The branch, v4-1-test has been updated
       via  4e74c61 smbd: Fix a 100% loop at shutdown time
       via  54ee31e s3-smbstatus: display [u|g]id of -1 as "-1" in connection 
list
       via  d07b694 s3-lib: hide incomplete smbXsrv_tcon_global records
       via  38841bb s3-lib: fix segf while reading incomplete session info (bug 
#10003)
      from  d95ed7f VERSION: Bump version number up to 4.1.0rc2...

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test


- Log -----------------------------------------------------------------
commit 4e74c615d56465b5a57f65e6815cbdf0d0b2928a
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Jul 11 16:22:26 2013 +0200

    smbd: Fix a 100% loop at shutdown time
    
    In the destructor of fsp->aio_requests[0] we put another request into
    fsp->aio_requests[0]. Don't overwrite that with TALLOC_FREE.
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Thu Jul 11 20:56:42 CEST 2013 on sn-devel-104
    (cherry picked from commit 940395d38bcc348eb5f1be7ba03cd554d9d3bc93)
    
    Fix bug #10013 - 940395d from master needs porting to 4.0 and 4.1.
    
    Autobuild-User(v4-1-test): Karolin Seeger <ksee...@samba.org>
    Autobuild-Date(v4-1-test): Mon Jul 15 23:04:19 CEST 2013 on sn-devel-104

commit 54ee31eae52e72373d28b9666e5680da5bd99da8
Author: Björn Baumbach <b...@sernet.de>
Date:   Tue Jul 9 12:32:34 2013 +0200

    s3-smbstatus: display [u|g]id of -1 as "-1" in connection list
    
    In order to avoid displayed uid or gid of "4294967295" instead of "-1", we
    need to fetch the special case -1.
    The id can be -1 if we are reading e.g. incomplete session information.
    
    Signed-off-by: Björn Baumbach <b...@sernet.de>
    Reviewed-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Wed Jul 10 01:18:30 CEST 2013 on sn-devel-104
    (cherry picked from commit 577cef82c776759c9f3cad7d33057ac865c40769)
    
    The last 3 patches address bug #10003 - s3-lib:segmentation fault while
    reading incomplete session info.

commit d07b694f85c31a461d5697b56494c8ee4000925f
Author: Stefan Metzmacher <me...@samba.org>
Date:   Mon Jul 8 16:31:13 2013 +0200

    s3-lib: hide incomplete smbXsrv_tcon_global records
    
    Part of fix for bug #10003
    
    Pair-programmed-with: Björn Baumbach <b...@sernet.de>
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Signed-off-by: Björn Baumbach <b...@sernet.de>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    (cherry picked from commit c52e61f7ba215da28cbb7b8e328aea110ad79b11)

commit 38841bb0dbee310dc2eafdb78482a72cf906644f
Author: Björn Baumbach <b...@sernet.de>
Date:   Fri Jul 5 13:19:59 2013 +0200

    s3-lib: fix segf while reading incomplete session info (bug #10003)
    
    Pair-programmed-with: Stefan Metzmacher <me...@samba.org>
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Signed-off-by: Björn Baumbach <b...@sernet.de>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    (cherry picked from commit 53aa069b97070c73b782e2868b9b9686abe353cc)

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/conn_tdb.c      |   22 ++++++++++++++++++++--
 source3/lib/sessionid_tdb.c |   15 ++++++++++-----
 source3/smbd/close.c        |    7 +++++--
 source3/utils/status.c      |   24 ++++++++++++++++++++----
 4 files changed, 55 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c
index a7e7cf0..b218831 100644
--- a/source3/lib/conn_tdb.c
+++ b/source3/lib/conn_tdb.c
@@ -53,8 +53,13 @@ static int collect_sessions_fn(struct 
smbXsrv_session_global0 *global,
        uint32_t id = global->session_global_id;
        struct connections_forall_session sess;
 
-       sess.uid = global->auth_session_info->unix_token->uid;
-       sess.gid = global->auth_session_info->unix_token->gid;
+       if (global->auth_session_info == NULL) {
+               sess.uid = -1;
+               sess.gid = -1;
+       } else {
+               sess.uid = global->auth_session_info->unix_token->uid;
+               sess.gid = global->auth_session_info->unix_token->gid;
+       }
        strncpy(sess.machine, global->channels[0].remote_name, 
sizeof(sess.machine));
        strncpy(sess.addr, global->channels[0].remote_address, 
sizeof(sess.addr));
 
