svn commit: samba r14805 - in branches/SAMBA_4_0/source/ntvfs/common: .
Author: tridge Date: 2006-03-30 06:07:38 + (Thu, 30 Mar 2006) New Revision: 14805 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14805 Log: use tdb_lock_bystring() to prevent race conditions in notify add/remove Modified: branches/SAMBA_4_0/source/ntvfs/common/notify.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/common/notify.c === --- branches/SAMBA_4_0/source/ntvfs/common/notify.c 2006-03-30 05:50:09 UTC (rev 14804) +++ branches/SAMBA_4_0/source/ntvfs/common/notify.c 2006-03-30 06:07:38 UTC (rev 14805) @@ -109,7 +109,27 @@ return notify; } + /* + lock the notify db +*/ +static NTSTATUS notify_lock(struct notify_context *notify) +{ + if (tdb_lock_bystring(notify->w->tdb, NOTIFY_KEY) != 0) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + return NT_STATUS_OK; +} + +/* + unlock the notify db +*/ +static void notify_unlock(struct notify_context *notify) +{ + tdb_unlock_bystring(notify->w->tdb, NOTIFY_KEY); +} + +/* load the notify array */ static NTSTATUS notify_load(struct notify_context *notify) @@ -230,14 +250,21 @@ char *path = NULL; size_t len; - status = notify_load(notify); + status = notify_lock(notify); NT_STATUS_NOT_OK_RETURN(status); + status = notify_load(notify); + if (!NT_STATUS_IS_OK(status)) { + notify_unlock(notify); + return status; + } + notify->array->entries = talloc_realloc(notify->array, notify->array->entries, struct notify_entry, notify->array->num_entries+1); if (notify->array->entries == NULL) { + notify_unlock(notify); return NT_STATUS_NO_MEMORY; } @@ -258,6 +285,9 @@ notify->array->num_entries++; status = notify_save(notify); + + notify_unlock(notify); + NT_STATUS_NOT_OK_RETURN(status); if (path) { @@ -293,9 +323,15 @@ return NT_STATUS_OBJECT_NAME_NOT_FOUND; } - status = notify_load(notify); + status = notify_lock(notify); NT_STATUS_NOT_OK_RETURN(status); + status = notify_load(notify); + if (!NT_STATUS_IS_OK(status)) { + notify_unlock(notify); + return status; + } + for (i=0;iarray->num_entries;i++) { if (notify->server == notify->array->entries[i].server && private == notify->array->entries[i].private) { @@ -303,6 +339,7 @@ } } if (i == notify->array->num_entries) { + notify_unlock(notify); return NT_STATUS_OBJECT_NAME_NOT_FOUND; } @@ -312,7 +349,11 @@ } notify->array->num_entries--; - return notify_save(notify); + status = notify_save(notify); + + notify_unlock(notify); + + return status; } /* @@ -327,9 +368,15 @@ return NT_STATUS_OK; } - status = notify_load(notify); + status = notify_lock(notify); NT_STATUS_NOT_OK_RETURN(status); + status = notify_load(notify); + if (!NT_STATUS_IS_OK(status)) { + notify_unlock(notify); + return status; + } + for (i=0;iarray->num_entries;i++) { if (notify->server == notify->array->entries[i].server) { if (i < notify->array->num_entries-1) { @@ -342,7 +389,11 @@ } - return notify_save(notify); + status = notify_save(notify); + + notify_unlock(notify); + + return status; }
svn commit: samba r14804 - in branches/SAMBA_4_0/source/scripting/swig: . torture
Author: tpot Date: 2006-03-30 05:50:09 + (Thu, 30 Mar 2006) New Revision: 14804 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14804 Log: Start writing a more Pythonic tdb module. Added: branches/SAMBA_4_0/source/scripting/swig/Tdb.py Modified: branches/SAMBA_4_0/source/scripting/swig/torture/torture_tdb.py Changeset: Added: branches/SAMBA_4_0/source/scripting/swig/Tdb.py === --- branches/SAMBA_4_0/source/scripting/swig/Tdb.py 2006-03-30 05:45:43 UTC (rev 14803) +++ branches/SAMBA_4_0/source/scripting/swig/Tdb.py 2006-03-30 05:50:09 UTC (rev 14804) @@ -0,0 +1,45 @@ +"""Provide a more Pythonic and object-oriented interface to tdb.""" + +# +# Swig interface to Samba +# +# Copyright (C) Tim Potter 2006 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +import tdb, os, UserDict + +class Tdb: + +def __init__(self, name, hash_size = 0, tdb_flags = tdb.TDB_DEFAULT, + open_flags = os.O_RDWR | os.O_CREAT, mode = 0600): + +self.tdb = tdb.open(name, hash_size, tdb_flags, open_flags, mode) + +def __del__(self): +tdb.close(self.tdb) + +def __getitem__(self, key): +pass + +def __setitem__(self, key, item): +pass + +def __delitem__(self, key): +pass + +def keys(self): +pass Modified: branches/SAMBA_4_0/source/scripting/swig/torture/torture_tdb.py === --- branches/SAMBA_4_0/source/scripting/swig/torture/torture_tdb.py 2006-03-30 05:45:43 UTC (rev 14803) +++ branches/SAMBA_4_0/source/scripting/swig/torture/torture_tdb.py 2006-03-30 05:50:09 UTC (rev 14804) @@ -1,10 +1,6 @@ #!/usr/bin/python -import sys, tdb -from os import * +import Tdb, os -t = tdb.open('foo.tdb', 0, 0, O_RDWR | O_CREAT, 0600) -tdb.close(t) - -unlink('foo.tdb') - +t = Tdb.Tdb('foo.tdb') +os.unlink('foo.tdb')
svn commit: samba r14803 - in branches/SAMBA_4_0/source/ntvfs/common: .
Author: tridge Date: 2006-03-30 05:45:43 + (Thu, 30 Mar 2006) New Revision: 14803 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14803 Log: copy with the root directory, which has /. on the end of the path Modified: branches/SAMBA_4_0/source/ntvfs/common/notify.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/common/notify.c === --- branches/SAMBA_4_0/source/ntvfs/common/notify.c 2006-03-30 05:36:09 UTC (rev 14802) +++ branches/SAMBA_4_0/source/ntvfs/common/notify.c 2006-03-30 05:45:43 UTC (rev 14803) @@ -227,6 +227,8 @@ { NTSTATUS status; struct notify_list *listel; + char *path = NULL; + size_t len; status = notify_load(notify); NT_STATUS_NOT_OK_RETURN(status); @@ -239,14 +241,29 @@ return NT_STATUS_NO_MEMORY; } + /* cope with /. on the end of the path */ + len = strlen(e->path); + if (len > 1 && e->path[len-1] == '.' && e->path[len-2] == '/') { + path = talloc_strndup(notify, e->path, len-2); + } + notify->array->entries[notify->array->num_entries] = *e; notify->array->entries[notify->array->num_entries].private = private; notify->array->entries[notify->array->num_entries].server = notify->server; + + if (path) { + notify->array->entries[notify->array->num_entries].path = path; + } + notify->array->num_entries++; status = notify_save(notify); NT_STATUS_NOT_OK_RETURN(status); + if (path) { + talloc_free(path); + } + listel = talloc(notify, struct notify_list); NT_STATUS_HAVE_NO_MEMORY(listel);
svn commit: samba r14802 - in branches/SAMBA_4_0/source/script/tests: .
Author: tpot Date: 2006-03-30 05:36:09 + (Thu, 30 Mar 2006) New Revision: 14802 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14802 Log: Fix typo. Modified: branches/SAMBA_4_0/source/script/tests/test_swig.sh Changeset: Modified: branches/SAMBA_4_0/source/script/tests/test_swig.sh === --- branches/SAMBA_4_0/source/script/tests/test_swig.sh 2006-03-30 05:24:37 UTC (rev 14801) +++ branches/SAMBA_4_0/source/script/tests/test_swig.sh 2006-03-30 05:36:09 UTC (rev 14802) @@ -12,7 +12,7 @@ failed=0 -export PYTHONPATH=scripting/swig:$PYTHONPATh +export PYTHONPATH=scripting/swig:$PYTHONPATH scripting/swig/torture/torture_tdb.py || failed=`expr $failed + 1`
svn commit: samba r14801 - in branches/SAMBA_4_0/source: . scripting
Author: tpot Date: 2006-03-30 05:24:37 + (Thu, 30 Mar 2006) New Revision: 14801 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14801 Log: Move swig testing makefile fragment into swig's config.mk and out of main.mk Modified: branches/SAMBA_4_0/source/main.mk branches/SAMBA_4_0/source/scripting/config.mk Changeset: Modified: branches/SAMBA_4_0/source/main.mk === --- branches/SAMBA_4_0/source/main.mk 2006-03-30 04:55:03 UTC (rev 14800) +++ branches/SAMBA_4_0/source/main.mk 2006-03-30 05:24:37 UTC (rev 14801) @@ -304,9 +304,6 @@ unused_macros: ./script/find_unused_macros.pl `find . -name "*.[ch]"` | sort -swigtest: swig - ./script/tests/test_swig.sh - ### # File types ### Modified: branches/SAMBA_4_0/source/scripting/config.mk === --- branches/SAMBA_4_0/source/scripting/config.mk 2006-03-30 04:55:03 UTC (rev 14800) +++ branches/SAMBA_4_0/source/scripting/config.mk 2006-03-30 05:24:37 UTC (rev 14801) @@ -49,3 +49,8 @@ swig_clean: -rm -f scripting/swig/_tdb.so scripting/swig/tdb.pyc scripting/swig/tdb.py scripting/swig/tdb_wrap.c scripting/swig/tdb_wrap.o + +# Swig testing + +swigtest: swig + ./script/tests/test_swig.sh
svn commit: samba r14800 - in branches/SAMBA_4_0/source/ntvfs/common: .
Author: tridge Date: 2006-03-30 04:55:03 + (Thu, 30 Mar 2006) New Revision: 14800 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14800 Log: use tdb_get_seqnum() in the change notify code to avoid reloading the notify record if the tdb has not changed. This makes the notify_trigger() call much faster, which is important as it is called on just about every file operation Modified: branches/SAMBA_4_0/source/ntvfs/common/notify.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/common/notify.c === --- branches/SAMBA_4_0/source/ntvfs/common/notify.c 2006-03-30 04:52:39 UTC (rev 14799) +++ branches/SAMBA_4_0/source/ntvfs/common/notify.c 2006-03-30 04:55:03 UTC (rev 14800) @@ -40,6 +40,7 @@ struct messaging_context *messaging_ctx; struct notify_list *list; struct notify_array *array; + int seqnum; }; @@ -84,8 +85,8 @@ path = smbd_tmp_path(notify, "notify.tdb"); notify->w = tdb_wrap_open(notify, path, 0, - TDB_DEFAULT, - O_RDWR|O_CREAT, 0600); + TDB_SEQNUM, + O_RDWR|O_CREAT, 0600); talloc_free(path); if (notify->w == NULL) { talloc_free(notify); @@ -96,6 +97,7 @@ notify->messaging_ctx = messaging_ctx; notify->list = NULL; notify->array = NULL; + notify->seqnum = tdb_get_seqnum(notify->w->tdb); talloc_set_destructor(notify, notify_destructor); @@ -115,7 +117,16 @@ TDB_DATA dbuf; DATA_BLOB blob; NTSTATUS status; + int seqnum; + seqnum = tdb_get_seqnum(notify->w->tdb); + + if (seqnum == notify->seqnum && notify->array != NULL) { + return NT_STATUS_OK; + } + + notify->seqnum = seqnum; + talloc_free(notify->array); notify->array = talloc_zero(notify, struct notify_array); NT_STATUS_HAVE_NO_MEMORY(notify->array);
svn commit: samba r14799 - in branches/SAMBA_4_0/source/lib/tdb: common include
Author: tridge Date: 2006-03-30 04:52:39 + (Thu, 30 Mar 2006) New Revision: 14799 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14799 Log: added a tdb_get_seqnum() call, and the TDB_SEQNUM flag. This allows for an extremely lightweight test to see if a tdb has possibly changed. Modified: branches/SAMBA_4_0/source/lib/tdb/common/tdb.c branches/SAMBA_4_0/source/lib/tdb/common/tdb_private.h branches/SAMBA_4_0/source/lib/tdb/common/transaction.c branches/SAMBA_4_0/source/lib/tdb/include/tdb.h Changeset: Modified: branches/SAMBA_4_0/source/lib/tdb/common/tdb.c === --- branches/SAMBA_4_0/source/lib/tdb/common/tdb.c 2006-03-30 04:39:37 UTC (rev 14798) +++ branches/SAMBA_4_0/source/lib/tdb/common/tdb.c 2006-03-30 04:52:39 UTC (rev 14799) @@ -30,6 +30,33 @@ TDB_DATA tdb_null; +/* + increment the tdb sequence number if the tdb has been opened using + the TDB_SEQNUM flag +*/ +static void tdb_increment_seqnum(struct tdb_context *tdb) +{ + tdb_off_t seqnum=0; + + if (!(tdb->flags & TDB_SEQNUM)) { + return; + } + + if (tdb_brlock(tdb, TDB_SEQNUM_OFS, F_WRLCK, F_SETLKW, 1) != 0) { + return; + } + + /* we ignore errors from this, as we have no sane way of + dealing with them. + */ + tdb_ofs_read(tdb, TDB_SEQNUM_OFS, &seqnum); + seqnum++; + tdb_ofs_write(tdb, TDB_SEQNUM_OFS, &seqnum); + + tdb_brlock(tdb, TDB_SEQNUM_OFS, F_UNLCK, F_SETLKW, 1); +} + + /* Returns 0 on fail. On success, return offset of record, and fills in rec */ static tdb_off_t tdb_find(struct tdb_context *tdb, TDB_DATA key, u32 hash, @@ -203,6 +230,11 @@ if (!(rec_ptr = tdb_find_lock_hash(tdb, key, hash, F_WRLCK, &rec))) return -1; ret = tdb_do_delete(tdb, rec_ptr, &rec); + + if (ret == 0) { + tdb_increment_seqnum(tdb); + } + if (tdb_unlock(tdb, BUCKET(rec.full_hash), F_WRLCK) != 0) TDB_LOG((tdb, 0, "tdb_delete: WARNING tdb_unlock failed!\n")); return ret; @@ -295,6 +327,9 @@ /* Need to tdb_unallocate() here */ goto fail; } + + tdb_increment_seqnum(tdb); + out: SAFE_FREE(p); tdb_unlock(tdb, BUCKET(hash), F_WRLCK); @@ -369,3 +404,22 @@ { return tdb->log_fn; } + + +/* + get the tdb sequence number. Only makes sense if the writers opened + with TDB_SEQNUM set. Note that this sequence number will wrap quite + quickly, so it should only be used for a 'has something changed' + test, not for code that relies on the count of the number of changes + made. If you want a counter then use a tdb record. + + The aim of this sequence number is to allow for a very lightweight + test of a possible tdb change. +*/ +int tdb_get_seqnum(struct tdb_context *tdb) +{ + tdb_off_t seqnum=0; + + tdb_ofs_read(tdb, TDB_SEQNUM_OFS, &seqnum); + return seqnum; +} Modified: branches/SAMBA_4_0/source/lib/tdb/common/tdb_private.h === --- branches/SAMBA_4_0/source/lib/tdb/common/tdb_private.h 2006-03-30 04:39:37 UTC (rev 14798) +++ branches/SAMBA_4_0/source/lib/tdb/common/tdb_private.h 2006-03-30 04:52:39 UTC (rev 14799) @@ -94,6 +94,7 @@ #define TDB_HASHTABLE_SIZE(tdb) ((tdb->header.hash_size+1)*sizeof(tdb_off_t)) #define TDB_DATA_START(hash_size) TDB_HASH_TOP(hash_size-1) #define TDB_RECOVERY_HEAD offsetof(struct tdb_header, recovery_start) +#define TDB_SEQNUM_OFSoffsetof(struct tdb_header, sequence_number) #define TDB_PAD_BYTE 0x42 #define TDB_PAD_U32 0x42424242 @@ -155,7 +156,8 @@ u32 hash_size; /* number of hash entries */ tdb_off_t rwlocks; /* obsolete - kept to detect old formats */ tdb_off_t recovery_start; /* offset of transaction recovery region */ - tdb_off_t reserved[30]; + tdb_off_t sequence_number; /* used when TDB_SEQNUM is set */ + tdb_off_t reserved[29]; }; struct tdb_lock_type { Modified: branches/SAMBA_4_0/source/lib/tdb/common/transaction.c === --- branches/SAMBA_4_0/source/lib/tdb/common/transaction.c 2006-03-30 04:39:37 UTC (rev 14798) +++ branches/SAMBA_4_0/source/lib/tdb/common/transaction.c 2006-03-30 04:52:39 UTC (rev 14799) @@ -892,6 +892,12 @@ tdb_brlock_len(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0, 1); + /* + TODO: maybe write to some dummy hdr field, or write to magic + offset without mmap, before the last sync, instead of the + utime() call + */ + /* on some systems (like Linux 2.6.x) changes via mmap/msync don't change the mtime of the file, this means the file may not be backed up (as tdb rounding to block sizes means that Modified: branches
