s3:winbindd fix race condition in terminate_child

Fixes:

winbindd[306061]:   Bad talloc magic value - unknown value
winbindd[306061]:   =========================================================
winbindd[306061]:   INTERNAL ERROR: Bad talloc magic value - unknown value in
                    winbindd () () pid

A race condition in source3/windbindd/winbindd_util.c::terminate_child
between the child socket closing, and the destructor de-registering the
child socket from epoll.

If the socket closes before it is de-registered from epoll, the event
is added to the epoll rdllink and will be retrieved when epoll_wait
is next called.  However monitor_fde has been deallocated and we get the
observed failure.

Moving the TALLOC_FREE before the kill ensures that the child socket has been
de-registered from epoll before it closes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15937

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 13 14:50:20 UTC 2026 on atb-devel-224

auth/ntlmssp: Zero memory in ntlmssp_client.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Jan 13 12:34:02 UTC 2026 on atb-devel-224

auth/ntlmssp: Add missing memory allocation checks is ntlmssp_client.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/ntlmssp: Zero sensitive memory in gensec_ntlmssp.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

source3/auth: Zero memory in auth_util.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/credentials: Zero memory in credentials_ntlm.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/kerberos: Zero sensitive memory in gssapi_pac.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/kerberos: Check memory allocation in gssapi_get_session_key()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth: Fix trailing whitespaces in gssapi_pac.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib/krb5_wrap: Check memory allocation in smb_krb5_get_smb_session_key()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib/krb5_wrap: Zero sensitive memory in krb5_samba.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4: Fix trailing whitespaces in sesssetup.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth: Fix typo "pass-though" ->  "pass-through"

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libcli:auth: Fix trailing whitespaces in ntlm_check.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:lib/util_sock: allow {before,after}_connect hooks to be passed to open_socket_out_send()

async_connect_send() already has these hooks now open_socket_out_send()
callers can pass them through.

This will be useful for IPPROTO_SMBDIRECT sockets to setup things
between the socket() and connect() syscalls.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jan 13 08:13:04 UTC 2026 on atb-devel-224

lib/async_req: let async_connect_send() pass the fd to {before,after}_connect hooks

This will be useful for IPPROTO_SMBDIRECT sockets to setup things
between the socket() and connect() syscalls.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

lib: Remove [set|drop]_effective_capability and enum smbd_capability

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 12 10:39:38 UTC 2026 on atb-devel-224

lib: Replace calls to [set|drop]_effective_capability

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib: Add capability-specific functions

This makes the one-attempt logic for dac_override simpler to
understand.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib: Remove LEASE_CAPABILITY

This was only used via vfs_gpfs, and that removed its use in 2020.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib: Remove KERNEL_OPLOCK_CAPABILITY

This was only used in the IRIX oplock code, which was removed in 2018.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib: Remove explicitly dropping capabilities before exec

These calls are not necessary: When setting capabilities, we always
remove them from the inheritable set, so they will inevitably be
removed at exec-time. Also, these groups of calls were never updated
for DAC_OVERRIDE, which would have posed a pretty severe problem.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

vfs_ceph_new: Improve log entries in vfs_cephfs_load_lib()

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Shweta Sodani <ssodani@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Jan  8 14:33:36 UTC 2026 on atb-devel-224

vfs_ceph_new: Add explicit log entry for libcephfs proxy status

Other than the loadparm dump, the logs did not indicate whether the
libcephfs proxy was in use. Add an explicit log entry to make its
status clear.

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Shweta Sodani <ssodani@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>

nsswitch/libwbclient: Zero memory in libwbclient

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan  8 12:59:02 UTC 2026 on atb-devel-224

release.sh: also replace "y acute" character with html entity

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jule Anger <janger@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Wed Jan  7 15:58:11 UTC 2026 on atb-devel-224

lib: Move a few smb-related constant #defines to common code

No need to have two copies in source3 and source4

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan  7 11:00:48 UTC 2026 on atb-devel-224

smbd: Simplify vfs_valid_pwrite_range()

Easier to read for me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Avoid an else in vfs_valid_pwrite_range()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Remove an unneeded return;

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_commit: Do initial eof calculation on demand

Avoid yet another fstat call at open time, we might never write to the
file

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_commit: Some README.Coding changes

Reduce indentation with early returns

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_commit: Reduce indentation with early returns

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_commit: Make dbytes and dthresh size_t

Those can never go negative, use "%zu" as printf modifier

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

librpc: Use a direct struct initialization

Don't reference data_blob_null without need

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

libndr: Fix two small error path memleaks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

libcli: Initialize a variable at declaration time

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Remove unnecessary assignments

data_blob_free() already NULLs out its argument

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

librpc: Slightly simplify dcerpc_binding_build_tower()

