[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-27a-13-g33860a8

Volker Lendecke vl at sernet.de
Tue Dec 4 20:36:00 GMT 2007


The branch, v3-0-test has been updated
       via  33860a8434b7892c0d2f4f50effc448fa4a6e160 (commit)
       via  6415923e26a2d7b5a672a39cf179944302966d8b (commit)
       via  b3af0a03aa101b3839904ca236d907f62cba25f0 (commit)
      from  47025144922011d9f2d6754a7a540e41dff4d56f (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test


- Log -----------------------------------------------------------------
commit 33860a8434b7892c0d2f4f50effc448fa4a6e160
Author: Volker Lendecke <vl at sernet.de>
Date:   Tue Dec 4 13:16:37 2007 +0100

    Correctly invalidate intermediate vuids
    
    Because of the "&& usp->server_info" test in get_valid_user_struct,
    invalidate_vuid() called for an intermediate vuid would never do what it was
    supposed to do. There is no server_info in the intermediate vuids.
    
    This fixes a memleak, it was found for a client that does silly sequences of
    sesssionsetup/ulogoff for every operation.

commit 6415923e26a2d7b5a672a39cf179944302966d8b
Author: Volker Lendecke <vl at sernet.de>
Date:   Tue Dec 4 13:13:45 2007 +0100

    When allocating a new vuid, also avoid partial ones

commit b3af0a03aa101b3839904ca236d907f62cba25f0
Author: Volker Lendecke <vl at sernet.de>
Date:   Tue Dec 4 11:38:57 2007 +0100

    add SESSSETUP_BENCH

-----------------------------------------------------------------------

Summary of changes:
 source/smbd/password.c   |   16 +++++++++++++++-
 source/smbd/sesssetup.c  |   18 +++++++++---------
 source/torture/torture.c |   42 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/smbd/password.c b/source/smbd/password.c
index bf4e925..8f75ea8 100644
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -116,6 +116,19 @@ void invalidate_vuid(uint16 vuid)
 	num_validated_vuids--;
 }
 
+void invalidate_intermediate_vuid(uint16 vuid)
+{
+	user_struct *vuser = get_partial_auth_user_struct(vuid);
+
+	if (vuser == NULL)
+		return;
+
+	DLIST_REMOVE(validated_users, vuser);
+
+	SAFE_FREE(vuser);
+	num_validated_vuids--;
+}
+
 /****************************************************************************
  Invalidate all vuid entries for this process.
 ****************************************************************************/
@@ -175,7 +188,8 @@ int register_vuid(auth_serversupplied_info *server_info,
 	ZERO_STRUCTP(vuser);
 
 	/* Allocate a free vuid. Yes this is a linear search... :-) */
-	while( get_valid_user_struct(next_vuid) != NULL ) {
+	while( (get_valid_user_struct(next_vuid) != NULL)
+	       || (get_partial_auth_user_struct(next_vuid) != NULL) ) {
 		next_vuid++;
 		/* Check for vuid wrap. */
 		if (next_vuid == UID_FIELD_INVALID)
diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index 058faed..d9a5262 100644
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -624,7 +624,7 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out
 		/* NB. This is *NOT* an error case. JRA */
 		auth_ntlmssp_end(auth_ntlmssp_state);
 		/* Kill the intermediate vuid */
-		invalidate_vuid(vuid);
+		invalidate_intermediate_vuid(vuid);
 	}
 
 	return ret;
@@ -690,7 +690,7 @@ static int reply_spnego_negotiate(connection_struct *conn,
 	status = parse_spnego_mechanisms(blob1, &secblob, &got_kerberos_mechanism);
 	if (!NT_STATUS_IS_OK(status)) {
 		/* Kill the intermediate vuid */
-		invalidate_vuid(vuid);
+		invalidate_intermediate_vuid(vuid);
 		return ERROR_NT(nt_status_squash(status));
 	}
 