svn commit: samba r14798 - in branches/SAMBA_4_0/source: . script/tests scripting scripting/swig/torture
Author: tpot Date: 2006-03-30 04:39:37 + (Thu, 30 Mar 2006) New Revision: 14798 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14798 Log: Get swig building again (by commenting out dcerpc stuff for now). Add the start of a test framework for swigged functionality. Added: branches/SAMBA_4_0/source/script/tests/test_swig.sh branches/SAMBA_4_0/source/scripting/swig/torture/torture_tdb.py Modified: branches/SAMBA_4_0/source/main.mk branches/SAMBA_4_0/source/scripting/config.mk Changeset: Modified: branches/SAMBA_4_0/source/main.mk === --- branches/SAMBA_4_0/source/main.mk 2006-03-30 03:51:49 UTC (rev 14797) +++ branches/SAMBA_4_0/source/main.mk 2006-03-30 04:39:37 UTC (rev 14798) @@ -304,6 +304,9 @@ unused_macros: ./script/find_unused_macros.pl `find . -name "*.[ch]"` | sort +swigtest: swig + ./script/tests/test_swig.sh + ### # File types ### Added: branches/SAMBA_4_0/source/script/tests/test_swig.sh === --- branches/SAMBA_4_0/source/script/tests/test_swig.sh 2006-03-30 03:51:49 UTC (rev 14797) +++ branches/SAMBA_4_0/source/script/tests/test_swig.sh 2006-03-30 04:39:37 UTC (rev 14798) @@ -0,0 +1,19 @@ +#!/bin/sh + +if [ $# -ne 0 ]; then +cat <
svn commit: samba r14797 - in branches/SAMBA_4_0/source/ntvfs: common posix
Author: tridge Date: 2006-03-30 03:51:49 + (Thu, 30 Mar 2006) New Revision: 14797 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14797 Log: added checking of the filter in notify requests Modified: branches/SAMBA_4_0/source/ntvfs/common/notify.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_read.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_unlink.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_write.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/common/notify.c === --- branches/SAMBA_4_0/source/ntvfs/common/notify.c 2006-03-30 03:14:38 UTC (rev 14796) +++ branches/SAMBA_4_0/source/ntvfs/common/notify.c 2006-03-30 03:51:49 UTC (rev 14797) @@ -322,12 +322,16 @@ see if a notify event matches */ static BOOL notify_match(struct notify_context *notify, struct notify_entry *e, -const char *path, uint32_t action) +const char *path, uint32_t filter) { - size_t len = strlen(e->path); + size_t len; - /* TODO: check action */ + if (!(filter & e->filter)) { + return False; + } + len = strlen(e->path); + if (strncmp(path, e->path, len) != 0) { return False; } @@ -379,7 +383,7 @@ trigger a notify message for anyone waiting on a matching event */ void notify_trigger(struct notify_context *notify, - uint32_t action, const char *path) + uint32_t action, uint32_t filter, const char *path) { NTSTATUS status; int i; @@ -391,7 +395,7 @@ /* this needs to be changed to a log(n) search */ for (i=0;iarray->num_entries;i++) { - if (notify_match(notify, ¬ify->array->entries[i], path, action)) { + if (notify_match(notify, ¬ify->array->entries[i], path, filter)) { notify_send(notify, ¬ify->array->entries[i], path + strlen(notify->array->entries[i].path) + 1, action); Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c 2006-03-30 03:14:38 UTC (rev 14796) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c 2006-03-30 03:51:49 UTC (rev 14797) @@ -83,7 +83,10 @@ return status; } - notify_trigger(pvfs->notify_context, NOTIFY_ACTION_ADDED, name->full_name); + notify_trigger(pvfs->notify_context, + NOTIFY_ACTION_ADDED, + FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_DIR_NAME, + name->full_name); return NT_STATUS_OK; } @@ -137,7 +140,10 @@ return status; } - notify_trigger(pvfs->notify_context, NOTIFY_ACTION_ADDED, name->full_name); + notify_trigger(pvfs->notify_context, + NOTIFY_ACTION_ADDED, + FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_DIR_NAME, + name->full_name); return NT_STATUS_OK; } @@ -176,7 +182,10 @@ return pvfs_map_errno(pvfs, errno); } - notify_trigger(pvfs->notify_context, NOTIFY_ACTION_REMOVED, name->full_name); + notify_trigger(pvfs->notify_context, + NOTIFY_ACTION_REMOVED, + FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_DIR_NAME, + name->full_name); return NT_STATUS_OK; } Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2006-03-30 03:14:38 UTC (rev 14796) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2006-03-30 03:51:49 UTC (rev 14797) @@ -378,6 +378,11 @@ f->handle->have_opendb_entry = True; create_action = NTCREATEX_ACTION_CREATED; + + notify_trigger(pvfs->notify_context, + NOTIFY_ACTION_REMOVED, + FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_DIR_NAME, + name->full_name); } else { create_action = NTCREATEX_ACTION_EXISTED; } @@ -461,6 +466,11 @@ if (unlink(path) != 0) { DEBUG(0,("pvfs_close: failed to delete '%s' - %s\n", path, strerror(errno))); + } else { + notify_trigger(h->pvfs->notify_context, + NOTIFY_ACTION_REMOVED, + FILE_NOTIFY_CHANGE_FILE_NAME, +
svn commit: samba r14796 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2006-03-30 03:14:38 + (Thu, 30 Mar 2006) New Revision: 14796 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14796 Log: handle overflows in the notify buffer. The pending events are dumped and the notify buffer removed Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c 2006-03-30 02:25:38 UTC (rev 14795) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c 2006-03-30 03:14:38 UTC (rev 14796) @@ -52,8 +52,22 @@ struct ntvfs_request *req; struct smb_notify *info; - if (pending == NULL) return; + if (notify_buffer->current_buffer_size > notify_buffer->max_buffer_size && + notify_buffer->num_changes != 0) { + /* on buffer overflow return no changes and destroys the notify buffer */ + notify_buffer->num_changes = 0; + while (notify_buffer->pending) { + pvfs_notify_send(notify_buffer, NT_STATUS_OK); + } + talloc_free(notify_buffer); + return; + } + /* see if there is anyone waiting */ + if (notify_buffer->pending == NULL) { + return; + } + DLIST_REMOVE(notify_buffer->pending, pending); req = pending->req; @@ -67,8 +81,6 @@ talloc_free(pending); - DEBUG(0,("sending %d changes\n", info->out.num_changes)); - if (info->out.num_changes != 0) { status = NT_STATUS_OK; } @@ -96,14 +108,23 @@ static void pvfs_notify_callback(void *private, const struct notify_event *ev) { struct pvfs_notify_buffer *n = talloc_get_type(private, struct pvfs_notify_buffer); + size_t len; n->changes = talloc_realloc(n, n->changes, struct notify_changes, n->num_changes+1); n->changes[n->num_changes].action = ev->action; n->changes[n->num_changes].name.s = talloc_strdup(n->changes, ev->path); n->num_changes++; - DEBUG(0,("got notify for '%s' action=%d\n", ev->path, ev->action)); + /* + work out how much room this will take in the buffer + */ + len = 12 + strlen_m(ev->path)*2; + if (len & 3) { + len += 4 - (len & 3); + } + n->current_buffer_size += len; + /* send what we have */ pvfs_notify_send(n, NT_STATUS_OK); } @@ -187,6 +208,8 @@ NT_STATUS_NOT_OK_RETURN(status); } + f->notify_buffer->max_buffer_size = info->in.buffer_size; + pending = talloc(f->notify_buffer, struct notify_pending); NT_STATUS_HAVE_NO_MEMORY(pending);
svn commit: samba r14795 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2006-03-30 02:25:38 + (Thu, 30 Mar 2006) New Revision: 14795 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14795 Log: queue notify requests on the same handle Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c 2006-03-30 02:25:04 UTC (rev 14794) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c 2006-03-30 02:25:38 UTC (rev 14795) @@ -24,6 +24,7 @@ #include "vfs_posix.h" #include "lib/messaging/irpc.h" #include "messaging/messaging.h" +#include "dlinklist.h" /* pending notifies buffer, hung off struct pvfs_file for open directories that have used change notify */ @@ -33,11 +34,13 @@ struct notify_changes *changes; uint32_t max_buffer_size; uint32_t current_buffer_size; - - /* these last two are only present when a notify request is - pending */ - struct ntvfs_request *req; - struct smb_notify *info; + + /* a list of requests waiting for events on this handle */ + struct notify_pending { + struct notify_pending *next, *prev; + struct ntvfs_request *req; + struct smb_notify *info; + } *pending; }; /* @@ -45,18 +48,25 @@ */ static void pvfs_notify_send(struct pvfs_notify_buffer *notify_buffer, NTSTATUS status) { - struct ntvfs_request *req = notify_buffer->req; - struct smb_notify *info = notify_buffer->info; + struct notify_pending *pending = notify_buffer->pending; + struct ntvfs_request *req; + struct smb_notify *info; + if (pending == NULL) return; + + DLIST_REMOVE(notify_buffer->pending, pending); + + req = pending->req; + info = pending->info; + info->out.num_changes = notify_buffer->num_changes; info->out.changes = talloc_steal(req, notify_buffer->changes); notify_buffer->num_changes = 0; notify_buffer->changes = NULL; notify_buffer->current_buffer_size = 0; - - notify_buffer->req = NULL; - notify_buffer->info = NULL; + talloc_free(pending); + DEBUG(0,("sending %d changes\n", info->out.num_changes)); if (info->out.num_changes != 0) { @@ -75,9 +85,7 @@ struct pvfs_notify_buffer *n = talloc_get_type(ptr, struct pvfs_notify_buffer); notify_remove(n->f->pvfs->notify_context, n); n->f->notify_buffer = NULL; - if (n->req) { - pvfs_notify_send(n, NT_STATUS_OK); - } + pvfs_notify_send(n, NT_STATUS_OK); return 0; } @@ -96,9 +104,7 @@ DEBUG(0,("got notify for '%s' action=%d\n", ev->path, ev->action)); - if (n->req != NULL) { - pvfs_notify_send(n, NT_STATUS_OK); - } + pvfs_notify_send(n, NT_STATUS_OK); } /* @@ -135,14 +141,8 @@ */ static void pvfs_notify_end(void *private, enum pvfs_wait_notice reason) { - struct pvfs_notify_buffer *notify_buffer = talloc_get_type(private, struct pvfs_notify_buffer); - struct ntvfs_request *req = notify_buffer->req; - - if (req == NULL) { - /* nothing to do, nobody is waiting */ - return; - } - + struct pvfs_notify_buffer *notify_buffer = talloc_get_type(private, + struct pvfs_notify_buffer); if (reason == PVFS_WAIT_CANCEL) { pvfs_notify_send(notify_buffer, NT_STATUS_CANCELLED); } else { @@ -160,6 +160,7 @@ struct pvfs_state); struct pvfs_file *f; NTSTATUS status; + struct notify_pending *pending; f = pvfs_find_fd(pvfs, req, info->in.file.fnum); if (!f) { @@ -186,16 +187,14 @@ NT_STATUS_NOT_OK_RETURN(status); } - req->async_states->status = NT_STATUS_OK; - - if (f->notify_buffer->req != NULL) { - DEBUG(0,("Notify already setup\n")); - pvfs_notify_send(f->notify_buffer, NT_STATUS_CANCELLED); - } + pending = talloc(f->notify_buffer, struct notify_pending); + NT_STATUS_HAVE_NO_MEMORY(pending); - f->notify_buffer->req = talloc_reference(f->notify_buffer, req); - f->notify_buffer->info = info; + pending->req = talloc_reference(pending, req); + pending->info = info; + DLIST_ADD_END(f->notify_buffer->pending, pending, struct notify_pending *); + /* if the buffer is empty then start waiting */ if (f->notify_buffer->num_changes == 0) { void *wait_handle =
svn commit: samba r14794 - in branches/SAMBA_4_0/source/torture/raw: .
