samba.git/source3/librpc, branch master Unnamed repository; edit this file 'description' to name the repository. s3/librpc/crypto: Don't keep growing in memory keytab 2026-03-30T09:36:45+00:00 Noel Power noel.power@suse.com 2026-03-26T12:03:55+00:00 c28a86c45d9d9673de18f9c29ea80dff12c9e7dd When we have long living concurrent connections every rpc bind ends up calling and subsequently adding keytab entries to the memory keytab returned by 'gse_krb5_get_server_keytab(...)'. This is happening because as long as there is a handle open for the keytab named "MEMORY:cifs_srv_keytab" then we keep adding entries to it. Note: There is no leak of gensec_security nor the krb5_keytab it contains. When rpc clients connected to the rpc worker process exit the gensec_security and the krb5_keytab structures are destructed as expected. However because we use a fixed name "MEMORY:cifs_srv_keytab" clients end up with a handle to a reference counted shared keytab. Destruction of the keytab results in the associated reference count being decremented. When the reference count reaches 0 the keytab is destroyed. To avoid the keytab being extended the easiest solution is to ensure a unique memory keytab is created for each client. BUG: https://bugzilla.samba.org/show_bug.cgi?id=16042 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Mon Mar 30 09:36:45 UTC 2026 on atb-devel-224 
When we have long living concurrent connections every rpc bind
ends up calling and subsequently adding keytab entries to the
memory keytab returned by 'gse_krb5_get_server_keytab(...)'. This is
happening because as long as there is a handle open for the
keytab named "MEMORY:cifs_srv_keytab" then we keep adding entries to
it.

Note: There is no leak of gensec_security nor the krb5_keytab
      it contains. When rpc clients connected to the rpc worker process
      exit the gensec_security and the krb5_keytab structures are
      destructed as expected. However because we use a fixed name
      "MEMORY:cifs_srv_keytab" clients end up with a handle to a
      reference counted shared keytab. Destruction of the keytab results
      in the associated reference count being decremented. When the
      reference count reaches 0 the keytab is destroyed.

To avoid the keytab being extended the easiest solution is to ensure a
unique memory keytab is created for each client.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=16042
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Mar 30 09:36:45 UTC 2026 on atb-devel-224
s3:libads: Separate use of ads->config.flags for NBT_* and DS_* values 2026-01-22T09:14:25+00:00 Pavel Filipenský pfilipensky@samba.org 2026-01-18T00:04:11+00:00 7483903575eab97773a992149d64511d5ec6f256 Use of ads->config.flags is overloaded. It is used to: - pass DS_* flags down to cldap_netlogon() - store the server_type from NETLOGON_SAM_LOGON_RESPONSE Both cases use different values and cannot be combined. E.g. flags mess up with value 0x00000080 NBT_SERVER_CLOSEST 0x00000080 DS_PDC_REQUIRED 0x00000080 Let's create two separate flags nbt_server_type server_flags; /* NBT_* cldap flags identifying the services. */ uint32 required_flags; /* DS_* - Netlogon flags */ BUG: https://bugzilla.samba.org/show_bug.cgi?id=15972 Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org> Autobuild-Date(master): Thu Jan 22 09:14:25 UTC 2026 on atb-devel-224 
Use of ads->config.flags is overloaded.

It is used to:

- pass DS_* flags down to cldap_netlogon()
- store the server_type from NETLOGON_SAM_LOGON_RESPONSE

Both cases use different values and cannot be combined.
E.g. flags mess up with value 0x00000080

NBT_SERVER_CLOSEST  0x00000080
DS_PDC_REQUIRED     0x00000080

Let's create two separate flags

nbt_server_type server_flags; /* NBT_* cldap flags identifying the services. */
uint32 required_flags; /* DS_* - Netlogon flags */