Use the implicit NULLing out of the other struct elements

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Don't call a function to initialize an empty DATA_BLOB

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Simplify callers of messaging_send()

It deals fine with a NULL argument

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

librpc: Directly initialize variables

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Make arguments to open_file_ntcreate a bit easier to read

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Reduce indentation with an early return

Review with "git show -w"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Remove some code #ifdef'ed out for more than 20 years

We have a git history if someone wants to dig this up

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Use a direct struct initialization

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Reduce indentation

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smb: Modernize a few DEBUGs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Reduce indentation with an early return;

Review with "git show -w"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Remove a few unused #defines

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

credentials: Remove duplicate prototypes

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Move utok_string() into smbd

Only used in chdir_current_service()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Remove the one-line conn_free() wrapper function

In case there's more things to do here we should put it into the
destructor.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Reduce indentation

Avoid a few "else" statements, review with "git show -w".

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Modernize some very ugly DEBUGs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Add timespec_equal()

I've just gotten the !=0 vs ==0 wrong. Make comparing timespecs for
equality more intuitive.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Modernize DEBUGs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Remove unused posix_sys_acl_blob_get_file()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Remove an unnecessary talloc_strdup()

talloc_string_sub() already makes a copy first

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

pysmbd: Silence a signed/unsigned warning

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

libcli: Add missing NULL checks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

libcli: Fix error path memleaks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Save lines with direct initialization

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: A TCP port is uint16, fix variable type

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Remove two unused functions

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Avoid a memset with a struct initialization

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Simplify sys_acl_to_text() with talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Remove an unnecessary include

This comes in via includes.h as well. Wherever these prototypes are
needed and wherever includes.h should not be available we should add
the include directly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Remove #defines used just once

For me they were not giving additional insights, they only made me
jump somewhere else to see what's going on.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Remove unused #defines

Unused since 2001...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Add some const where possible

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Simplify map_nt_perms

Factor out the repeated if-conditions

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Fix some whitespace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_ceph_new: Fix a regression in SMB_VFS_GETWD

Previously, commit 701d55846bc48988cd3f353e7555fb170b1fb767 accidentally
removed the statement that copies the current working directory resolved
by the ceph_getwd() call leading to connection problems in Samba‑CephFS
integration.

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Shweta Sodani <ssodani@redhat.com>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Jan  6 06:31:41 UTC 2026 on atb-devel-224

doc-xml: Document "net ads kerberos" commands

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15840

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jan  5 15:49:04 UTC 2026 on atb-devel-224

s3-net: properly setup krb5 ccache name via --use-krb5-ccache

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15840

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3-selftest: Activate "net ads kerberos kinit" tests with --use-krb5-ccache

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15840

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3-selftest: verify KRB5CCNAME presence after kinit using klist

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15840

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3-selftest: mention in-memory ccache usage when nothing is provided

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15840

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

tests: Make recycle:touch test less flakey

I get the same atime pretty frequently. Wait a second to be sure it
changes.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan  5 11:20:04 UTC 2026 on atb-devel-224

Happy New Year 2026!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan  1 12:44:44 UTC 2026 on atb-devel-224

s3:testparm: Fix "sync machine password to keytab" validation

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Tue Dec 23 09:43:56 UTC 2025 on atb-devel-224

s3:tests: Add testparm tests for "sync machine password to keytab" option

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

mdssvc: make a copy of the elasticsearch:default_fields

lp_parm_const_string() returns a pointer to loadparm state that is not stable
across loadparm reloads and hence may later point at random garbage.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15959

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Dec 16 18:58:07 UTC 2025 on atb-devel-224

vfs_ceph_new: do explicit 'ceph_init' call

Prefer an explicit call to 'ceph_init' for better debug handling in case
of failure. Without such call the init is done behind the scenes by
libcephfs upon first mount but we don't have have enough visibility in
case something went wrong.

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Xavi Hernandez <xhernandez@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Sat Dec 13 19:40:01 UTC 2025 on atb-devel-224

docs-xml: fix manpage for "net offlinejoin requestodj"

One actually does *NOT* need to provide AD credentials to process a
requestodj operation. This is run as root and populates Samba's
databases based on the ODJ blob. Thanks John Mulligan for pointing this out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15964

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Dec 11 15:19:13 UTC 2025 on atb-devel-224

vfs_ceph_new: improved debug logging

Use consistent style in debug logging, using 'key=value' conventions.
When printing string values use the '%s' format.

Also, fallowing commit 70aab08c6 ("smbd: Use fsp_str_dbg() in DEBUGs")
use this function with explicit var-name when printing 'files_struct'.

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Shweta Sodani <ssodani@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>

vfs_ceph_new: limit to 80-chars lines

Top level .clang-format uses 'ColumnLimit: 80'; however few lines of
code exceeded that limit. Align with common Samba coding conventions.