Author: tridge Date: 2006-03-30 02:25:04 + (Thu, 30 Mar 2006) New Revision: 14794 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14794 Log: added a test to see what happens when you send a notify request on a handle that already has a notify request pending. It turns out that they are queued Modified: branches/SAMBA_4_0/source/torture/raw/notify.c Changeset: Modified: branches/SAMBA_4_0/source/torture/raw/notify.c === --- branches/SAMBA_4_0/source/torture/raw/notify.c 2006-03-30 02:06:06 UTC (rev 14793) +++ branches/SAMBA_4_0/source/torture/raw/notify.c 2006-03-30 02:25:04 UTC (rev 14794) @@ -489,7 +489,72 @@ return ret; } + /* + test setting up two change notify requests on one handle +*/ +static BOOL test_notify_double(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) +{ + BOOL ret = True; + NTSTATUS status; + struct smb_notify notify; + union smb_open io; + int fnum; + struct smbcli_request *req1, *req2; + + printf("TESTING CHANGE NOTIFY TWICE ON ONE DIRECTORY\n"); + + /* + get a handle on the directory + */ + io.generic.level = RAW_OPEN_NTCREATEX; + io.ntcreatex.in.root_fid = 0; + io.ntcreatex.in.flags = 0; + io.ntcreatex.in.access_mask = SEC_FILE_ALL; + io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY; + io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; + io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE; + io.ntcreatex.in.alloc_size = 0; + io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN; + io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; + io.ntcreatex.in.security_flags = 0; + io.ntcreatex.in.fname = BASEDIR; + + status = smb_raw_open(cli->tree, mem_ctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + fnum = io.ntcreatex.out.file.fnum; + + /* ask for a change notify, + on file or directory name changes */ + notify.in.buffer_size = 1000; + notify.in.completion_filter = FILE_NOTIFY_CHANGE_NAME; + notify.in.file.fnum = fnum; + notify.in.recursive = True; + + req1 = smb_raw_changenotify_send(cli->tree, ¬ify); + req2 = smb_raw_changenotify_send(cli->tree, ¬ify); + + smbcli_mkdir(cli->tree, BASEDIR "\\subdir-name"); + + status = smb_raw_changenotify_recv(req1, mem_ctx, ¬ify); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(notify.out.num_changes, 1); + CHECK_WSTR(notify.out.changes[0].name, "subdir-name", STR_UNICODE); + + smbcli_mkdir(cli->tree, BASEDIR "\\subdir-name2"); + + status = smb_raw_changenotify_recv(req2, mem_ctx, ¬ify); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(notify.out.num_changes, 1); + CHECK_WSTR(notify.out.changes[0].name, "subdir-name2", STR_UNICODE); + + +done: + smb_raw_exit(cli->session); + return ret; +} + +/* basic testing of change notify */ BOOL torture_raw_notify(struct torture_context *torture) @@ -513,6 +578,7 @@ ret &= test_notify_tdis(mem_ctx); ret &= test_notify_exit(mem_ctx); ret &= test_notify_ulogoff(mem_ctx); + ret &= test_notify_double(cli, mem_ctx); smb_raw_exit(cli->session); smbcli_deltree(cli->tree, BASEDIR);
svn commit: samba r14793 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2006-03-30 02:06:06 + (Thu, 30 Mar 2006) New Revision: 14793 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14793 Log: the RAW-NOTIFY test now passes. Next I need to make it efficient, and add the hooks in all the other places Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c 2006-03-30 01:09:46 UTC (rev 14792) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c 2006-03-30 02:06:06 UTC (rev 14793) @@ -41,20 +41,9 @@ }; /* - destroy a notify buffer. Called when the handle is closed - */ -static int pvfs_notify_destructor(void *ptr) -{ - struct pvfs_notify_buffer *n = talloc_get_type(ptr, struct pvfs_notify_buffer); - notify_remove(n->f->pvfs->notify_context, n); - n->f->notify_buffer = NULL; - return 0; -} - -/* send a reply to a pending notify request */ -static void pvfs_notify_send(struct pvfs_notify_buffer *notify_buffer) +static void pvfs_notify_send(struct pvfs_notify_buffer *notify_buffer, NTSTATUS status) { struct ntvfs_request *req = notify_buffer->req; struct smb_notify *info = notify_buffer->info; @@ -70,14 +59,27 @@ DEBUG(0,("sending %d changes\n", info->out.num_changes)); - if (info->out.num_changes == 0) { - req->async_states->status = NT_STATUS_CANCELLED; - } else { - req->async_states->status = NT_STATUS_OK; + if (info->out.num_changes != 0) { + status = NT_STATUS_OK; } + + req->async_states->status = status; req->async_states->send_fn(req); } +/* + destroy a notify buffer. Called when the handle is closed + */ +static int pvfs_notify_destructor(void *ptr) +{ + struct pvfs_notify_buffer *n = talloc_get_type(ptr, struct pvfs_notify_buffer); + notify_remove(n->f->pvfs->notify_context, n); + n->f->notify_buffer = NULL; + if (n->req) { + pvfs_notify_send(n, NT_STATUS_OK); + } + return 0; +} /* @@ -95,7 +97,7 @@ DEBUG(0,("got notify for '%s' action=%d\n", ev->path, ev->action)); if (n->req != NULL) { - pvfs_notify_send(n); + pvfs_notify_send(n, NT_STATUS_OK); } } @@ -141,7 +143,11 @@ return; } - pvfs_notify_send(notify_buffer); + if (reason == PVFS_WAIT_CANCEL) { + pvfs_notify_send(notify_buffer, NT_STATUS_CANCELLED); + } else { + pvfs_notify_send(notify_buffer, NT_STATUS_OK); + } } /* change notify request - always async. This request blocks until the @@ -184,7 +190,7 @@ if (f->notify_buffer->req != NULL) { DEBUG(0,("Notify already setup\n")); - pvfs_notify_send(f->notify_buffer); + pvfs_notify_send(f->notify_buffer, NT_STATUS_CANCELLED); } f->notify_buffer->req = talloc_reference(f->notify_buffer, req); @@ -200,7 +206,7 @@ return NT_STATUS_OK; } - pvfs_notify_send(f->notify_buffer); + pvfs_notify_send(f->notify_buffer, NT_STATUS_OK); return NT_STATUS_OK; } Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2006-03-30 01:09:46 UTC (rev 14792) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2006-03-30 02:06:06 UTC (rev 14793) @@ -730,6 +730,8 @@ /* success - keep the file handle */ talloc_steal(pvfs, f); + notify_trigger(pvfs->notify_context, NOTIFY_ACTION_ADDED, name->full_name); + return NT_STATUS_OK; cleanup_delete:
svn commit: samba r14792 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2006-03-30 01:09:46 + (Thu, 30 Mar 2006) New Revision: 14792 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14792 Log: when we enable fake oplocks, give out batch oplocks not exclusive oplocks Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2006-03-29 23:45:17 UTC (rev 14791) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2006-03-30 01:09:46 UTC (rev 14792) @@ -710,7 +710,7 @@ if (pvfs->flags & PVFS_FLAG_FAKE_OPLOCKS) { - io->generic.out.oplock_level = OPLOCK_EXCLUSIVE; + io->generic.out.oplock_level = OPLOCK_BATCH; } else { io->generic.out.oplock_level = OPLOCK_NONE; } @@ -1238,7 +1238,7 @@ talloc_free(lck); if (pvfs->flags & PVFS_FLAG_FAKE_OPLOCKS) { - io->generic.out.oplock_level = OPLOCK_EXCLUSIVE; + io->generic.out.oplock_level = OPLOCK_BATCH; } else { io->generic.out.oplock_level = OPLOCK_NONE; }
Build status as of Thu Mar 30 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-03-29 00:00:03.0 + +++ /home/build/master/cache/broken_results.txt 2006-03-30 00:00:29.0 + @@ -1,17 +1,17 @@ -Build status as of Wed Mar 29 00:00:02 2006 +Build status as of Thu Mar 30 00:00:02 2006 Build counts: Tree Total Broken Panic -ccache 6 1 0 -distcc 8 2 0 -lorikeet-heimdal 28 28 0 +ccache 7 1 0 +distcc 9 2 0 +lorikeet-heimdal 15 15 0 ppp 15 0 0 -rsync30 1 0 +rsync32 2 0 samba2 0 0 samba-docs 0 0 0 samba4 34 27 0 -samba_3_034 6 0 +samba_3_034 7 0 smb-build21 0 0 -talloc 29 16 0 -tdb 4 1 0 +talloc 8 6 0 +tdb 5 1 0
svn commit: samba r14791 - in trunk/source/smbd: .
Author: jra Date: 2006-03-29 23:45:17 + (Wed, 29 Mar 2006) New Revision: 14791 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14791 Log: Fix possible null deref. Coverity #277. Jeremy. Modified: trunk/source/smbd/sesssetup.c Changeset: Modified: trunk/source/smbd/sesssetup.c === --- trunk/source/smbd/sesssetup.c 2006-03-29 23:45:08 UTC (rev 14790) +++ trunk/source/smbd/sesssetup.c 2006-03-29 23:45:17 UTC (rev 14791) @@ -217,7 +217,9 @@ if (pac_data) { logon_info = get_logon_info_from_pac(pac_data); - netsamlogon_cache_store( client, &logon_info->info3 ); + if (logon_info) { + netsamlogon_cache_store( client, &logon_info->info3 ); + } } if (!strequal(p+1, lp_realm())) {
svn commit: samba r14790 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2006-03-29 23:45:08 + (Wed, 29 Mar 2006) New Revision: 14790 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14790 Log: Fix possible null deref. Coverity #277. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c === --- branches/SAMBA_3_0/source/smbd/sesssetup.c 2006-03-29 23:42:12 UTC (rev 14789) +++ branches/SAMBA_3_0/source/smbd/sesssetup.c 2006-03-29 23:45:08 UTC (rev 14790) @@ -217,7 +217,9 @@ if (pac_data) { logon_info = get_logon_info_from_pac(pac_data); - netsamlogon_cache_store( client, &logon_info->info3 ); + if (logon_info) { + netsamlogon_cache_store( client, &logon_info->info3 ); + } } if (!strequal(p+1, lp_realm())) {
svn commit: samba r14789 - in trunk/source/rpc_server: .
Author: jra Date: 2006-03-29 23:42:12 + (Wed, 29 Mar 2006) New Revision: 14789 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14789 Log: Fix coverity bug #276. null deref. Jeremy. Modified: trunk/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: trunk/source/rpc_server/srv_spoolss_nt.c === --- trunk/source/rpc_server/srv_spoolss_nt.c2006-03-29 23:42:03 UTC (rev 14788) +++ trunk/source/rpc_server/srv_spoolss_nt.c2006-03-29 23:42:12 UTC (rev 14789) @@ -984,6 +984,10 @@ /* allocate the max entries possible */ data = TALLOC_ARRAY( mem_ctx, SPOOL_NOTIFY_INFO_DATA, msg_group->num_msgs); + if (!data) { + return; + } + ZERO_STRUCTP(data); /* build the array of change notifications */ @@ -1400,6 +1404,9 @@ len = unistrlen(devmode->devicename.buffer); if (len != -1) { d->devicename.buffer = TALLOC_ARRAY(ctx, uint16, len); + if (!d->devicename.buffer) { + return NULL; + } if (unistrcpy(d->devicename.buffer, devmode->devicename.buffer) != len) return NULL; } @@ -1408,12 +1415,17 @@ len = unistrlen(devmode->formname.buffer); if (len != -1) { d->devicename.buffer = TALLOC_ARRAY(ctx, uint16, len); + if (!d->devicename.buffer) { + return NULL; + } if (unistrcpy(d->formname.buffer, devmode->formname.buffer) != len) return NULL; } d->dev_private = TALLOC_MEMDUP(ctx, devmode->dev_private, devmode->driverextra); - + if (!d->dev_private) { + return NULL; + } return d; } @@ -5894,6 +5906,10 @@ } new_secdesc_ctr = sec_desc_merge(p->mem_ctx, secdesc_ctr, old_secdesc_ctr); + if (!new_secdesc_ctr) { + result = WERR_NOMEM; + goto done; + } if (sec_desc_equal(new_secdesc_ctr->sec, old_secdesc_ctr->sec)) { result = WERR_OK;
svn commit: samba r14788 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jra Date: 2006-03-29 23:42:03 + (Wed, 29 Mar 2006) New Revision: 14788 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14788 Log: Fix coverity bug #276. null deref. Jeremy. Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2006-03-29 23:35:23 UTC (rev 14787) +++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2006-03-29 23:42:03 UTC (rev 14788) @@ -984,6 +984,10 @@ /* allocate the max entries possible */ data = TALLOC_ARRAY( mem_ctx, SPOOL_NOTIFY_INFO_DATA, msg_group->num_msgs); + if (!data) { + return; + } + ZERO_STRUCTP(data); /* build the array of change notifications */ @@ -1400,6 +1404,9 @@ len = unistrlen(devmode->devicename.buffer); if (len != -1) { d->devicename.buffer = TALLOC_ARRAY(ctx, uint16, len); + if (!d->devicename.buffer) { + return NULL; + } if (unistrcpy(d->devicename.buffer, devmode->devicename.buffer) != len) return NULL; } @@ -1408,12 +1415,17 @@ len = unistrlen(devmode->formname.buffer); if (len != -1) { d->devicename.buffer = TALLOC_ARRAY(ctx, uint16, len); + if (!d->devicename.buffer) { + return NULL; + } if (unistrcpy(d->formname.buffer, devmode->formname.buffer) != len) return NULL; } d->dev_private = TALLOC_MEMDUP(ctx, devmode->dev_private, devmode->driverextra); - + if (!d->dev_private) { + return NULL; + } return d; } @@ -5894,6 +5906,10 @@ } new_secdesc_ctr = sec_desc_merge(p->mem_ctx, secdesc_ctr, old_secdesc_ctr); + if (!new_secdesc_ctr) { + result = WERR_NOMEM; + goto done; + } if (sec_desc_equal(new_secdesc_ctr->sec, old_secdesc_ctr->sec)) { result = WERR_OK;
svn commit: samba r14787 - in trunk/source/rpc_server: .
Author: jra Date: 2006-03-29 23:35:23 + (Wed, 29 Mar 2006) New Revision: 14787 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14787 Log: Fix coverity #275. null deref. Jeremy. Modified: trunk/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: trunk/source/rpc_server/srv_spoolss_nt.c === --- trunk/source/rpc_server/srv_spoolss_nt.c2006-03-29 23:35:16 UTC (rev 14786) +++ trunk/source/rpc_server/srv_spoolss_nt.c2006-03-29 23:35:23 UTC (rev 14787) @@ -723,14 +723,21 @@ if (!make_systemtime(&systime, gmtime((time_t *)msg->notify.data))) { DEBUG(5, ("notify_system_time: unable to make systemtime\n")); + prs_mem_free(&ps); return; } - if (!spoolss_io_system_time("", &ps, 0, &systime)) + if (!spoolss_io_system_time("", &ps, 0, &systime)) { + prs_mem_free(&ps); return; + } data->notify_data.data.length = prs_offset(&ps); data->notify_data.data.string = TALLOC(mem_ctx, prs_offset(&ps)); + if (!data->notify_data.data.string) { + prs_mem_free(&ps); + return; + } prs_copy_all_data_out((char *)data->notify_data.data.string, &ps);
svn commit: samba r14786 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jra Date: 2006-03-29 23:35:16 + (Wed, 29 Mar 2006) New Revision: 14786 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14786 Log: Fix coverity #275. null deref. Jeremy. Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2006-03-29 23:32:49 UTC (rev 14785) +++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2006-03-29 23:35:16 UTC (rev 14786) @@ -723,14 +723,21 @@ if (!make_systemtime(&systime, gmtime((time_t *)msg->notify.data))) { DEBUG(5, ("notify_system_time: unable to make systemtime\n")); + prs_mem_free(&ps); return; } - if (!spoolss_io_system_time("", &ps, 0, &systime)) + if (!spoolss_io_system_time("", &ps, 0, &systime)) { + prs_mem_free(&ps); return; + } data->notify_data.data.length = prs_offset(&ps); data->notify_data.data.string = TALLOC(mem_ctx, prs_offset(&ps)); + if (!data->notify_data.data.string) { + prs_mem_free(&ps); + return; + } prs_copy_all_data_out((char *)data->notify_data.data.string, &ps);
svn commit: samba r14785 - in trunk/source/rpc_client: .
