This requires https://github.com/lxin/quic, which provides a kernel
module quic.ko for Linux (tested with Linux 6.8 and 6.14).
The userspace libquic is mirrored under third_party/quic for now.
This can be activated by adding 'quic' to 'server smb transports'.
The following smb.conf options are also relevant:
'tls enabled'
'tls cafile'
'tls certfile'
'tls keyfile'
If the files pointed to by 'tls cafile', 'tls certfile' and
'tls keyfile' all don't exist, self-signed tls certificates are
generated automatically at startup.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
third_party: import quic from https://github.com/lxin/quic.git
For now the VERSION argument to third_party/quic/update.sh
is ignored as there are no versions yet. For now we require
version 1.1 (not releases) for a system library, in order to make sure
it is recent enough.
Add check for the GPO link to have at least two attributes separated by semicolumn. Allows to handle empty links.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15877
RN: Fix handling of empty GPO link
Singed-off-by: Alex Sharov (kororland@gmail.com) Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 10 18:55:33 UTC 2025 on atb-devel-224
projects / thirdparty / samba.git / log
