The branch, v4-1-test has been updated via 4e74c61 smbd: Fix a 100% loop at shutdown time via 54ee31e s3-smbstatus: display [u|g]id of -1 as "-1" in connection list via d07b694 s3-lib: hide incomplete smbXsrv_tcon_global records via 38841bb s3-lib: fix segf while reading incomplete session info (bug #10003) from d95ed7f VERSION: Bump version number up to 4.1.0rc2...
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log ----------------------------------------------------------------- commit 4e74c615d56465b5a57f65e6815cbdf0d0b2928a Author: Volker Lendecke <v...@samba.org> Date: Thu Jul 11 16:22:26 2013 +0200 smbd: Fix a 100% loop at shutdown time In the destructor of fsp->aio_requests[0] we put another request into fsp->aio_requests[0]. Don't overwrite that with TALLOC_FREE. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Thu Jul 11 20:56:42 CEST 2013 on sn-devel-104 (cherry picked from commit 940395d38bcc348eb5f1be7ba03cd554d9d3bc93) Fix bug #10013 - 940395d from master needs porting to 4.0 and 4.1. Autobuild-User(v4-1-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-1-test): Mon Jul 15 23:04:19 CEST 2013 on sn-devel-104 commit 54ee31eae52e72373d28b9666e5680da5bd99da8 Author: Björn Baumbach <b...@sernet.de> Date: Tue Jul 9 12:32:34 2013 +0200 s3-smbstatus: display [u|g]id of -1 as "-1" in connection list In order to avoid displayed uid or gid of "4294967295" instead of "-1", we need to fetch the special case -1. The id can be -1 if we are reading e.g. incomplete session information. Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Wed Jul 10 01:18:30 CEST 2013 on sn-devel-104 (cherry picked from commit 577cef82c776759c9f3cad7d33057ac865c40769) The last 3 patches address bug #10003 - s3-lib:segmentation fault while reading incomplete session info. commit d07b694f85c31a461d5697b56494c8ee4000925f Author: Stefan Metzmacher <me...@samba.org> Date: Mon Jul 8 16:31:13 2013 +0200 s3-lib: hide incomplete smbXsrv_tcon_global records Part of fix for bug #10003 Pair-programmed-with: Björn Baumbach <b...@sernet.de> Signed-off-by: Stefan Metzmacher <me...@samba.org> Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit c52e61f7ba215da28cbb7b8e328aea110ad79b11) commit 38841bb0dbee310dc2eafdb78482a72cf906644f Author: Björn Baumbach <b...@sernet.de> Date: Fri Jul 5 13:19:59 2013 +0200 s3-lib: fix segf while reading incomplete session info (bug #10003) Pair-programmed-with: Stefan Metzmacher <me...@samba.org> Signed-off-by: Stefan Metzmacher <me...@samba.org> Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 53aa069b97070c73b782e2868b9b9686abe353cc) ----------------------------------------------------------------------- Summary of changes: source3/lib/conn_tdb.c | 22 ++++++++++++++++++++-- source3/lib/sessionid_tdb.c | 15 ++++++++++----- source3/smbd/close.c | 7 +++++-- source3/utils/status.c | 24 ++++++++++++++++++++---- 4 files changed, 55 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c index a7e7cf0..b218831 100644 --- a/source3/lib/conn_tdb.c +++ b/source3/lib/conn_tdb.c @@ -53,8 +53,13 @@ static int collect_sessions_fn(struct smbXsrv_session_global0 *global, uint32_t id = global->session_global_id; struct connections_forall_session sess; - sess.uid = global->auth_session_info->unix_token->uid; - sess.gid = global->auth_session_info->unix_token->gid; + if (global->auth_session_info == NULL) { + sess.uid = -1; + sess.gid = -1; + } else { + sess.uid = global->auth_session_info->unix_token->uid; + sess.gid = global->auth_session_info->unix_token->gid; + } strncpy(sess.machine, global->channels[0].remote_name, sizeof(sess.machine)); strncpy(sess.addr, global->channels[0].remote_address, sizeof(sess.addr)); @@ -86,6 +91,19 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global, TDB_DATA val = tdb_null; + /* + * Note: that share_name is defined as array without a pointer. + * that's why it's always a valid pointer here. + */ + if (strlen(global->share_name) == 0) { + /* + * when a smbXsrv_tcon is created it's created + * with emtpy share_name first in order to allocate + * an id, before filling in the details. + */ + return 0; + } + status = dbwrap_fetch(state->session_by_pid, state, make_tdb_data((void*)&sess_id, sizeof(sess_id)), &val); diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c index 045b3d2..7a19611 100644 --- a/source3/lib/sessionid_tdb.c +++ b/source3/lib/sessionid_tdb.c @@ -38,16 +38,21 @@ static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global, (struct sessionid_traverse_read_state *)private_data; struct auth_session_info *session_info = global->auth_session_info; struct sessionid session = { - .uid = session_info->unix_token->uid, - .gid = session_info->unix_token->gid, + .uid = -1, + .gid = -1, .id_num = global->session_global_id, .connect_start = nt_time_to_unix(global->creation_time), .pid = global->channels[0].server_id, }; - strncpy(session.username, - session_info->unix_info->unix_name, - sizeof(fstring)-1); + if (session_info != NULL) { + session.uid = session_info->unix_token->uid; + session.gid = session_info->unix_token->gid; + strncpy(session.username, + session_info->unix_info->unix_name, + sizeof(fstring)-1); + } + strncpy(session.remote_machine, global->channels[0].remote_name, sizeof(fstring)-1); diff --git a/source3/smbd/close.c b/source3/smbd/close.c index 2bd588b..f341c72 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -640,9 +640,12 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp, while (fsp->num_aio_requests != 0) { /* * The destructor of the req will remove - * itself from the fsp + * itself from the fsp. + * Don't use TALLOC_FREE here, this will overwrite + * what the destructor just wrote into + * aio_requests[0]. */ - TALLOC_FREE(fsp->aio_requests[0]); + talloc_free(fsp->aio_requests[0]); } } diff --git a/source3/utils/status.c b/source3/utils/status.c index f4b5f4e..be7c52f 100644 --- a/source3/utils/status.c +++ b/source3/utils/status.c @@ -283,13 +283,29 @@ static int traverse_sessionid(const char *key, struct sessionid *session, Ucrit_addPid(session->pid); - fstr_sprintf(uid_str, "%u", (unsigned int)session->uid); - fstr_sprintf(gid_str, "%u", (unsigned int)session->gid); + fstrcpy(uid_str, "-1"); + + if (session->uid != -1) { + if (numeric_only) { + fstr_sprintf(uid_str, "%u", (unsigned int)session->uid); + } else { + fstrcpy(uid_str, uidtoname(session->uid)); + } + } + + fstrcpy(gid_str, "-1"); + + if (session->gid != -1) { + if (numeric_only) { + fstr_sprintf(gid_str, "%u", (unsigned int)session->gid); + } else { + fstrcpy(gid_str, gidtoname(session->gid)); + } + } d_printf("%-7s %-12s %-12s %-12s (%s)\n", procid_str_static(&session->pid), - numeric_only ? uid_str : uidtoname(session->uid), - numeric_only ? gid_str : gidtoname(session->gid), + uid_str, gid_str, session->remote_machine, session->hostname); return 0; -- Samba Shared Repository