Author: jra Date: 2006-03-29 23:32:49 + (Wed, 29 Mar 2006) New Revision: 14785 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14785 Log: Fix coverity bug #274. Null deref. Jeremy. Modified: trunk/source/rpc_client/cli_lsarpc.c Changeset: Modified: trunk/source/rpc_client/cli_lsarpc.c === --- trunk/source/rpc_client/cli_lsarpc.c2006-03-29 23:32:40 UTC (rev 14784) +++ trunk/source/rpc_client/cli_lsarpc.c2006-03-29 23:32:49 UTC (rev 14785) @@ -221,19 +221,19 @@ if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } if (!((*types) = TALLOC_ARRAY(mem_ctx, uint32, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } @@ -323,13 +323,13 @@ if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } @@ -419,13 +419,17 @@ *domain_name = unistr2_tdup(mem_ctx, &r.dom.id3. uni_domain_name); + if (!*domain_name) { + return NT_STATUS_NO_MEMORY; + } } if (domain_sid && (r.dom.id3.buffer_dom_sid != 0)) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); - if (*domain_sid) { - sid_copy(*domain_sid, &r.dom.id3.dom_sid.sid); + if (!*domain_sid) { + return NT_STATUS_NO_MEMORY; } + sid_copy(*domain_sid, &r.dom.id3.dom_sid.sid); } break; @@ -436,13 +440,17 @@ *domain_name = unistr2_tdup(mem_ctx, &r.dom.id5. uni_domain_name); + if (!*domain_name) { + return NT_STATUS_NO_MEMORY; + } } if (domain_sid && (r.dom.id5.buffer_dom_sid != 0)) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); - if (*domain_sid) { - sid_copy(*domain_sid, &r.dom.id5.dom_sid.sid); + if (!*domain_sid) { + return NT_STATUS_NO_MEMORY; } + sid_copy(*domain_sid, &r.dom.id5.dom_sid.sid); } break; @@ -506,20 +514,32 @@ *domain_name = unistr2_tdup(mem_ctx, &r.info.dns_dom_info .uni_nb_dom_name); + if (!*domain_name) { + return NT_STATUS_NO_MEMORY; + } } if (dns_name && r.info.dns_dom_info.hdr_dns_dom_name.buffer) { *dns_name = unistr2_tdup(mem_ctx, &r.info.dns_dom_info .uni_dns_dom_name); + if (!*dns_name) { + return NT_STATUS_NO_MEMORY; + } } if (forest_name && r.info.dns_dom_info.hdr_forest_name.buffer) { *forest_name = unistr2_tdup(mem_ctx, &r.info.dns_dom_info .uni_forest_name); + if (!*forest_name) { + return NT_STATUS_NO_MEMORY; + } } if (domain_guid) { *domain_guid = TALLOC_P(mem_ctx, struct uuid); + if (!*domain_guid) { + return N
svn commit: samba r14784 - in branches/SAMBA_3_0/source/rpc_client: .
Author: jra Date: 2006-03-29 23:32:40 + (Wed, 29 Mar 2006) New Revision: 14784 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14784 Log: Fix coverity bug #274. Null deref. Jeremy. Modified: branches/SAMBA_3_0/source/rpc_client/cli_lsarpc.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_client/cli_lsarpc.c === --- branches/SAMBA_3_0/source/rpc_client/cli_lsarpc.c 2006-03-29 23:25:13 UTC (rev 14783) +++ branches/SAMBA_3_0/source/rpc_client/cli_lsarpc.c 2006-03-29 23:32:40 UTC (rev 14784) @@ -221,19 +221,19 @@ if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } if (!((*types) = TALLOC_ARRAY(mem_ctx, uint32, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } @@ -323,13 +323,13 @@ if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } @@ -419,13 +419,17 @@ *domain_name = unistr2_tdup(mem_ctx, &r.dom.id3. uni_domain_name); + if (!*domain_name) { + return NT_STATUS_NO_MEMORY; + } } if (domain_sid && (r.dom.id3.buffer_dom_sid != 0)) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); - if (*domain_sid) { - sid_copy(*domain_sid, &r.dom.id3.dom_sid.sid); + if (!*domain_sid) { + return NT_STATUS_NO_MEMORY; } + sid_copy(*domain_sid, &r.dom.id3.dom_sid.sid); } break; @@ -436,13 +440,17 @@ *domain_name = unistr2_tdup(mem_ctx, &r.dom.id5. uni_domain_name); + if (!*domain_name) { + return NT_STATUS_NO_MEMORY; + } } if (domain_sid && (r.dom.id5.buffer_dom_sid != 0)) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); - if (*domain_sid) { - sid_copy(*domain_sid, &r.dom.id5.dom_sid.sid); + if (!*domain_sid) { + return NT_STATUS_NO_MEMORY; } + sid_copy(*domain_sid, &r.dom.id5.dom_sid.sid); } break; @@ -506,20 +514,32 @@ *domain_name = unistr2_tdup(mem_ctx, &r.info.dns_dom_info .uni_nb_dom_name); + if (!*domain_name) { + return NT_STATUS_NO_MEMORY; + } } if (dns_name && r.info.dns_dom_info.hdr_dns_dom_name.buffer) { *dns_name = unistr2_tdup(mem_ctx, &r.info.dns_dom_info .uni_dns_dom_name); + if (!*dns_name) { + return NT_STATUS_NO_MEMORY; + } } if (forest_name && r.info.dns_dom_info.hdr_forest_name.buffer) { *forest_name = unistr2_tdup(mem_ctx, &r.info.dns_dom_info .uni_forest_name); + if (!*forest_name) { + return NT_STATUS_NO_MEMORY; + } } if (domain_guid) { *domain_guid = TALLOC_P(mem_ctx, struct uuid); + if (!*domai
svn commit: samba r14783 - in trunk/source/rpc_client: .
Author: jra Date: 2006-03-29 23:25:13 + (Wed, 29 Mar 2006) New Revision: 14783 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14783 Log: Fix coverity bug #273, null deref. Jeremy. Modified: trunk/source/rpc_client/cli_echo.c Changeset: Modified: trunk/source/rpc_client/cli_echo.c === --- trunk/source/rpc_client/cli_echo.c 2006-03-29 23:25:04 UTC (rev 14782) +++ trunk/source/rpc_client/cli_echo.c 2006-03-29 23:25:13 UTC (rev 14783) @@ -79,6 +79,9 @@ if (out_data) { *out_data = TALLOC(mem_ctx, size); + if (!*out_data) { + return NT_STATUS_NO_MEMORY; + } memcpy(*out_data, r.data, size); }
svn commit: samba r14782 - in branches/SAMBA_3_0/source/rpc_client: .
Author: jra Date: 2006-03-29 23:25:04 + (Wed, 29 Mar 2006) New Revision: 14782 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14782 Log: Fix coverity bug #273, null deref. Jeremy. Modified: branches/SAMBA_3_0/source/rpc_client/cli_echo.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_client/cli_echo.c === --- branches/SAMBA_3_0/source/rpc_client/cli_echo.c 2006-03-29 23:23:05 UTC (rev 14781) +++ branches/SAMBA_3_0/source/rpc_client/cli_echo.c 2006-03-29 23:25:04 UTC (rev 14782) @@ -79,6 +79,9 @@ if (out_data) { *out_data = TALLOC(mem_ctx, size); + if (!*out_data) { + return NT_STATUS_NO_MEMORY; + } memcpy(*out_data, r.data, size); }
svn commit: samba r14781 - in trunk/source/passdb: .
Author: jra Date: 2006-03-29 23:23:05 + (Wed, 29 Mar 2006) New Revision: 14781 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14781 Log: Fix coverity bug #272, null deref. Jeremy. Modified: trunk/source/passdb/pdb_get_set.c Changeset: Modified: trunk/source/passdb/pdb_get_set.c === --- trunk/source/passdb/pdb_get_set.c 2006-03-29 23:22:57 UTC (rev 14780) +++ trunk/source/passdb/pdb_get_set.c 2006-03-29 23:23:05 UTC (rev 14781) @@ -228,6 +228,10 @@ TALLOC_CTX *mem_ctx = talloc_init("pdb_get_group_sid"); BOOL lookup_ret; + if (!mem_ctx) { + return NULL; + } + /* Now check that it's actually a domain group and not something else */ lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type); @@ -1246,6 +1250,10 @@ /* Ensure we have space for the needed history. */ uchar *new_history = TALLOC(sampass, pwHistLen*PW_HISTORY_ENTRY_LEN); + if (!new_history) { + return False; + } + /* And copy it into the new buffer. */ if (current_history_len) { memcpy(new_history, pwhistory,
svn commit: samba r14780 - in branches/SAMBA_3_0/source/passdb: .
Author: jra Date: 2006-03-29 23:22:57 + (Wed, 29 Mar 2006) New Revision: 14780 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14780 Log: Fix coverity bug #272, null deref. Jeremy. Modified: branches/SAMBA_3_0/source/passdb/pdb_get_set.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/pdb_get_set.c === --- branches/SAMBA_3_0/source/passdb/pdb_get_set.c 2006-03-29 23:19:06 UTC (rev 14779) +++ branches/SAMBA_3_0/source/passdb/pdb_get_set.c 2006-03-29 23:22:57 UTC (rev 14780) @@ -228,6 +228,10 @@ TALLOC_CTX *mem_ctx = talloc_init("pdb_get_group_sid"); BOOL lookup_ret; + if (!mem_ctx) { + return NULL; + } + /* Now check that it's actually a domain group and not something else */ lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type); @@ -1246,6 +1250,10 @@ /* Ensure we have space for the needed history. */ uchar *new_history = TALLOC(sampass, pwHistLen*PW_HISTORY_ENTRY_LEN); + if (!new_history) { + return False; + } + /* And copy it into the new buffer. */ if (current_history_len) { memcpy(new_history, pwhistory,
svn commit: samba r14779 - in trunk/source/rpc_parse: .
Author: jra Date: 2006-03-29 23:19:06 + (Wed, 29 Mar 2006) New Revision: 14779 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14779 Log: Fix coverity null deref bugs #268 - #271. Jeremy. Modified: trunk/source/rpc_parse/parse_spoolss.c Changeset: Modified: trunk/source/rpc_parse/parse_spoolss.c === --- trunk/source/rpc_parse/parse_spoolss.c 2006-03-29 23:18:58 UTC (rev 14778) +++ trunk/source/rpc_parse/parse_spoolss.c 2006-03-29 23:19:06 UTC (rev 14779) @@ -899,6 +899,9 @@ DEBUG(5,("make_spoolss_q_open_printer_ex\n")); q_u->printername = TALLOC_P( get_talloc_ctx(), UNISTR2 ); + if (!q_u->printername) { + return False; + } init_unistr2(q_u->printername, printername, UNI_STR_TERMINATE); q_u->printer_default.datatype_ptr = 0; @@ -912,6 +915,9 @@ q_u->user_ctr.level = 1; q_u->user_ctr.user.user1= TALLOC_P( get_talloc_ctx(), SPOOL_USER_1 ); + if (!q_u->user_ctr.user.user1) { + return False; + } q_u->user_ctr.user.user1->size = strlen(clientname) + strlen(user_name) + 10; q_u->user_ctr.user.user1->build = 1381; q_u->user_ctr.user.user1->major = 2; @@ -919,7 +925,13 @@ q_u->user_ctr.user.user1->processor = 0; q_u->user_ctr.user.user1->client_name = TALLOC_P( get_talloc_ctx(), UNISTR2 ); + if (!q_u->user_ctr.user.user1->client_name) { + return False; + } q_u->user_ctr.user.user1->user_name = TALLOC_P( get_talloc_ctx(), UNISTR2 ); + if (!q_u->user_ctr.user.user1->user_name) { + return False; + } init_unistr2(q_u->user_ctr.user.user1->client_name, clientname, UNI_STR_TERMINATE); init_unistr2(q_u->user_ctr.user.user1->user_name, user_name, UNI_STR_TERMINATE); @@ -943,6 +955,9 @@ ZERO_STRUCTP(q_u); q_u->server_name = TALLOC_P( mem_ctx, UNISTR2 ); + if (!q_u->server_name) { + return False; + } init_unistr2(q_u->server_name, srv_name, UNI_FLAGS_NONE); q_u->level = level; @@ -965,14 +980,22 @@ q_u->user_ctr.level = 1; q_u->user_ctr.user.user1= TALLOC_P( get_talloc_ctx(), SPOOL_USER_1 ); + if (!q_u->user_ctr.user.user1) { + return False; + } q_u->user_ctr.user.user1->build = 1381; q_u->user_ctr.user.user1->major = 2; q_u->user_ctr.user.user1->minor = 0; q_u->user_ctr.user.user1->processor = 0; q_u->user_ctr.user.user1->client_name = TALLOC_P( mem_ctx, UNISTR2 ); + if (!q_u->user_ctr.user.user1->client_name) { + return False; + } q_u->user_ctr.user.user1->user_name = TALLOC_P( mem_ctx, UNISTR2 ); - + if (!q_u->user_ctr.user.user1->user_name) { + return False; + } init_unistr2(q_u->user_ctr.user.user1->client_name, clientname, UNI_STR_TERMINATE); init_unistr2(q_u->user_ctr.user.user1->user_name, user_name, UNI_STR_TERMINATE);
svn commit: samba r14778 - in branches/SAMBA_3_0/source/rpc_parse: .
Author: jra Date: 2006-03-29 23:18:58 + (Wed, 29 Mar 2006) New Revision: 14778 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14778 Log: Fix coverity null deref bugs #268 - #271. Jeremy. Modified: branches/SAMBA_3_0/source/rpc_parse/parse_spoolss.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_parse/parse_spoolss.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_spoolss.c 2006-03-29 23:13:36 UTC (rev 14777) +++ branches/SAMBA_3_0/source/rpc_parse/parse_spoolss.c 2006-03-29 23:18:58 UTC (rev 14778) @@ -899,6 +899,9 @@ DEBUG(5,("make_spoolss_q_open_printer_ex\n")); q_u->printername = TALLOC_P( get_talloc_ctx(), UNISTR2 ); + if (!q_u->printername) { + return False; + } init_unistr2(q_u->printername, printername, UNI_STR_TERMINATE); q_u->printer_default.datatype_ptr = 0; @@ -912,6 +915,9 @@ q_u->user_ctr.level = 1; q_u->user_ctr.user.user1= TALLOC_P( get_talloc_ctx(), SPOOL_USER_1 ); + if (!q_u->user_ctr.user.user1) { + return False; + } q_u->user_ctr.user.user1->size = strlen(clientname) + strlen(user_name) + 10; q_u->user_ctr.user.user1->build = 1381; q_u->user_ctr.user.user1->major = 2; @@ -919,7 +925,13 @@ q_u->user_ctr.user.user1->processor = 0; q_u->user_ctr.user.user1->client_name = TALLOC_P( get_talloc_ctx(), UNISTR2 ); + if (!q_u->user_ctr.user.user1->client_name) { + return False; + } q_u->user_ctr.user.user1->user_name = TALLOC_P( get_talloc_ctx(), UNISTR2 ); + if (!q_u->user_ctr.user.user1->user_name) { + return False; + } init_unistr2(q_u->user_ctr.user.user1->client_name, clientname, UNI_STR_TERMINATE); init_unistr2(q_u->user_ctr.user.user1->user_name, user_name, UNI_STR_TERMINATE); @@ -943,6 +955,9 @@ ZERO_STRUCTP(q_u); q_u->server_name = TALLOC_P( mem_ctx, UNISTR2 ); + if (!q_u->server_name) { + return False; + } init_unistr2(q_u->server_name, srv_name, UNI_FLAGS_NONE); q_u->level = level; @@ -965,14 +980,22 @@ q_u->user_ctr.level = 1; q_u->user_ctr.user.user1= TALLOC_P( get_talloc_ctx(), SPOOL_USER_1 ); + if (!q_u->user_ctr.user.user1) { + return False; + } q_u->user_ctr.user.user1->build = 1381; q_u->user_ctr.user.user1->major = 2; q_u->user_ctr.user.user1->minor = 0; q_u->user_ctr.user.user1->processor = 0; q_u->user_ctr.user.user1->client_name = TALLOC_P( mem_ctx, UNISTR2 ); + if (!q_u->user_ctr.user.user1->client_name) { + return False; + } q_u->user_ctr.user.user1->user_name = TALLOC_P( mem_ctx, UNISTR2 ); - + if (!q_u->user_ctr.user.user1->user_name) { + return False; + } init_unistr2(q_u->user_ctr.user.user1->client_name, clientname, UNI_STR_TERMINATE); init_unistr2(q_u->user_ctr.user.user1->user_name, user_name, UNI_STR_TERMINATE);
svn commit: samba r14777 - in trunk/source/rpc_parse: .
