diff options
-rw-r--r-- | WHATSNEW.txt | 9 | ||||
-rw-r--r-- | examples/LDAP/samba.schema.at.IBM-DS | 21 | ||||
-rw-r--r-- | examples/LDAP/samba.schema.oc.IBM-DS | 2 | ||||
-rw-r--r-- | source/locking/locking.c | 18 | ||||
-rw-r--r-- | source/passdb/secrets.c | 2 | ||||
-rw-r--r-- | source/smbd/oplock.c | 9 |
6 files changed, 54 insertions, 7 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index dd9c060da6c..c8f09ed42c9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -117,12 +117,21 @@ o SATOH Fumiyasu <fumiya@samba.gr.jp> * Fix double free in on failure path in POSIX acl code. +o Andriy Gapon <avg@icyb.net.ua> + * BUG 3458: Fix crash bug in smbd and winbindd caused by + accessing freed memory. + + o Björn Jacke <bj@sernet.de> * Configure check for Tru64 EA functions (not yet implemented). * Find Tru64 AIO lib in configure. * Cut-n-paste fixes in configure.in. +o John Janosik <jpjanosi@us.ibm.com> + * IBM Tivoli Directory Server schema updates. + + o Michael James <michael@james.st> * sid2string fix in adssearch.pl. diff --git a/examples/LDAP/samba.schema.at.IBM-DS b/examples/LDAP/samba.schema.at.IBM-DS index 375a0baede6..4f4c0567a91 100644 --- a/examples/LDAP/samba.schema.at.IBM-DS +++ b/examples/LDAP/samba.schema.at.IBM-DS @@ -76,3 +76,24 @@ attributetypes=( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hour attributetypes=( 1.3.6.1.4.1.7165.2.1.56 NAME 'sambaAccountPolicyName' DESC 'Account Policy Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) attributetypes=( 1.3.6.1.4.1.7165.2.1.57 NAME 'sambaAccountPolicyValue' DESC 'Account Policy Value' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + diff --git a/examples/LDAP/samba.schema.oc.IBM-DS b/examples/LDAP/samba.schema.oc.IBM-DS index 2b00a5e8c64..575aed4b1a2 100644 --- a/examples/LDAP/samba.schema.oc.IBM-DS +++ b/examples/LDAP/samba.schema.oc.IBM-DS @@ -4,7 +4,7 @@ objectclasses=( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY objectclasses=( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description $ sambaSIDList )) -objectclasses=( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) ) +objectclasses=( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdChange ) ) objectclasses=( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids/gids' MUST ( uidNumber $ gidNumber ) ) diff --git a/source/locking/locking.c b/source/locking/locking.c index 4d7c5c38263..b51dd66bba1 100644 --- a/source/locking/locking.c +++ b/source/locking/locking.c @@ -384,11 +384,13 @@ char *share_mode_str(int num, struct share_mode_entry *e) { static pstring share_str; - slprintf(share_str, sizeof(share_str)-1, "share_mode_entry[%d]: " + slprintf(share_str, sizeof(share_str)-1, "share_mode_entry[%d]: %s " "pid = %s, share_access = 0x%x, private_options = 0x%x, " "access_mask = 0x%x, mid = 0x%x, type= 0x%x, file_id = %lu, " "dev = 0x%x, inode = %.0f", - num, procid_str_static(&e->pid), + num, + e->op_type == UNUSED_SHARE_MODE_ENTRY ? "UNUSED" : "", + procid_str_static(&e->pid), e->share_access, e->private_options, e->access_mask, e->op_mid, e->op_type, e->share_file_id, (unsigned int)e->dev, (double)e->inode ); @@ -408,9 +410,11 @@ static void print_share_mode_table(struct locking_data *data) int i; for (i = 0; i < num_share_modes; i++) { - struct share_mode_entry *entry_p = &shares[i]; + struct share_mode_entry entry; + + memcpy(&entry, &shares[i], sizeof(struct share_mode_entry)); DEBUG(10,("print_share_mode_table: %s\n", - share_mode_str(i, entry_p))); + share_mode_str(i, &entry))); } } @@ -543,7 +547,11 @@ static TDB_DATA unparse_share_modes(struct share_mode_lock *lck) offset += sp_len + 1; safe_strcpy(result.dptr + offset, lck->filename, result.dsize - offset - 1); - print_share_mode_table(data); + + if (DEBUGLEVEL >= 10) { + print_share_mode_table(data); + } + return result; } diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c index c173a5ea868..14896a33400 100644 --- a/source/passdb/secrets.c +++ b/source/passdb/secrets.c @@ -299,7 +299,6 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], *pass_last_set_time = pass->mod_time; } memcpy(ret_pwd, pass->hash, 16); - SAFE_FREE(pass); if (channel) { *channel = get_default_sec_channel(); @@ -313,6 +312,7 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], } } + SAFE_FREE(pass); return True; } diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c index 6739d29470b..234b62e8ae4 100644 --- a/source/smbd/oplock.c +++ b/source/smbd/oplock.c @@ -684,6 +684,11 @@ void release_level_2_oplocks_on_change(files_struct *fsp) don't have to do anything */ for (i=0; i<lck->num_share_modes; i++) { struct share_mode_entry *e = &lck->share_modes[i]; + + if (!is_valid_share_mode_entry(e)) { + continue; + } + if ((e->op_type == NO_OPLOCK) && (e->share_file_id == fsp->file_id) && (e->dev == fsp->dev) && @@ -701,6 +706,10 @@ void release_level_2_oplocks_on_change(files_struct *fsp) struct share_mode_entry *share_entry = &lck->share_modes[i]; char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE]; + if (!is_valid_share_mode_entry(share_entry)) { + continue; + } + /* * As there could have been multiple writes waiting at the * lock_share_entry gate we may not be the first to |