Signed-off-by: Shachar Sharon <ssharon@redhat.com>

s4/dlz: add support for bind 9.20

bind dlz interface does not change much, yet we build
dlz_bind9_NN for every bind9 version NN we support -
despite many of them differ only in soversion, with
the code being identical.

For bind9_20, use dlz_bind9_18.so which we already have.

It'd be nice to extract actual bind9 version string in
sambadns.py and use it in more direct way.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15790

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Dec 10 22:46:11 UTC 2025 on atb-devel-224

s3:include: Fix the smbc_fgetxattr() documentation in libsmbclient

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15960

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Dec  9 19:33:22 UTC 2025 on atb-devel-224

s3:libsmb: Call the correct function in smbc_fgetxattr()

Looks like nobody ever tested this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15960

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

libsmbclient: Fix negotiating posix_extensions

Without this, smbc_setOptionPosixExtensions() does nothing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15960

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s4:torture: Implement posix extension tests for libsmbclient

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15960

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

selftest: Add some hardlinks for testing SMB3 posix extensions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15960

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

bootstrap: Update Fedora to version 43

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Dec  9 13:58:12 UTC 2025 on atb-devel-224

third_party: Update socket_wrapper to version 1.5.2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

python:tests: Fix ProcessPoolExecutor with Python 3.14

REASON: Exception: Exception: Traceback (most recent call last):
  File "/home/asn/workspace/prj/oss/samba/asn-fix/bin/python/samba/tests/krb5/lockout_tests.py", line 858, in test_lockout_transaction_bad_pwd_samr_aes
    self.do_lockout_transaction(connect_samr_aes, correct_pw=False)
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/asn/workspace/prj/oss/samba/asn-fix/bin/python/samba/tests/krb5/lockout_tests.py", line 990, in do_lockout_transaction
    connect_future = executor.submit(
        connect_fn,
    ...<7 lines>...
        workstation=user_creds.get_workstation(),
        dn=str(user_dn))
  File "/usr/lib64/python3.14/concurrent/futures/process.py", line 816, in submit
    self._adjust_process_count()
    ~~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/lib64/python3.14/concurrent/futures/process.py", line 775, in _adjust_process_count
    self._spawn_process()
    ~~~~~~~~~~~~~~~~~~~^^
  File "/usr/lib64/python3.14/concurrent/futures/process.py", line 793, in _spawn_process
    p.start()
    ~~~~~~~^^
  File "/usr/lib64/python3.14/multiprocessing/process.py", line 121, in start
    self._popen = self._Popen(self)
                  ~~~~~~~~~~~^^^^^^
  File "/usr/lib64/python3.14/multiprocessing/context.py", line 300, in _Popen
    return Popen(process_obj)
  File "/usr/lib64/python3.14/multiprocessing/popen_forkserver.py", line 35, in __init__
    super().__init__(process_obj)
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^
  File "/usr/lib64/python3.14/multiprocessing/popen_fork.py", line 20, in __init__
    self._launch(process_obj)
    ~~~~~~~~~~~~^^^^^^^^^^^^^
  File "/usr/lib64/python3.14/multiprocessing/popen_forkserver.py", line 42, in _launch
    prep_data = spawn.get_preparation_data(process_obj._name)
  File "/usr/lib64/python3.14/multiprocessing/spawn.py", line 164, in get_preparation_data
    _check_not_importing_main()
    ~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/lib64/python3.14/multiprocessing/spawn.py", line 140, in _check_not_importing_main
    raise RuntimeError('''
    ...<16 lines>...
    ''')
RuntimeError:
        An attempt has been made to start a new process before the
        current process has finished its bootstrapping phase.

        This probably means that you are not using fork to start your
        child processes and you have forgotten to use the proper idiom
        in the main module:

            if __name__ == '__main__':
                freeze_support()
                ...

        The "freeze_support()" line can be omitted if the program
        is not going to be frozen to produce an executable.

        To fix this issue, refer to the "Safe importing of main module"
        section in https://docs.python.org/3/library/multiprocessing.html

In Python 3.14, the default multiprocessing start method changed from fork to
forkserver/spawn. When using ProcessPoolExecutor, the code needs to
either:

1. Explicitly set the start method to fork (the simplest fix for this case)
2. Or ensure proper if __name__ == '__main__': guards (not practical for test
   code run by a test framework)

The fix is to explicitly use the fork start method when creating the
ProcessPoolExecutor. This can be done by passing a mp_context parameter:

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

libcli/auth: Zero out password in smbencrypt.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Dec  8 18:21:45 UTC 2025 on atb-devel-224

auth: Use new data_blob_..._s() functions and remove talloc_keep_secret()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>