Author: jra Date: 2006-03-29 23:13:36 + (Wed, 29 Mar 2006) New Revision: 14777 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14777 Log: Fix coverity #263 - #267. No one was checking talloc returns. Doh ! Jeremy. Modified: trunk/source/rpc_parse/parse_reg.c Changeset: Modified: trunk/source/rpc_parse/parse_reg.c === --- trunk/source/rpc_parse/parse_reg.c 2006-03-29 23:13:27 UTC (rev 14776) +++ trunk/source/rpc_parse/parse_reg.c 2006-03-29 23:13:36 UTC (rev 14777) @@ -54,6 +54,10 @@ { q_o->server = TALLOC_P( get_talloc_ctx(), uint16); + if (!q_o->server) { + smb_panic("init_reg_q_open_hive: talloc fail.\n"); + return; + } *q_o->server = 0x1; q_o->access = access_desired; @@ -221,6 +225,10 @@ q_c->access = access_desired; q_c->sec_info = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!q_c->sec_info) { + smb_panic("init_reg_q_create_key_ex: talloc fail\n"); + return; + } *q_c->sec_info = DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION; q_c->data = sec_buf; @@ -228,6 +236,10 @@ init_buf_hdr(&q_c->hdr_sec, sec_buf->len, sec_buf->len); q_c->ptr3 = 1; q_c->disposition = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!q_c->disposition) { + smb_panic("init_reg_q_create_key_ex: talloc fail\n"); + return; + } } /*** @@ -997,14 +1009,23 @@ return False; r_u->type = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->type) { + return False; + } *r_u->type = val->type; buf_len = reg_init_regval_buffer( &buf2, val ); r_u->buf_max_len = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->buf_max_len) { + return False; + } *r_u->buf_max_len = buf_len; r_u->buf_len = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->buf_len) { + return False; + } *r_u->buf_len = buf_len; /* if include_keyval is not set, don't send the key value, just @@ -1012,6 +1033,9 @@ if ( include_keyval ) { r_u->value = TALLOC_P( get_talloc_ctx(), REGVAL_BUFFER ); + if (!r_u->value) { + return False; + } /* steal the memory */ *r_u->value = buf2; } @@ -1071,18 +1095,39 @@ q_u->name.size = max_name_len*2; q_u->name.string = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR2 ); + if (!q_u->name.string) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } q_u->name.string->uni_max_len = max_name_len; q_u->type = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!q_u->type) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } *q_u->type = 0x0; q_u->value = TALLOC_ZERO_P( get_talloc_ctx(), REGVAL_BUFFER ); + if (!q_u->value) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } + q_u->value->buf_max_len = max_buf_len; - q_u->buffer_len = TALLOC_P( get_talloc_ctx(), uint32 ); + q_u->buffer_len = TALLOC_P( get_talloc_ctx(), uint32 ); + if (q_u->buffer_len) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } *q_u->buffer_len = max_buf_len; - q_u->name_len = TALLOC_P( get_talloc_ctx(), uint32 ); + q_u->name_len = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!q_u->name_len) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } *q_u->name_len = 0x0; } @@ -1105,18 +1150,34 @@ /* type */ r_u->type = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->type) { + smb_panic("init_reg_r_enum_val: talloc fail\n"); + return; + } *r_u->type = val->type; /* REG_SZ & REG_MULTI_SZ must be converted to UNICODE */ r_u->value = TALLOC_P( get_talloc_ctx(), REGVAL_BUFFER ); + if (!r_u->value) { + smb_panic("init_reg_r_enum_val: talloc fail\n"); + return; + } real_size = reg_init_regval_buffer( r_u->value, val ); /* lengths */ - r_u->buffer_len1 = TALLOC_P( get_talloc_ctx(), uint32 ); + r_u->buffer_len1 = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->buffer_len1) { + smb_panic("init_reg_r_enum_val: talloc fail\n"); + return; + } *r_u->buffer_len1 = real_size; - r_u->buffer_len2 = TALLO
svn commit: samba r14776 - in branches/SAMBA_3_0/source/rpc_parse: .
Author: jra Date: 2006-03-29 23:13:27 + (Wed, 29 Mar 2006) New Revision: 14776 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14776 Log: Fix coverity #263 - #267. No one was checking talloc returns. Doh ! Jeremy. Modified: branches/SAMBA_3_0/source/rpc_parse/parse_reg.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_parse/parse_reg.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_reg.c 2006-03-29 23:03:41 UTC (rev 14775) +++ branches/SAMBA_3_0/source/rpc_parse/parse_reg.c 2006-03-29 23:13:27 UTC (rev 14776) @@ -54,6 +54,10 @@ { q_o->server = TALLOC_P( get_talloc_ctx(), uint16); + if (!q_o->server) { + smb_panic("init_reg_q_open_hive: talloc fail.\n"); + return; + } *q_o->server = 0x1; q_o->access = access_desired; @@ -221,6 +225,10 @@ q_c->access = access_desired; q_c->sec_info = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!q_c->sec_info) { + smb_panic("init_reg_q_create_key_ex: talloc fail\n"); + return; + } *q_c->sec_info = DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION; q_c->data = sec_buf; @@ -228,6 +236,10 @@ init_buf_hdr(&q_c->hdr_sec, sec_buf->len, sec_buf->len); q_c->ptr3 = 1; q_c->disposition = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!q_c->disposition) { + smb_panic("init_reg_q_create_key_ex: talloc fail\n"); + return; + } } /*** @@ -997,14 +1009,23 @@ return False; r_u->type = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->type) { + return False; + } *r_u->type = val->type; buf_len = reg_init_regval_buffer( &buf2, val ); r_u->buf_max_len = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->buf_max_len) { + return False; + } *r_u->buf_max_len = buf_len; r_u->buf_len = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->buf_len) { + return False; + } *r_u->buf_len = buf_len; /* if include_keyval is not set, don't send the key value, just @@ -1012,6 +1033,9 @@ if ( include_keyval ) { r_u->value = TALLOC_P( get_talloc_ctx(), REGVAL_BUFFER ); + if (!r_u->value) { + return False; + } /* steal the memory */ *r_u->value = buf2; } @@ -1071,18 +1095,39 @@ q_u->name.size = max_name_len*2; q_u->name.string = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR2 ); + if (!q_u->name.string) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } q_u->name.string->uni_max_len = max_name_len; q_u->type = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!q_u->type) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } *q_u->type = 0x0; q_u->value = TALLOC_ZERO_P( get_talloc_ctx(), REGVAL_BUFFER ); + if (!q_u->value) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } + q_u->value->buf_max_len = max_buf_len; - q_u->buffer_len = TALLOC_P( get_talloc_ctx(), uint32 ); + q_u->buffer_len = TALLOC_P( get_talloc_ctx(), uint32 ); + if (q_u->buffer_len) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } *q_u->buffer_len = max_buf_len; - q_u->name_len = TALLOC_P( get_talloc_ctx(), uint32 ); + q_u->name_len = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!q_u->name_len) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } *q_u->name_len = 0x0; } @@ -1105,18 +1150,34 @@ /* type */ r_u->type = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->type) { + smb_panic("init_reg_r_enum_val: talloc fail\n"); + return; + } *r_u->type = val->type; /* REG_SZ & REG_MULTI_SZ must be converted to UNICODE */ r_u->value = TALLOC_P( get_talloc_ctx(), REGVAL_BUFFER ); + if (!r_u->value) { + smb_panic("init_reg_r_enum_val: talloc fail\n"); + return; + } real_size = reg_init_regval_buffer( r_u->value, val ); /* lengths */ - r_u->buffer_len1 = TALLOC_P( get_talloc_ctx(), uint32 ); + r_u->buffer_len1 = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->buffer_len1) { + smb_panic("init_reg_r_enum_val: talloc fail\n"); + return; + } *r_u
svn commit: samba r14775 - in trunk/source/rpc_parse: .
Author: jra Date: 2006-03-29 23:03:41 + (Wed, 29 Mar 2006) New Revision: 14775 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14775 Log: Fix null deref coverity bugs #260, #261, #262. Jeremy. Modified: trunk/source/rpc_parse/parse_lsa.c Changeset: Modified: trunk/source/rpc_parse/parse_lsa.c === --- trunk/source/rpc_parse/parse_lsa.c 2006-03-29 23:03:34 UTC (rev 14774) +++ trunk/source/rpc_parse/parse_lsa.c 2006-03-29 23:03:41 UTC (rev 14775) @@ -3001,6 +3001,9 @@ if ( num_priv ) { out->rights = TALLOC_P( get_talloc_ctx(), UNISTR4_ARRAY ); + if (!out->rights) { + return NT_STATUS_NO_MEMORY; + } if ( !init_unistr4_array( out->rights, num_priv, privname_array ) ) return NT_STATUS_NO_MEMORY; @@ -3069,6 +3072,10 @@ init_dom_sid2(&in->sid, sid); in->rights = TALLOC_P( get_talloc_ctx(), UNISTR4_ARRAY ); + if (!in->rights) { + smb_panic("init_q_add_acct_rights: talloc fail\n"); + return; + } init_unistr4_array( in->rights, count, rights ); in->count = count; @@ -3112,10 +3119,10 @@ return True; } - /*** Inits an LSA_Q_REMOVE_ACCT_RIGHTS structure. / + void init_q_remove_acct_rights(LSA_Q_REMOVE_ACCT_RIGHTS *in, POLICY_HND *hnd, DOM_SID *sid, @@ -3133,13 +3140,17 @@ in->count = count; in->rights = TALLOC_P( get_talloc_ctx(), UNISTR4_ARRAY ); + if (!in->rights) { + smb_panic("init_q_remove_acct_rights: talloc fail\n"); + return; + } init_unistr4_array( in->rights, count, rights ); } - /*** reads or writes a LSA_Q_REMOVE_ACCT_RIGHTS structure. / + BOOL lsa_io_q_remove_acct_rights(const char *desc, LSA_Q_REMOVE_ACCT_RIGHTS *in, prs_struct *ps, int depth) { prs_debug(ps, depth, desc, "lsa_io_q_remove_acct_rights");
svn commit: samba r14774 - in branches/SAMBA_3_0/source/rpc_parse: .
Author: jra Date: 2006-03-29 23:03:34 + (Wed, 29 Mar 2006) New Revision: 14774 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14774 Log: Fix null deref coverity bugs #260, #261, #262. Jeremy. Modified: branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c 2006-03-29 22:59:41 UTC (rev 14773) +++ branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c 2006-03-29 23:03:34 UTC (rev 14774) @@ -3001,6 +3001,9 @@ if ( num_priv ) { out->rights = TALLOC_P( get_talloc_ctx(), UNISTR4_ARRAY ); + if (!out->rights) { + return NT_STATUS_NO_MEMORY; + } if ( !init_unistr4_array( out->rights, num_priv, privname_array ) ) return NT_STATUS_NO_MEMORY; @@ -3069,6 +3072,10 @@ init_dom_sid2(&in->sid, sid); in->rights = TALLOC_P( get_talloc_ctx(), UNISTR4_ARRAY ); + if (!in->rights) { + smb_panic("init_q_add_acct_rights: talloc fail\n"); + return; + } init_unistr4_array( in->rights, count, rights ); in->count = count; @@ -3112,10 +3119,10 @@ return True; } - /*** Inits an LSA_Q_REMOVE_ACCT_RIGHTS structure. / + void init_q_remove_acct_rights(LSA_Q_REMOVE_ACCT_RIGHTS *in, POLICY_HND *hnd, DOM_SID *sid, @@ -3133,13 +3140,17 @@ in->count = count; in->rights = TALLOC_P( get_talloc_ctx(), UNISTR4_ARRAY ); + if (!in->rights) { + smb_panic("init_q_remove_acct_rights: talloc fail\n"); + return; + } init_unistr4_array( in->rights, count, rights ); } - /*** reads or writes a LSA_Q_REMOVE_ACCT_RIGHTS structure. / + BOOL lsa_io_q_remove_acct_rights(const char *desc, LSA_Q_REMOVE_ACCT_RIGHTS *in, prs_struct *ps, int depth) { prs_debug(ps, depth, desc, "lsa_io_q_remove_acct_rights");
svn commit: samba r14773 - in trunk/source/rpc_parse: .
Author: jra Date: 2006-03-29 22:59:41 + (Wed, 29 Mar 2006) New Revision: 14773 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14773 Log: Fix coverity bug #258. Seems coverity has discovered talloc :-). Jeremy. Modified: trunk/source/rpc_parse/parse_shutdown.c Changeset: Modified: trunk/source/rpc_parse/parse_shutdown.c === --- trunk/source/rpc_parse/parse_shutdown.c 2006-03-29 22:59:33 UTC (rev 14772) +++ trunk/source/rpc_parse/parse_shutdown.c 2006-03-29 22:59:41 UTC (rev 14773) @@ -32,9 +32,18 @@ uint32 timeout, BOOL do_reboot, BOOL force) { q_s->server = TALLOC_P( get_talloc_ctx(), uint16 ); + if (!q_s->server) { + smb_panic("init_shutdown_q_init: talloc fail.\n"); + return; + } + *q_s->server = 0x1; q_s->message = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR4 ); + if (!q_s->message) { + smb_panic("init_shutdown_q_init: talloc fail.\n"); + return; + } if ( msg && *msg ) { init_unistr4( q_s->message, msg, UNI_FLAGS_NONE ); @@ -206,6 +215,11 @@ void init_shutdown_q_abort(SHUTDOWN_Q_ABORT *q_s) { q_s->server = TALLOC_P( get_talloc_ctx(), uint16 ); + if (!q_s->server) { + smb_panic("init_shutdown_q_abort: talloc fail.\n"); + return; + } + *q_s->server = 0x1; }
svn commit: samba r14772 - in branches/SAMBA_3_0/source/rpc_parse: .
