[SCM] Samba Shared Repository - branch v3-4-test updated -
release-4-0-0alpha7-771-g4ee6b79
Jeremy Allison
jra at samba.org
Thu Apr 16 23:22:22 GMT 2009
The branch, v3-4-test has been updated
via 4ee6b7934e91b87122ff7bad4c89a0ab9bdd3bf0 (commit)
via e023058f5b774ddbb61e8187aa7dbd2e6e25804d (commit)
from be46b98ee38e17e4561ab58fe9b6ecc6b7919392 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -----------------------------------------------------------------
commit 4ee6b7934e91b87122ff7bad4c89a0ab9bdd3bf0
Author: Jeremy Allison <jra at samba.org>
Date: Thu Apr 16 16:21:31 2009 -0700
Add torture tester to ensure we don't regress the ulogoff bug.
Jeremy.
commit e023058f5b774ddbb61e8187aa7dbd2e6e25804d
Author: Jeremy Allison <jra at samba.org>
Date: Thu Apr 16 16:19:10 2009 -0700
Fix bug found by Tim Prouty, logging off and then re-using a vuid can cause smbd to
access a freed structure.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/uid.c | 11 +++++++++++
source3/torture/torture.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 56 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index f8c55b1..b8ed321 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -164,6 +164,10 @@ void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
if (ent->vuid == vuid) {
ent->vuid = UID_FIELD_INVALID;
+ /* Ensure we're not freeing an active pointer. */
+ if (conn->server_info == ent->server_info) {
+ conn->server_info = NULL;
+ }
TALLOC_FREE(ent->server_info);
ent->read_only = False;
ent->admin_user = False;
@@ -216,6 +220,13 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
server_info = vuser ? vuser->server_info : conn->server_info;
+ if (!server_info) {
+ /* Invalid vuid sent - even with security = share. */
+ DEBUG(2,("change_to_user: Invalid vuid %d used on "
+ "share %s.\n",vuid, lp_servicename(snum) ));
+ return false;
+ }
+
if (!check_user_ok(conn, vuid, server_info, snum)) {
DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
"not permitted access to share %s.\n",
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 1b9e394..b4e8700 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -5228,6 +5228,50 @@ static bool run_cli_echo(int dummy)
return NT_STATUS_IS_OK(status);
}
+static bool run_uid_regression_test(int dummy)
+{
+ static struct cli_state *cli;
+ int16_t old_vuid;
+ bool correct = True;
+
+ printf("starting uid regression test\n");
+
+ if (!torture_open_connection(&cli, 0)) {
+ return False;
+ }
+
+ cli_sockopt(cli, sockops);
+
+ /* Ok - now save then logoff our current user. */
+ old_vuid = cli->vuid;
+
+ if (!cli_ulogoff(cli)) {
+ d_printf("(%s) cli_ulogoff failed: %s\n",
+ __location__, cli_errstr(cli));
+ correct = false;
+ goto out;
+ }
+
+ cli->vuid = old_vuid;
+
+ /* Try an operation. */
+ if (!cli_mkdir(cli, "\\uid_reg_test")) {
+ /* We expect bad uid. */
+ if (!check_error(__LINE__, cli, ERRSRV, ERRbaduid,
+ NT_STATUS_NO_SUCH_USER)) {
+ return False;
+ }
+ goto out;
+ }
+
+ cli_rmdir(cli, "\\uid_reg_test");
+
+ out:
+
+ torture_close_connection(cli);
+ return correct;
+}
+
static bool run_local_substitute(int dummy)
{
bool ok = true;
@@ -5807,6 +5851,7 @@ static struct {
{"RW3", run_readwritelarge, 0},
{"OPEN", run_opentest, 0},
{"POSIX", run_simple_posix_open_test, 0},
+ { "UID-REGRESSION-TEST", run_uid_regression_test, 0},
#if 1
{"OPENATTR", run_openattrtest, 0},
#endif
--
Samba Shared Repository
More information about the samba-cvs
mailing list