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15972

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Thu Jan 22 09:14:25 UTC 2026 on atb-devel-224
librpc: Directly initialize variables 2026-01-07T09:57:40+00:00 Volker Lendecke vl@samba.org 2025-12-24T10:16:46+00:00 014fb94e962a59a6099bf7721cc6c54f8f606903 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
smbd: Fix a typo 2025-08-22T13:55:34+00:00 Volker Lendecke vl@samba.org 2025-08-11T13:16:54+00:00 171c584c67582c71efe0575b1f99f4667366de99 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
smbd: Add session_global_id and tcon_global_id to smbXsrv_open_global0 2025-08-05T14:52:34+00:00 Ralph Boehme slow@samba.org 2025-07-10T11:10:42+00:00 990322a48aa7d25b3ee126273186dba54d05a85d Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
smbd: add smbXsrv_tcon to smbXsrv_open 2025-08-05T14:52:34+00:00 Ralph Boehme slow@samba.org 2025-07-11T04:49:54+00:00 9f9409a80ac4acdccfef08b13cd59d0f5dc38f8f Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
smbd: add smbXsrv_session to smbXsrv_open 2025-08-05T14:52:34+00:00 Ralph Boehme slow@samba.org 2025-06-28T06:55:25+00:00 e61341297910f034c5fafa1662c2712147c737c2 From "MS-SMB2 3.3.1.10 Per Open": Open.Session: A reference to the authenticated session, as specified in section 3.3.1.8, over which this open was performed. If the open is not attached to a session at this time, this value MUST be NULL. Needed to implement: 3.3.5.9 Receiving an SMB2 CREATE Request If the server implements the SMB 3.x dialect family and all of the following conditions are TRUE, the server MUST look up an Open in GlobalOpenTable where Open.IsReplayEligible is TRUE and Open.CreateGuid matches the CreateGuid in the SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 create context and Open.ClientGuid matches the ClientGuid of the connection that received this request: ... If an Open is found, the server MUST perform the following: .. If Open.Session.SessionId is not equal to the current Session.SessionId, the server MUST fail the request with STATUS_DUPLICATE_OBJECTID. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
From "MS-SMB2 3.3.1.10 Per Open":

  Open.Session: A reference to the authenticated session, as specified in section
  3.3.1.8, over which this open was performed. If the open is not attached to a
  session at this time, this value MUST be NULL.

Needed to implement:

  3.3.5.9 Receiving an SMB2 CREATE Request

  If the server implements the SMB 3.x dialect family and all of the following
  conditions are TRUE, the server MUST look up an Open in GlobalOpenTable where
  Open.IsReplayEligible is TRUE and Open.CreateGuid matches the CreateGuid in
  the SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 create context and Open.ClientGuid
  matches the ClientGuid of the connection that received this request:

  ...

  If an Open is found, the server MUST perform the following:

  ..

  If Open.Session.SessionId is not equal to the current Session.SessionId, the
  server MUST fail the request with STATUS_DUPLICATE_OBJECTID.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
smbd: add and use smbXsrv_open_replay_cache_key_buf 2025-08-05T14:52:34+00:00 Ralph Boehme slow@samba.org 2025-07-26T12:49:10+00:00 3cd4018b7e49201065f16a62568ea47849c3fc60 No change in behaviour. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
smbd: make the replay cache record an index on the global open table 2025-08-05T14:52:34+00:00 Ralph Boehme slow@samba.org 2025-07-10T14:31:16+00:00 7e8aa812a5deec7ef5afc5a457acdeb35a5f7dab Store only the open_global record key as is in the replay-cache record, making it an index into the global open table. Then in the replay code, use the new function smbXsrv_open_global_lookup() to get at the open records. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Store only the open_global record key as is in the replay-cache record, making
it an index into the global open table. Then in the replay code, use the new
function smbXsrv_open_global_lookup() to get at the open records.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
smbd: move create_action to smbXsrv_open_global0 2025-08-05T14:52:34+00:00 Ralph Boehme slow@samba.org 2025-07-10T13:51:12+00:00 09e859756bb6fc9deee403212503fb4a567d1382 In preperation for making create replay disk backed. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
In preperation for making create replay disk backed.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>