Author: jra Date: 2006-03-29 22:59:33 + (Wed, 29 Mar 2006) New Revision: 14772 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14772 Log: Fix coverity bug #258. Seems coverity has discovered talloc :-). Jeremy. Modified: branches/SAMBA_3_0/source/rpc_parse/parse_shutdown.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_parse/parse_shutdown.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_shutdown.c2006-03-29 22:56:12 UTC (rev 14771) +++ branches/SAMBA_3_0/source/rpc_parse/parse_shutdown.c2006-03-29 22:59:33 UTC (rev 14772) @@ -32,9 +32,18 @@ uint32 timeout, BOOL do_reboot, BOOL force) { q_s->server = TALLOC_P( get_talloc_ctx(), uint16 ); + if (!q_s->server) { + smb_panic("init_shutdown_q_init: talloc fail.\n"); + return; + } + *q_s->server = 0x1; q_s->message = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR4 ); + if (!q_s->message) { + smb_panic("init_shutdown_q_init: talloc fail.\n"); + return; + } if ( msg && *msg ) { init_unistr4( q_s->message, msg, UNI_FLAGS_NONE ); @@ -206,6 +215,11 @@ void init_shutdown_q_abort(SHUTDOWN_Q_ABORT *q_s) { q_s->server = TALLOC_P( get_talloc_ctx(), uint16 ); + if (!q_s->server) { + smb_panic("init_shutdown_q_abort: talloc fail.\n"); + return; + } + *q_s->server = 0x1; }
svn commit: samba r14771 - in trunk/source/rpc_parse: .
Author: jra Date: 2006-03-29 22:56:12 + (Wed, 29 Mar 2006) New Revision: 14771 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14771 Log: Fix coverity bug #257. Possible null deref. Jeremy. Modified: trunk/source/rpc_parse/parse_misc.c Changeset: Modified: trunk/source/rpc_parse/parse_misc.c === --- trunk/source/rpc_parse/parse_misc.c 2006-03-29 22:56:05 UTC (rev 14770) +++ trunk/source/rpc_parse/parse_misc.c 2006-03-29 22:56:12 UTC (rev 14771) @@ -884,6 +884,10 @@ void init_unistr4(UNISTR4 *uni4, const char *buf, enum unistr2_term_codes flags) { uni4->string = TALLOC_P( get_talloc_ctx(), UNISTR2 ); + if (!uni4->string) { + smb_panic("init_unistr4: talloc fail\n"); + return; + } init_unistr2( uni4->string, buf, flags ); uni4->length = 2 * (uni4->string->uni_str_len); @@ -893,6 +897,10 @@ void init_unistr4_w( TALLOC_CTX *ctx, UNISTR4 *uni4, const smb_ucs2_t *buf ) { uni4->string = TALLOC_P( ctx, UNISTR2 ); + if (!uni4->string) { + smb_panic("init_unistr4_w: talloc fail\n"); + return; + } init_unistr2_w( ctx, uni4->string, buf ); uni4->length = 2 * (uni4->string->uni_str_len); @@ -919,7 +927,7 @@ str->buffer = TALLOC_ZERO_ARRAY(ctx, uint16, len + 1); if (str->buffer == NULL) { - smb_panic("init_unistr2_w: malloc fail\n"); + smb_panic("init_unistr2_w: talloc fail\n"); return; }
svn commit: samba r14770 - in branches/SAMBA_3_0/source/rpc_parse: .
Author: jra Date: 2006-03-29 22:56:05 + (Wed, 29 Mar 2006) New Revision: 14770 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14770 Log: Fix coverity bug #257. Possible null deref. Jeremy. Modified: branches/SAMBA_3_0/source/rpc_parse/parse_misc.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_parse/parse_misc.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_misc.c2006-03-29 22:51:31 UTC (rev 14769) +++ branches/SAMBA_3_0/source/rpc_parse/parse_misc.c2006-03-29 22:56:05 UTC (rev 14770) @@ -884,6 +884,10 @@ void init_unistr4(UNISTR4 *uni4, const char *buf, enum unistr2_term_codes flags) { uni4->string = TALLOC_P( get_talloc_ctx(), UNISTR2 ); + if (!uni4->string) { + smb_panic("init_unistr4: talloc fail\n"); + return; + } init_unistr2( uni4->string, buf, flags ); uni4->length = 2 * (uni4->string->uni_str_len); @@ -893,6 +897,10 @@ void init_unistr4_w( TALLOC_CTX *ctx, UNISTR4 *uni4, const smb_ucs2_t *buf ) { uni4->string = TALLOC_P( ctx, UNISTR2 ); + if (!uni4->string) { + smb_panic("init_unistr4_w: talloc fail\n"); + return; + } init_unistr2_w( ctx, uni4->string, buf ); uni4->length = 2 * (uni4->string->uni_str_len); @@ -919,7 +927,7 @@ str->buffer = TALLOC_ZERO_ARRAY(ctx, uint16, len + 1); if (str->buffer == NULL) { - smb_panic("init_unistr2_w: malloc fail\n"); + smb_panic("init_unistr2_w: talloc fail\n"); return; }
svn commit: samba r14769 - in trunk/source/registry: .
Author: jra Date: 2006-03-29 22:51:31 + (Wed, 29 Mar 2006) New Revision: 14769 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14769 Log: Fix potential null deref coverity bugs #255, #256. Jeremy. Modified: trunk/source/registry/reg_objects.c Changeset: Modified: trunk/source/registry/reg_objects.c === --- trunk/source/registry/reg_objects.c 2006-03-29 22:51:23 UTC (rev 14768) +++ trunk/source/registry/reg_objects.c 2006-03-29 22:51:31 UTC (rev 14769) @@ -270,8 +270,6 @@ int regval_ctr_addvalue( REGVAL_CTR *ctr, const char *name, uint16 type, const char *data_p, size_t size ) { - REGISTRY_VALUE **ppreg; - if ( !name ) return ctr->num_values; @@ -281,17 +279,24 @@ /* allocate a slot in the array of pointers */ - if ( ctr->num_values == 0 ) + if ( ctr->num_values == 0 ) { ctr->values = TALLOC_P( ctr, REGISTRY_VALUE *); - else { - ppreg = TALLOC_REALLOC_ARRAY( ctr, ctr->values, REGISTRY_VALUE *, ctr->num_values+1 ); - if ( ppreg ) - ctr->values = ppreg; + } else { + ctr->values = TALLOC_REALLOC_ARRAY( ctr, ctr->values, REGISTRY_VALUE *, ctr->num_values+1 ); } + if (!ctr->values) { + ctr->num_values = 0; + return 0; + } + /* allocate a new value and store the pointer in the arrya */ ctr->values[ctr->num_values] = TALLOC_P( ctr, REGISTRY_VALUE); + if (!ctr->values[ctr->num_values]) { + ctr->num_values = 0; + return 0; + } /* init the value */ @@ -310,23 +315,27 @@ int regval_ctr_copyvalue( REGVAL_CTR *ctr, REGISTRY_VALUE *val ) { - REGISTRY_VALUE **ppreg; - - if ( val ) - { + if ( val ) { /* allocate a slot in the array of pointers */ - if ( ctr->num_values == 0 ) + if ( ctr->num_values == 0 ) { ctr->values = TALLOC_P( ctr, REGISTRY_VALUE *); - else { - ppreg = TALLOC_REALLOC_ARRAY( ctr, ctr->values, REGISTRY_VALUE *, ctr->num_values+1 ); - if ( ppreg ) - ctr->values = ppreg; + } else { + ctr->values = TALLOC_REALLOC_ARRAY( ctr, ctr->values, REGISTRY_VALUE *, ctr->num_values+1 ); } + if (!ctr->values) { + ctr->num_values = 0; + return 0; + } + /* allocate a new value and store the pointer in the arrya */ ctr->values[ctr->num_values] = TALLOC_P( ctr, REGISTRY_VALUE); + if (!ctr->values[ctr->num_values]) { + ctr->num_values = 0; + return 0; + } /* init the value */ @@ -411,4 +420,3 @@ return data; } -
svn commit: samba r14768 - in branches/SAMBA_3_0/source/registry: .
Author: jra Date: 2006-03-29 22:51:23 + (Wed, 29 Mar 2006) New Revision: 14768 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14768 Log: Fix potential null deref coverity bugs #255, #256. Jeremy. Modified: branches/SAMBA_3_0/source/registry/reg_objects.c Changeset: Modified: branches/SAMBA_3_0/source/registry/reg_objects.c === --- branches/SAMBA_3_0/source/registry/reg_objects.c2006-03-29 22:45:58 UTC (rev 14767) +++ branches/SAMBA_3_0/source/registry/reg_objects.c2006-03-29 22:51:23 UTC (rev 14768) @@ -270,8 +270,6 @@ int regval_ctr_addvalue( REGVAL_CTR *ctr, const char *name, uint16 type, const char *data_p, size_t size ) { - REGISTRY_VALUE **ppreg; - if ( !name ) return ctr->num_values; @@ -281,17 +279,24 @@ /* allocate a slot in the array of pointers */ - if ( ctr->num_values == 0 ) + if ( ctr->num_values == 0 ) { ctr->values = TALLOC_P( ctr, REGISTRY_VALUE *); - else { - ppreg = TALLOC_REALLOC_ARRAY( ctr, ctr->values, REGISTRY_VALUE *, ctr->num_values+1 ); - if ( ppreg ) - ctr->values = ppreg; + } else { + ctr->values = TALLOC_REALLOC_ARRAY( ctr, ctr->values, REGISTRY_VALUE *, ctr->num_values+1 ); } + if (!ctr->values) { + ctr->num_values = 0; + return 0; + } + /* allocate a new value and store the pointer in the arrya */ ctr->values[ctr->num_values] = TALLOC_P( ctr, REGISTRY_VALUE); + if (!ctr->values[ctr->num_values]) { + ctr->num_values = 0; + return 0; + } /* init the value */ @@ -310,23 +315,27 @@ int regval_ctr_copyvalue( REGVAL_CTR *ctr, REGISTRY_VALUE *val ) { - REGISTRY_VALUE **ppreg; - - if ( val ) - { + if ( val ) { /* allocate a slot in the array of pointers */ - if ( ctr->num_values == 0 ) + if ( ctr->num_values == 0 ) { ctr->values = TALLOC_P( ctr, REGISTRY_VALUE *); - else { - ppreg = TALLOC_REALLOC_ARRAY( ctr, ctr->values, REGISTRY_VALUE *, ctr->num_values+1 ); - if ( ppreg ) - ctr->values = ppreg; + } else { + ctr->values = TALLOC_REALLOC_ARRAY( ctr, ctr->values, REGISTRY_VALUE *, ctr->num_values+1 ); } + if (!ctr->values) { + ctr->num_values = 0; + return 0; + } + /* allocate a new value and store the pointer in the arrya */ ctr->values[ctr->num_values] = TALLOC_P( ctr, REGISTRY_VALUE); + if (!ctr->values[ctr->num_values]) { + ctr->num_values = 0; + return 0; + } /* init the value */ @@ -411,4 +420,3 @@ return data; } -
svn commit: samba r14767 - in trunk/source/registry: .
Author: jra Date: 2006-03-29 22:45:58 + (Wed, 29 Mar 2006) New Revision: 14767 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14767 Log: Fix possible NULL deref. Coverity #254. Jeremy. Modified: trunk/source/registry/reg_objects.c Changeset: Modified: trunk/source/registry/reg_objects.c === --- trunk/source/registry/reg_objects.c 2006-03-29 22:45:52 UTC (rev 14766) +++ trunk/source/registry/reg_objects.c 2006-03-29 22:45:58 UTC (rev 14767) @@ -43,8 +43,6 @@ int regsubkey_ctr_addkey( REGSUBKEY_CTR *ctr, const char *keyname ) { - char **pp; - if ( !keyname ) return ctr->num_subkeys; @@ -55,14 +53,17 @@ /* allocate a space for the char* in the array */ - if ( ctr->subkeys == 0 ) - ctr->subkeys = TALLOC_P( ctr, char *); - else { - pp = TALLOC_REALLOC_ARRAY( ctr, ctr->subkeys, char *, ctr->num_subkeys+1); - if ( pp ) - ctr->subkeys = pp; + if (ctr->subkeys == NULL) { + ctr->subkeys = TALLOC_P(ctr, char *); + } else { + ctr->subkeys = TALLOC_REALLOC_ARRAY(ctr, ctr->subkeys, char *, ctr->num_subkeys+1); } + if (!ctr->subkeys) { + ctr->num_subkeys = 0; + return 0; + } + /* allocate the string and save it in the array */ ctr->subkeys[ctr->num_subkeys] = talloc_strdup( ctr, keyname );
svn commit: samba r14766 - in branches/SAMBA_3_0/source/registry: .
Author: jra Date: 2006-03-29 22:45:52 + (Wed, 29 Mar 2006) New Revision: 14766 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14766 Log: Fix possible NULL deref. Coverity #254. Jeremy. Modified: branches/SAMBA_3_0/source/registry/reg_objects.c Changeset: Modified: branches/SAMBA_3_0/source/registry/reg_objects.c === --- branches/SAMBA_3_0/source/registry/reg_objects.c2006-03-29 22:41:36 UTC (rev 14765) +++ branches/SAMBA_3_0/source/registry/reg_objects.c2006-03-29 22:45:52 UTC (rev 14766) @@ -43,8 +43,6 @@ int regsubkey_ctr_addkey( REGSUBKEY_CTR *ctr, const char *keyname ) { - char **pp; - if ( !keyname ) return ctr->num_subkeys; @@ -55,14 +53,17 @@ /* allocate a space for the char* in the array */ - if ( ctr->subkeys == 0 ) - ctr->subkeys = TALLOC_P( ctr, char *); - else { - pp = TALLOC_REALLOC_ARRAY( ctr, ctr->subkeys, char *, ctr->num_subkeys+1); - if ( pp ) - ctr->subkeys = pp; + if (ctr->subkeys == NULL) { + ctr->subkeys = TALLOC_P(ctr, char *); + } else { + ctr->subkeys = TALLOC_REALLOC_ARRAY(ctr, ctr->subkeys, char *, ctr->num_subkeys+1); } + if (!ctr->subkeys) { + ctr->num_subkeys = 0; + return 0; + } + /* allocate the string and save it in the array */ ctr->subkeys[ctr->num_subkeys] = talloc_strdup( ctr, keyname );
svn commit: samba r14765 - in trunk/source/lib: .
Author: jra Date: 2006-03-29 22:41:36 + (Wed, 29 Mar 2006) New Revision: 14765 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14765 Log: Fix possible null pointer deref. Coverity #253. Jeremy. Modified: trunk/source/lib/util_pw.c Changeset: Modified: trunk/source/lib/util_pw.c === --- trunk/source/lib/util_pw.c 2006-03-29 22:41:24 UTC (rev 14764) +++ trunk/source/lib/util_pw.c 2006-03-29 22:41:36 UTC (rev 14765) @@ -25,6 +25,9 @@ struct passwd *tcopy_passwd(TALLOC_CTX *mem_ctx, const struct passwd *from) { struct passwd *ret = TALLOC_P(mem_ctx, struct passwd); + if (!ret) { + return NULL; + } ret->pw_name = talloc_strdup(ret, from->pw_name); ret->pw_passwd = talloc_strdup(ret, from->pw_passwd); ret->pw_uid = from->pw_uid; @@ -99,8 +102,7 @@ } pwnam_cache[i] = tcopy_passwd(pwnam_cache, temp); - - if (mem_ctx != NULL) { + if (pwnam_cache[i]!= NULL && mem_ctx != NULL) { return talloc_reference(mem_ctx, pwnam_cache[i]); }
svn commit: samba r14764 - in branches/SAMBA_3_0/source/lib: .