@@ -704,7 +704,7 @@ static int reply_spnego_negotiate(connection_struct *conn,
 		data_blob_free(&secblob);
 		if (destroy_vuid) {
 			/* Kill the intermediate vuid */
-			invalidate_vuid(vuid);
+			invalidate_intermediate_vuid(vuid);
 		}
 		return ret;
 	}
@@ -717,7 +717,7 @@ static int reply_spnego_negotiate(connection_struct *conn,
 	status = auth_ntlmssp_start(auth_ntlmssp_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		/* Kill the intermediate vuid */
-		invalidate_vuid(vuid);
+		invalidate_intermediate_vuid(vuid);
 		return ERROR_NT(nt_status_squash(status));
 	}
 
@@ -755,7 +755,7 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
 		file_save("auth.dat", blob1.data, blob1.length);
 #endif
 		/* Kill the intermediate vuid */
-		invalidate_vuid(vuid);
+		invalidate_intermediate_vuid(vuid);
 
 		return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
 	}
@@ -776,7 +776,7 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
 				data_blob_free(&auth);
 				if (destroy_vuid) {
 					/* Kill the intermediate vuid */
-					invalidate_vuid(vuid);
+					invalidate_intermediate_vuid(vuid);
 				}
 				return ret;
 			}
@@ -789,7 +789,7 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
 	
 	if (!*auth_ntlmssp_state) {
 		/* Kill the intermediate vuid */
-		invalidate_vuid(vuid);
+		invalidate_intermediate_vuid(vuid);
 
 		/* auth before negotiatiate? */
 		return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
@@ -1112,7 +1112,7 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
 	if (!NT_STATUS_IS_OK(status)) {
 		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 			/* Real error - kill the intermediate vuid */
-			invalidate_vuid(vuid);
+			invalidate_intermediate_vuid(vuid);
 		}
 		data_blob_free(&blob1);
 		return ERROR_NT(nt_status_squash(status));
@@ -1140,7 +1140,7 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
 			status = auth_ntlmssp_start(&vuser->auth_ntlmssp_state);
 			if (!NT_STATUS_IS_OK(status)) {
 				/* Kill the intermediate vuid */
-				invalidate_vuid(vuid);
+				invalidate_intermediate_vuid(vuid);
 				data_blob_free(&blob1);
 				return ERROR_NT(nt_status_squash(status));
 			}
diff --git a/source/torture/torture.c b/source/torture/torture.c
index 8ca2eb5..aa83f52 100644
--- a/source/torture/torture.c
+++ b/source/torture/torture.c
@@ -4781,6 +4781,47 @@ static BOOL run_error_map_extract(int dummy) {
 	return True;
 }
 
+static BOOL run_sesssetup_bench(int dummy)
+{
+	static struct cli_state *c;
+	NTSTATUS status;
+	int i;
+
+	if (!(c = open_nbt_connection())) {
+		return false;
+	}
+
+	if (!cli_negprot(c)) {
+		printf("%s rejected the NT-error negprot (%s)\n", host,
+		       cli_errstr(c));
+		cli_shutdown(c);
+		return false;
+	}
+
+	for (i=0; i<torture_numops; i++) {
+		status = cli_session_setup(
+			c, username,
+			password, strlen(password),
+			password, strlen(password),
+			workgroup);
+		if (!NT_STATUS_IS_OK(status)) {
+			d_printf("(%s) cli_session_setup failed: %s\n",
+				 __location__, nt_errstr(status));
+			return false;
+		}
+
+		if (!cli_ulogoff(c)) {
+			d_printf("(%s) cli_ulogoff failed: %s\n",
+				 __location__, cli_errstr(c));
+			return false;
+		}
+
+		c->vuid = 0;
+	}
+
+	return True;
+}
+
 static BOOL run_local_substitute(int dummy)
 {
 	TALLOC_CTX *mem_ctx;
@@ -5026,6 +5067,7 @@ static struct {
 	{"CHKPATH",  torture_chkpath_test, 0},
 	{"FDSESS", run_fdsesstest, 0},
 	{ "EATEST", run_eatest, 0},
+	{ "SESSSETUP_BENCH", run_sesssetup_bench, 0},
 	{ "LOCAL-SUBSTITUTE", run_local_substitute, 0},
 	{ "LOCAL-GENCACHE", run_local_gencache, 0},
 	{NULL, NULL, 0}};


-- 
Samba Shared Repository


More information about the samba-cvs mailing list