@@ -86,6 +91,19 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0 
*global,
 
        TDB_DATA val = tdb_null;
 
+       /*
+        * Note: that share_name is defined as array without a pointer.
+        * that's why it's always a valid pointer here.
+        */
+       if (strlen(global->share_name) == 0) {
+               /*
+                * when a smbXsrv_tcon is created it's created
+                * with emtpy share_name first in order to allocate
+                * an id, before filling in the details.
+                */
+               return 0;
+       }
+
        status = dbwrap_fetch(state->session_by_pid, state,
                              make_tdb_data((void*)&sess_id, sizeof(sess_id)),
                              &val);
diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c
index 045b3d2..7a19611 100644
--- a/source3/lib/sessionid_tdb.c
+++ b/source3/lib/sessionid_tdb.c
@@ -38,16 +38,21 @@ static int sessionid_traverse_read_fn(struct 
smbXsrv_session_global0 *global,
                (struct sessionid_traverse_read_state *)private_data;
        struct auth_session_info *session_info = global->auth_session_info;
        struct sessionid session = {
-               .uid = session_info->unix_token->uid,
-               .gid = session_info->unix_token->gid,
+               .uid = -1,
+               .gid = -1,
                .id_num = global->session_global_id,
                .connect_start = nt_time_to_unix(global->creation_time),
                .pid = global->channels[0].server_id,
        };
 
-       strncpy(session.username,
-               session_info->unix_info->unix_name,
-               sizeof(fstring)-1);
+       if (session_info != NULL) {
+               session.uid = session_info->unix_token->uid;
+               session.gid = session_info->unix_token->gid;
+               strncpy(session.username,
+                       session_info->unix_info->unix_name,
+                       sizeof(fstring)-1);
+       }
+
        strncpy(session.remote_machine,
                global->channels[0].remote_name,
                sizeof(fstring)-1);
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 2bd588b..f341c72 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -640,9 +640,12 @@ static NTSTATUS close_normal_file(struct smb_request *req, 
files_struct *fsp,
                while (fsp->num_aio_requests != 0) {
                        /*
                         * The destructor of the req will remove
-                        * itself from the fsp
+                        * itself from the fsp.
+                        * Don't use TALLOC_FREE here, this will overwrite
+                        * what the destructor just wrote into
+                        * aio_requests[0].
                         */
-                       TALLOC_FREE(fsp->aio_requests[0]);
+                       talloc_free(fsp->aio_requests[0]);
                }
        }
 
diff --git a/source3/utils/status.c b/source3/utils/status.c
index f4b5f4e..be7c52f 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -283,13 +283,29 @@ static int traverse_sessionid(const char *key, struct 
sessionid *session,
 
        Ucrit_addPid(session->pid);
 
-       fstr_sprintf(uid_str, "%u", (unsigned int)session->uid);
-       fstr_sprintf(gid_str, "%u", (unsigned int)session->gid);
+       fstrcpy(uid_str, "-1");
+
+       if (session->uid != -1) {
+               if (numeric_only) {
+                       fstr_sprintf(uid_str, "%u", (unsigned int)session->uid);
+               } else {
+                       fstrcpy(uid_str, uidtoname(session->uid));
+               }
+       }
+
+       fstrcpy(gid_str, "-1");
+
+       if (session->gid != -1) {
+               if (numeric_only) {
+                       fstr_sprintf(gid_str, "%u", (unsigned int)session->gid);
+               } else {
+                       fstrcpy(gid_str, gidtoname(session->gid));
+               }
+       }
 
        d_printf("%-7s   %-12s  %-12s  %-12s (%s)\n",
                 procid_str_static(&session->pid),
-                numeric_only ? uid_str : uidtoname(session->uid),
-                numeric_only ? gid_str : gidtoname(session->gid),
+                uid_str, gid_str,
                 session->remote_machine, session->hostname);
 
        return 0;


-- 
Samba Shared Repository

Reply via email to