Author: jra Date: 2006-03-29 22:41:24 + (Wed, 29 Mar 2006) New Revision: 14764 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14764 Log: Fix possible null pointer deref. Coverity #253. Jeremy. Modified: branches/SAMBA_3_0/source/lib/util_pw.c Changeset: Modified: branches/SAMBA_3_0/source/lib/util_pw.c === --- branches/SAMBA_3_0/source/lib/util_pw.c 2006-03-29 22:19:01 UTC (rev 14763) +++ branches/SAMBA_3_0/source/lib/util_pw.c 2006-03-29 22:41:24 UTC (rev 14764) @@ -25,6 +25,9 @@ struct passwd *tcopy_passwd(TALLOC_CTX *mem_ctx, const struct passwd *from) { struct passwd *ret = TALLOC_P(mem_ctx, struct passwd); + if (!ret) { + return NULL; + } ret->pw_name = talloc_strdup(ret, from->pw_name); ret->pw_passwd = talloc_strdup(ret, from->pw_passwd); ret->pw_uid = from->pw_uid; @@ -99,8 +102,7 @@ } pwnam_cache[i] = tcopy_passwd(pwnam_cache, temp); - - if (mem_ctx != NULL) { + if (pwnam_cache[i]!= NULL && mem_ctx != NULL) { return talloc_reference(mem_ctx, pwnam_cache[i]); }
svn commit: samba r14763 - in branches/SAMBA_3_0/source: include locking param
Author: jra Date: 2006-03-29 22:19:01 + (Wed, 29 Mar 2006) New Revision: 14763 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14763 Log: Add a new tuning parameter, open files database hash size, this allows us to experiment with ensuring the tdb hash size for our open files and locking db are appropriately sized. Make the hash size larger by default (10007 instead of 1049) and make the locking db hash size the same as the open file db hash size. Jeremy. Modified: branches/SAMBA_3_0/source/include/local.h branches/SAMBA_3_0/source/locking/brlock.c branches/SAMBA_3_0/source/locking/locking.c branches/SAMBA_3_0/source/param/loadparm.c Changeset: Modified: branches/SAMBA_3_0/source/include/local.h === --- branches/SAMBA_3_0/source/include/local.h 2006-03-29 22:19:00 UTC (rev 14762) +++ branches/SAMBA_3_0/source/include/local.h 2006-03-29 22:19:01 UTC (rev 14763) @@ -236,7 +236,7 @@ #define MAX_LDAP_REPLICATION_SLEEP_TIME 5000 /* In milliseconds. */ /* tdb hash size for the open database. */ -#define SMB_OPEN_DATABASE_TDB_HASH_SIZE 1049 +#define SMB_OPEN_DATABASE_TDB_HASH_SIZE 10007 /* Characters we disallow in sharenames. */ #define INVALID_SHARENAME_CHARS "%<>*?|/\\+=;:\"," Modified: branches/SAMBA_3_0/source/locking/brlock.c === --- branches/SAMBA_3_0/source/locking/brlock.c 2006-03-29 22:19:00 UTC (rev 14762) +++ branches/SAMBA_3_0/source/locking/brlock.c 2006-03-29 22:19:01 UTC (rev 14763) @@ -289,8 +289,10 @@ { if (tdb) return; - tdb = tdb_open_log(lock_path("brlock.tdb"), 0, TDB_DEFAULT|(read_only?0x0:TDB_CLEAR_IF_FIRST), - read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644 ); + tdb = tdb_open_log(lock_path("brlock.tdb"), + lp_open_files_db_hash_size(), + TDB_DEFAULT|(read_only?0x0:TDB_CLEAR_IF_FIRST), + read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644 ); if (!tdb) { DEBUG(0,("Failed to open byte range locking database\n")); return; Modified: branches/SAMBA_3_0/source/locking/locking.c === --- branches/SAMBA_3_0/source/locking/locking.c 2006-03-29 22:19:00 UTC (rev 14762) +++ branches/SAMBA_3_0/source/locking/locking.c 2006-03-29 22:19:01 UTC (rev 14763) @@ -301,7 +301,8 @@ return True; tdb = tdb_open_log(lock_path("locking.tdb"), - SMB_OPEN_DATABASE_TDB_HASH_SIZE, TDB_DEFAULT|(read_only?0x0:TDB_CLEAR_IF_FIRST), + lp_open_files_db_hash_size(), + TDB_DEFAULT|(read_only?0x0:TDB_CLEAR_IF_FIRST), read_only?O_RDONLY:O_RDWR|O_CREAT, 0644); Modified: branches/SAMBA_3_0/source/param/loadparm.c === --- branches/SAMBA_3_0/source/param/loadparm.c 2006-03-29 22:19:00 UTC (rev 14762) +++ branches/SAMBA_3_0/source/param/loadparm.c 2006-03-29 22:19:01 UTC (rev 14763) @@ -201,6 +201,7 @@ int max_xmit; int max_mux; int max_open_files; + int open_files_db_hash_size; int pwordlevel; int unamelevel; int deadtime; @@ -1023,6 +1024,7 @@ {"max disk size", P_INTEGER, P_GLOBAL, &Globals.maxdisksize, NULL, NULL, FLAG_ADVANCED}, {"max open files", P_INTEGER, P_GLOBAL, &Globals.max_open_files, NULL, NULL, FLAG_ADVANCED}, {"min print space", P_INTEGER, P_LOCAL, &sDefault.iMinPrintSpace, NULL, NULL, FLAG_ADVANCED | FLAG_PRINT}, + {"open files database hash size", P_INTEGER, P_GLOBAL, &Globals.open_files_db_hash_size, NULL, NULL, FLAG_ADVANCED}, {"socket options", P_GSTRING, P_GLOBAL, user_socket_options, NULL, NULL, FLAG_ADVANCED}, {"strict allocate", P_BOOL, P_LOCAL, &sDefault.bStrictAllocate, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE}, @@ -1498,6 +1500,7 @@ Globals.bLargeReadwrite = True; Globals.max_log_size = 5000; Globals.max_open_files = MAX_OPEN_FILES; + Globals.open_files_db_hash_size = SMB_OPEN_DATABASE_TDB_HASH_SIZE; Globals.maxprotocol = PROTOCOL_NT1; Globals.minprotocol = PROTOCOL_CORE; Globals.security = SEC_USER; @@ -1938,6 +1941,7 @@ FN_GLOBAL_INTEGER(lp_min_wins_ttl, &Globals.min_wins_ttl) FN_GLOBAL_INTEGER(lp_max_log_size, &Globals.max_log_size) FN_GLOBAL_INTEGER(lp_max_open_files, &Globals.max_open_files) +FN_GLOBAL_INTEGER(lp_open_files_db_hash_size, &Globals.open_files_db_hash_size) FN_GLOBAL_INTEGER(lp_maxxmit, &Globals.max_xmit) FN_GLOBAL_INTEGER(lp_maxmux, &Globals.max_mux) FN_GLOBAL_INTEGER(lp_passwordlevel, &Globals.pwordlevel)
svn commit: samba r14762 - in trunk/source: include locking param
Author: jra Date: 2006-03-29 22:19:00 + (Wed, 29 Mar 2006) New Revision: 14762 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14762 Log: Add a new tuning parameter, open files database hash size, this allows us to experiment with ensuring the tdb hash size for our open files and locking db are appropriately sized. Make the hash size larger by default (10007 instead of 1049) and make the locking db hash size the same as the open file db hash size. Jeremy. Modified: trunk/source/include/local.h trunk/source/locking/brlock.c trunk/source/locking/locking.c trunk/source/param/loadparm.c Changeset: Modified: trunk/source/include/local.h === --- trunk/source/include/local.h2006-03-29 19:40:39 UTC (rev 14761) +++ trunk/source/include/local.h2006-03-29 22:19:00 UTC (rev 14762) @@ -236,7 +236,7 @@ #define MAX_LDAP_REPLICATION_SLEEP_TIME 5000 /* In milliseconds. */ /* tdb hash size for the open database. */ -#define SMB_OPEN_DATABASE_TDB_HASH_SIZE 1049 +#define SMB_OPEN_DATABASE_TDB_HASH_SIZE 10007 /* Characters we disallow in sharenames. */ #define INVALID_SHARENAME_CHARS "%<>*?|/\\+=;:\"," Modified: trunk/source/locking/brlock.c === --- trunk/source/locking/brlock.c 2006-03-29 19:40:39 UTC (rev 14761) +++ trunk/source/locking/brlock.c 2006-03-29 22:19:00 UTC (rev 14762) @@ -294,8 +294,10 @@ if (tdb) { return; } - tdb = tdb_open_log(lock_path("brlock.tdb"), 0, TDB_DEFAULT|(read_only?0x0:TDB_CLEAR_IF_FIRST), - read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644 ); + tdb = tdb_open_log(lock_path("brlock.tdb"), + lp_open_files_db_hash_size(), + TDB_DEFAULT|(read_only?0x0:TDB_CLEAR_IF_FIRST), + read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644 ); if (!tdb) { DEBUG(0,("Failed to open byte range locking database %s\n", lock_path("brlock.tdb"))); Modified: trunk/source/locking/locking.c === --- trunk/source/locking/locking.c 2006-03-29 19:40:39 UTC (rev 14761) +++ trunk/source/locking/locking.c 2006-03-29 22:19:00 UTC (rev 14762) @@ -370,7 +370,8 @@ return True; tdb = tdb_open_log(lock_path("locking.tdb"), - SMB_OPEN_DATABASE_TDB_HASH_SIZE, TDB_DEFAULT|(read_only?0x0:TDB_CLEAR_IF_FIRST), + lp_open_files_db_hash_size(), + TDB_DEFAULT|(read_only?0x0:TDB_CLEAR_IF_FIRST), read_only?O_RDONLY:O_RDWR|O_CREAT, 0644); Modified: trunk/source/param/loadparm.c === --- trunk/source/param/loadparm.c 2006-03-29 19:40:39 UTC (rev 14761) +++ trunk/source/param/loadparm.c 2006-03-29 22:19:00 UTC (rev 14762) @@ -201,6 +201,7 @@ int max_xmit; int max_mux; int max_open_files; + int open_files_db_hash_size; int pwordlevel; int unamelevel; int deadtime; @@ -1023,6 +1024,7 @@ {"max disk size", P_INTEGER, P_GLOBAL, &Globals.maxdisksize, NULL, NULL, FLAG_ADVANCED}, {"max open files", P_INTEGER, P_GLOBAL, &Globals.max_open_files, NULL, NULL, FLAG_ADVANCED}, {"min print space", P_INTEGER, P_LOCAL, &sDefault.iMinPrintSpace, NULL, NULL, FLAG_ADVANCED | FLAG_PRINT}, + {"open files database hash size", P_INTEGER, P_GLOBAL, &Globals.open_files_db_hash_size, NULL, NULL, FLAG_ADVANCED}, {"socket options", P_GSTRING, P_GLOBAL, user_socket_options, NULL, NULL, FLAG_ADVANCED}, {"strict allocate", P_BOOL, P_LOCAL, &sDefault.bStrictAllocate, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE}, @@ -1498,6 +1500,7 @@ Globals.bLargeReadwrite = True; Globals.max_log_size = 5000; Globals.max_open_files = MAX_OPEN_FILES; + Globals.open_files_db_hash_size = SMB_OPEN_DATABASE_TDB_HASH_SIZE; Globals.maxprotocol = PROTOCOL_NT1; Globals.minprotocol = PROTOCOL_CORE; Globals.security = SEC_USER; @@ -1938,6 +1941,7 @@ FN_GLOBAL_INTEGER(lp_min_wins_ttl, &Globals.min_wins_ttl) FN_GLOBAL_INTEGER(lp_max_log_size, &Globals.max_log_size) FN_GLOBAL_INTEGER(lp_max_open_files, &Globals.max_open_files) +FN_GLOBAL_INTEGER(lp_open_files_db_hash_size, &Globals.open_files_db_hash_size) FN_GLOBAL_INTEGER(lp_maxxmit, &Globals.max_xmit) FN_GLOBAL_INTEGER(lp_maxmux, &Globals.max_mux) FN_GLOBAL_INTEGER(lp_passwordlevel, &Globals.pwordlevel)
svn commit: samba r14761 - in trunk/source: locking smbd
Author: jra Date: 2006-03-29 19:40:39 + (Wed, 29 Mar 2006) New Revision: 14761 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14761 Log: Pass in extra parameters which will make it easier to do blocking POSIX lock requests. Jeremy. Modified: trunk/source/locking/brlock.c trunk/source/smbd/blocking.c trunk/source/smbd/reply.c Changeset: Modified: trunk/source/locking/brlock.c === --- trunk/source/locking/brlock.c 2006-03-29 18:55:39 UTC (rev 14760) +++ trunk/source/locking/brlock.c 2006-03-29 19:40:39 UTC (rev 14761) @@ -189,7 +189,7 @@ return False; } - /* One is read, the other write, context or fnum are different, + /* One is read, the other write, or the context is different, do they overlap ? */ return brl_overlap(lck1, lck2); } Modified: trunk/source/smbd/blocking.c === --- trunk/source/smbd/blocking.c2006-03-29 18:55:39 UTC (rev 14760) +++ trunk/source/smbd/blocking.c2006-03-29 19:40:39 UTC (rev 14761) @@ -36,6 +36,7 @@ SMB_BIG_UINT count; uint16 lock_pid; enum brl_flavour lock_flav; + enum brl_type lock_type; char *inbuf; int length; } blocking_lock_record; @@ -54,25 +55,6 @@ } / - Get the files_struct given a particular queued SMB. -*/ - -static files_struct *get_fsp_from_pkt(char *inbuf) -{ - switch(CVAL(inbuf,smb_com)) { - case SMBlock: - case SMBlockread: - return file_fsp(inbuf,smb_vwv0); - case SMBlockingX: - return file_fsp(inbuf,smb_vwv2); - default: - DEBUG(0,("get_fsp_from_pkt: PANIC - unknown type on blocking lock queue - exiting.!\n")); - exit_server("PANIC - unknown type on blocking lock queue"); - } - return NULL; /* Keep compiler happy. */ -} - -/ Determine if this is a secondary element of a chained SMB. **/ @@ -88,8 +70,14 @@ Function to push a blocking lock request onto the lock queue. / -BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout, - int lock_num, uint16 lock_pid, SMB_BIG_UINT offset, SMB_BIG_UINT count) +BOOL push_blocking_lock_request( char *inbuf, int length, + files_struct *fsp, + int lock_timeout, + int lock_num, + uint16 lock_pid, + enum brl_type lock_type, + enum brl_flavour lock_flav, + SMB_BIG_UINT offset, SMB_BIG_UINT count) { static BOOL set_lock_msg; blocking_lock_record *blr, *tmp; @@ -119,11 +107,12 @@ } blr->com_type = CVAL(inbuf,smb_com); - blr->fsp = get_fsp_from_pkt(inbuf); + blr->fsp = fsp; blr->expire_time = (lock_timeout == -1) ? (time_t)-1 : time(NULL) + (time_t)lock_timeout; blr->lock_num = lock_num; blr->lock_pid = lock_pid; - blr->lock_flav = WINDOWS_LOCK; + blr->lock_flav = lock_flav; + blr->lock_type = lock_type; blr->offset = offset; blr->count = count; memcpy(blr->inbuf, inbuf, length); Modified: trunk/source/smbd/reply.c === --- trunk/source/smbd/reply.c 2006-03-29 18:55:39 UTC (rev 14760) +++ trunk/source/smbd/reply.c 2006-03-29 19:40:39 UTC (rev 14761) @@ -2412,8 +2412,15 @@ * this smb into a queued request and push it * onto the blocking lock queue. */ - if(push_blocking_lock_request(inbuf, length, -1, 0, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)startpos, - (SMB_BIG_UINT)numtoread)) { + if(push_blocking_lock_request(inbuf, length, + fsp, + -1, + 0, + SVAL(inbuf,smb_pid), + WRITE_LOCK, + WINDOWS_LOCK, + (SMB_BIG_UINT)startpos, + (SMB_BIG_UINT)numtoread)) { END_PROFILE(SMBlockread); return -1; } @@ -3435,7 +3442,14 @@
svn commit: samba r14760 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jra Date: 2006-03-29 18:55:39 + (Wed, 29 Mar 2006) New Revision: 14760 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14760 Log: Fix #3642, ensure we don't call FD_SET on read with fd == -1. Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/wb_common.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/wb_common.c === --- branches/SAMBA_3_0/source/nsswitch/wb_common.c 2006-03-29 18:53:58 UTC (rev 14759) +++ branches/SAMBA_3_0/source/nsswitch/wb_common.c 2006-03-29 18:55:39 UTC (rev 14760) @@ -411,6 +411,10 @@ int result = 0, nread = 0; int total_time = 0, selret; + if (winbindd_fd == -1) { + return -1; + } + /* Read data from socket */ while(nread < count) { struct timeval tv;
svn commit: samba r14759 - in trunk/source/nsswitch: .
