r13196: a few more last minute fixes; still one bug to go

6 files changed, 54 insertions, 7 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index dd9c060da6c..c8f09ed42c9 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -117,12 +117,21 @@ o   SATOH Fumiyasu <fumiya@samba.gr.jp>
     * Fix double free in on failure path in POSIX acl code.
 
 
+o   Andriy Gapon <avg@icyb.net.ua>
+    * BUG 3458: Fix crash bug in smbd and winbindd caused by 
+      accessing freed memory.
+
+
 o   Björn Jacke <bj@sernet.de>
     * Configure check for Tru64 EA functions (not yet implemented).
     * Find Tru64 AIO lib in configure.
     * Cut-n-paste fixes in configure.in.
 
 
+o   John Janosik <jpjanosi@us.ibm.com>
+    * IBM Tivoli Directory Server schema updates.
+
+
 o   Michael James <michael@james.st>
     * sid2string fix in adssearch.pl.
 
diff --git a/examples/LDAP/samba.schema.at.IBM-DS b/examples/LDAP/samba.schema.at.IBM-DS
index 375a0baede6..4f4c0567a91 100644
--- a/examples/LDAP/samba.schema.at.IBM-DS
+++ b/examples/LDAP/samba.schema.at.IBM-DS
@@ -76,3 +76,24 @@ attributetypes=( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hour
 attributetypes=( 1.3.6.1.4.1.7165.2.1.56 NAME 'sambaAccountPolicyName' DESC 'Account Policy Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
 
 attributetypes=( 1.3.6.1.4.1.7165.2.1.57 NAME 'sambaAccountPolicyValue' DESC 'Account Policy Value' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetypes=( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetypes=( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetypes=( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetypes=( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetypes=( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetypes=( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetypes=( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetypes=( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetypes=( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetypes=( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
diff --git a/examples/LDAP/samba.schema.oc.IBM-DS b/examples/LDAP/samba.schema.oc.IBM-DS
index 2b00a5e8c64..575aed4b1a2 100644
--- a/examples/LDAP/samba.schema.oc.IBM-DS
+++ b/examples/LDAP/samba.schema.oc.IBM-DS
@@ -4,7 +4,7 @@ objectclasses=( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
 
 objectclasses=( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY  ( displayName $ description $ sambaSIDList ))
 
-objectclasses=( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) )
+objectclasses=( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdChange ) )
 
 objectclasses=( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids/gids'     MUST ( uidNumber $ gidNumber ) )
 
diff --git a/source/locking/locking.c b/source/locking/locking.c
index 4d7c5c38263..b51dd66bba1 100644
--- a/source/locking/locking.c
+++ b/source/locking/locking.c
@@ -384,11 +384,13 @@ char *share_mode_str(int num, struct share_mode_entry *e)
 {
 	static pstring share_str;
 
-	slprintf(share_str, sizeof(share_str)-1, "share_mode_entry[%d]: "
+	slprintf(share_str, sizeof(share_str)-1, "share_mode_entry[%d]: %s "
 		 "pid = %s, share_access = 0x%x, private_options = 0x%x, "
 		 "access_mask = 0x%x, mid = 0x%x, type= 0x%x, file_id = %lu, "
 		 "dev = 0x%x, inode = %.0f",
-		 num, procid_str_static(&e->pid),
+		 num,
+		 e->op_type == UNUSED_SHARE_MODE_ENTRY ? "UNUSED" : "",
+		 procid_str_static(&e->pid),
 		 e->share_access, e->private_options,
 		 e->access_mask, e->op_mid, e->op_type, e->share_file_id,
 		 (unsigned int)e->dev, (double)e->inode );
@@ -408,9 +410,11 @@ static void print_share_mode_table(struct locking_data *data)
 	int i;
 
 	for (i = 0; i < num_share_modes; i++) {
-		struct share_mode_entry *entry_p = &shares[i];
+		struct share_mode_entry entry;
+
+		memcpy(&entry, &shares[i], sizeof(struct share_mode_entry));
 		DEBUG(10,("print_share_mode_table: %s\n",
-			  share_mode_str(i, entry_p)));
+			  share_mode_str(i, &entry)));
 	}
 }
 
@@ -543,7 +547,11 @@ static TDB_DATA unparse_share_modes(struct share_mode_lock *lck)
 	offset += sp_len + 1;
 	safe_strcpy(result.dptr + offset, lck->filename,
 		    result.dsize - offset - 1);
-	print_share_mode_table(data);
+
+	if (DEBUGLEVEL >= 10) {
+		print_share_mode_table(data);
+	}
+
 	return result;
 }
 
diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c
index c173a5ea868..14896a33400 100644
--- a/source/passdb/secrets.c
+++ b/source/passdb/secrets.c
@@ -299,7 +299,6 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
 		*pass_last_set_time = pass->mod_time;
 	}
 	memcpy(ret_pwd, pass->hash, 16);
-	SAFE_FREE(pass);
 
 	if (channel) {
 		*channel = get_default_sec_channel();
@@ -313,6 +312,7 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
 		}
 	}
 
+	SAFE_FREE(pass);
 	return True;
 }
 
diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c
index 6739d29470b..234b62e8ae4 100644
--- a/source/smbd/oplock.c
+++ b/source/smbd/oplock.c
@@ -684,6 +684,11 @@ void release_level_2_oplocks_on_change(files_struct *fsp)
 		   don't have to do anything */
 		for (i=0; i<lck->num_share_modes; i++) {
 			struct share_mode_entry *e = &lck->share_modes[i];
+
+			if (!is_valid_share_mode_entry(e)) {
+				continue;
+			}
+
 			if ((e->op_type == NO_OPLOCK) &&
 			    (e->share_file_id == fsp->file_id) &&
 			    (e->dev == fsp->dev) &&
@@ -701,6 +706,10 @@ void release_level_2_oplocks_on_change(files_struct *fsp)
 		struct share_mode_entry *share_entry = &lck->share_modes[i];
 		char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
 
+		if (!is_valid_share_mode_entry(share_entry)) {
+			continue;
+		}
+
 		/*
 		 * As there could have been multiple writes waiting at the
 		 * lock_share_entry gate we may not be the first to