Author: jra Date: 2006-03-29 18:53:58 + (Wed, 29 Mar 2006) New Revision: 14759 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14759 Log: Fix #3642, ensure we don't call FD_SET on read with fd == -1. Jeremy. Modified: trunk/source/nsswitch/wb_common.c Changeset: Modified: trunk/source/nsswitch/wb_common.c === --- trunk/source/nsswitch/wb_common.c 2006-03-29 18:24:34 UTC (rev 14758) +++ trunk/source/nsswitch/wb_common.c 2006-03-29 18:53:58 UTC (rev 14759) @@ -411,6 +411,10 @@ int result = 0, nread = 0; int total_time = 0, selret; + if (winbindd_fd == -1) { + return -1; + } + /* Read data from socket */ while(nread < count) { struct timeval tv;
svn commit: samba r14758 - branches/SAMBA_3_0/source/passdb trunk/source/passdb
Author: gd Date: 2006-03-29 18:24:34 + (Wed, 29 Mar 2006) New Revision: 14758 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14758 Log: Fix broken LDAP search filter. Guenther Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c trunk/source/passdb/pdb_ldap.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c === --- branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2006-03-29 15:30:26 UTC (rev 14757) +++ branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2006-03-29 18:24:34 UTC (rev 14758) @@ -4303,7 +4303,7 @@ state->scope = LDAP_SCOPE_SUBTREE; state->filter = talloc_asprintf(search->mem_ctx, "(&(objectclass=sambaGroupMapping)" - "(sambaGroupType=%d)(sambaSID=%s)", + "(sambaGroupType=%d)(sambaSID=%s))", type, sid_string_static(sid)); state->attrs = talloc_attrs(search->mem_ctx, "cn", "sambaSid", "displayName", "description", Modified: trunk/source/passdb/pdb_ldap.c === --- trunk/source/passdb/pdb_ldap.c 2006-03-29 15:30:26 UTC (rev 14757) +++ trunk/source/passdb/pdb_ldap.c 2006-03-29 18:24:34 UTC (rev 14758) @@ -4303,7 +4303,7 @@ state->scope = LDAP_SCOPE_SUBTREE; state->filter = talloc_asprintf(search->mem_ctx, "(&(objectclass=sambaGroupMapping)" - "(sambaGroupType=%d)(sambaSID=%s)", + "(sambaGroupType=%d)(sambaSID=%s))", type, sid_string_static(sid)); state->attrs = talloc_attrs(search->mem_ctx, "cn", "sambaSid", "displayName", "description",
svn commit: samba r14757 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: gd Date: 2006-03-29 15:30:26 + (Wed, 29 Mar 2006) New Revision: 14757 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14757 Log: Make sure we only send out a CLDAP request to an connected AD server. Guenther Modified: branches/SAMBA_3_0/source/utils/net_ads.c trunk/source/utils/net_ads.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_ads.c === --- branches/SAMBA_3_0/source/utils/net_ads.c 2006-03-29 14:52:03 UTC (rev 14756) +++ branches/SAMBA_3_0/source/utils/net_ads.c 2006-03-29 15:30:26 UTC (rev 14757) @@ -69,18 +69,20 @@ static int net_ads_lookup(int argc, const char **argv) { ADS_STRUCT *ads; + ADS_STATUS status; ads = ads_init(NULL, opt_target_workgroup, opt_host); if (ads) { ads->auth.flags |= ADS_AUTH_NO_BIND; } - ads_connect(ads); - - if (!ads) { + status = ads_connect(ads); + if (!ADS_ERR_OK(status) || !ads) { d_fprintf(stderr, "Didn't find the cldap server!\n"); return -1; - } if (!ads->config.realm) { + } + + if (!ads->config.realm) { ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); ads->ldap_port = 389; } Modified: trunk/source/utils/net_ads.c === --- trunk/source/utils/net_ads.c2006-03-29 14:52:03 UTC (rev 14756) +++ trunk/source/utils/net_ads.c2006-03-29 15:30:26 UTC (rev 14757) @@ -69,18 +69,20 @@ static int net_ads_lookup(int argc, const char **argv) { ADS_STRUCT *ads; + ADS_STATUS status; ads = ads_init(NULL, opt_target_workgroup, opt_host); if (ads) { ads->auth.flags |= ADS_AUTH_NO_BIND; } - ads_connect(ads); - - if (!ads) { + status = ads_connect(ads); + if (!ADS_ERR_OK(status) || !ads) { d_fprintf(stderr, "Didn't find the cldap server!\n"); return -1; - } if (!ads->config.realm) { + } + + if (!ads->config.realm) { ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup); ads->ldap_port = 389; }
svn commit: samba r14756 - branches/SAMBA_3_0/source/passdb trunk/source/passdb
Author: gd Date: 2006-03-29 14:52:03 + (Wed, 29 Mar 2006) New Revision: 14756 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14756 Log: Make smbpasswd -a root work for eDirectory where there is no "account" structural objectclass. Guenther Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c trunk/source/passdb/pdb_ldap.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c === --- branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2006-03-29 13:31:30 UTC (rev 14755) +++ branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2006-03-29 14:52:03 UTC (rev 14756) @@ -940,9 +940,16 @@ * took out adding "objectclass: sambaAccount" * do this on a per-mod basis */ - if (need_update(sampass, PDB_USERNAME)) + if (need_update(sampass, PDB_USERNAME)) { smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, "uid", pdb_get_username(sampass)); + if (ldap_state->is_nds_ldap) { + smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, + "cn", pdb_get_username(sampass)); + smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, + "sn", pdb_get_username(sampass)); + } + } DEBUG(2, ("init_ldap_from_sam: Setting entry for user: %s\n", pdb_get_username(sampass))); @@ -1525,10 +1532,16 @@ /* may be password change below however */ } else { switch(ldap_op) { - case LDAP_MOD_ADD: - smbldap_set_mod(&mods, LDAP_MOD_ADD, - "objectclass", - LDAP_OBJ_ACCOUNT); + case LDAP_MOD_ADD: + if (ldap_state->is_nds_ldap) { + smbldap_set_mod(&mods, LDAP_MOD_ADD, + "objectclass", + "inetOrgPerson"); + } else { + smbldap_set_mod(&mods, LDAP_MOD_ADD, + "objectclass", + LDAP_OBJ_ACCOUNT); + } rc = smbldap_add(ldap_state->smbldap_state, dn, mods); break; Modified: trunk/source/passdb/pdb_ldap.c === --- trunk/source/passdb/pdb_ldap.c 2006-03-29 13:31:30 UTC (rev 14755) +++ trunk/source/passdb/pdb_ldap.c 2006-03-29 14:52:03 UTC (rev 14756) @@ -940,9 +940,16 @@ * took out adding "objectclass: sambaAccount" * do this on a per-mod basis */ - if (need_update(sampass, PDB_USERNAME)) + if (need_update(sampass, PDB_USERNAME)) { smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, "uid", pdb_get_username(sampass)); + if (ldap_state->is_nds_ldap) { + smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, + "cn", pdb_get_username(sampass)); + smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, + "sn", pdb_get_username(sampass)); + } + } DEBUG(2, ("init_ldap_from_sam: Setting entry for user: %s\n", pdb_get_username(sampass))); @@ -1525,10 +1532,16 @@ /* may be password change below however */ } else { switch(ldap_op) { - case LDAP_MOD_ADD: - smbldap_set_mod(&mods, LDAP_MOD_ADD, - "objectclass", - LDAP_OBJ_ACCOUNT); + case LDAP_MOD_ADD: + if (ldap_state->is_nds_ldap) { + smbldap_set_mod(&mods, LDAP_MOD_ADD, + "objectclass", + "inetOrgPerson"); + } else { + smbldap_set_mod(&mods, LDAP_MOD_ADD, + "objectclass", + LDAP_OBJ_ACCOUNT); + } rc = smbldap_add(ldap_state->smblda
svn commit: samba-web r937 - in trunk/vendors: .
Author: deryck Date: 2006-03-29 13:49:56 + (Wed, 29 Mar 2006) New Revision: 937 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=937 Log: Keep vendors in alphabetical order. deryck Modified: trunk/vendors/index.html Changeset: Modified: trunk/vendors/index.html === --- trunk/vendors/index.html2006-03-28 20:06:50 UTC (rev 936) +++ trunk/vendors/index.html2006-03-29 13:49:56 UTC (rev 937) @@ -32,15 +32,15 @@ BrainStorm Technologies - -Cobalt Networks, Inc. - - +Cobalt Networks, Inc. + + +
svn commit: samba r14755 - in branches/SAMBA_4_0/source/ntvfs: common posix
Author: tridge Date: 2006-03-29 13:31:30 + (Wed, 29 Mar 2006) New Revision: 14755 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14755 Log: the change notify code now passes most of the RAW-NOTIFY test. Still more work to do though Modified: branches/SAMBA_4_0/source/ntvfs/common/notify.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_wait.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/common/notify.c === --- branches/SAMBA_4_0/source/ntvfs/common/notify.c 2006-03-29 10:20:28 UTC (rev 14754) +++ branches/SAMBA_4_0/source/ntvfs/common/notify.c 2006-03-29 13:31:30 UTC (rev 14755) @@ -332,9 +332,6 @@ return False; } - if (path[len] == 0) { - return True; - } if (path[len] != '/') { return False; } @@ -395,7 +392,9 @@ /* this needs to be changed to a log(n) search */ for (i=0;iarray->num_entries;i++) { if (notify_match(notify, ¬ify->array->entries[i], path, action)) { - notify_send(notify, ¬ify->array->entries[i], path, action); + notify_send(notify, ¬ify->array->entries[i], + path + strlen(notify->array->entries[i].path) + 1, + action); } } } Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c 2006-03-29 10:20:28 UTC (rev 14754) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c 2006-03-29 13:31:30 UTC (rev 14755) @@ -83,6 +83,8 @@ return status; } + notify_trigger(pvfs->notify_context, NOTIFY_ACTION_ADDED, name->full_name); + return NT_STATUS_OK; } @@ -135,6 +137,8 @@ return status; } + notify_trigger(pvfs->notify_context, NOTIFY_ACTION_ADDED, name->full_name); + return NT_STATUS_OK; } @@ -172,5 +176,7 @@ return pvfs_map_errno(pvfs, errno); } + notify_trigger(pvfs->notify_context, NOTIFY_ACTION_REMOVED, name->full_name); + return NT_STATUS_OK; } Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c 2006-03-29 10:20:28 UTC (rev 14754) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_notify.c 2006-03-29 13:31:30 UTC (rev 14755) @@ -33,10 +33,13 @@ struct notify_changes *changes; uint32_t max_buffer_size; uint32_t current_buffer_size; - void *wait_handle; + + /* these last two are only present when a notify request is + pending */ + struct ntvfs_request *req; + struct smb_notify *info; }; - /* destroy a notify buffer. Called when the handle is closed */ @@ -48,14 +51,52 @@ return 0; } +/* + send a reply to a pending notify request +*/ +static void pvfs_notify_send(struct pvfs_notify_buffer *notify_buffer) +{ + struct ntvfs_request *req = notify_buffer->req; + struct smb_notify *info = notify_buffer->info; + info->out.num_changes = notify_buffer->num_changes; + info->out.changes = talloc_steal(req, notify_buffer->changes); + notify_buffer->num_changes = 0; + notify_buffer->changes = NULL; + notify_buffer->current_buffer_size = 0; + + notify_buffer->req = NULL; + notify_buffer->info = NULL; + + DEBUG(0,("sending %d changes\n", info->out.num_changes)); + + if (info->out.num_changes == 0) { + req->async_states->status = NT_STATUS_CANCELLED; + } else { + req->async_states->status = NT_STATUS_OK; + } + req->async_states->send_fn(req); +} + + + /* called when a async notify event comes in */ static void pvfs_notify_callback(void *private, const struct notify_event *ev) { struct pvfs_notify_buffer *n = talloc_get_type(private, struct pvfs_notify_buffer); - DEBUG(0,("got notify for '%s'\n", ev->path)); + + n->changes = talloc_realloc(n, n->changes, struct notify_changes, n->num_changes+1); + n->changes[n->num_changes].action = ev->action; + n->changes[n->num_changes].name.s = talloc_strdup(n->changes, ev->path); + n->num_changes++; + + DEBUG(0,("got notify for '%s' action=%d\n", ev->path, ev->action)); + + if (n->req != NULL) { + pvfs_notify_send(n); + } } /* @@ -86,7 +127,23 @@ return NT_STATUS_OK; } +/* + called from the pvfs_wait code when either an event has come in, or + the notify request has been cancelled +*/ +static void pvfs_notify_end(
svn commit: samba r14754 - in trunk/source/smbd: .
Author: vlendec Date: 2006-03-29 10:20:28 + (Wed, 29 Mar 2006) New Revision: 14754 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14754 Log: Many variables to shuffle around... Thanks to G?\195?\188nther Kukkukk for testing it! Volker Modified: trunk/source/smbd/ipc.c trunk/source/smbd/nttrans.c trunk/source/smbd/trans2.c Changeset: Modified: trunk/source/smbd/ipc.c === --- trunk/source/smbd/ipc.c 2006-03-29 09:40:42 UTC (rev 14753) +++ trunk/source/smbd/ipc.c 2006-03-29 10:20:28 UTC (rev 14754) @@ -638,7 +638,7 @@ goto bad_param; if (pdisp > state->total_param) goto bad_param; - if ((smb_base(inbuf) + poff + pcnt >= inbuf+bufsize) || + if ((smb_base(inbuf) + poff + pcnt >= inbuf + size) || (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) goto bad_param; if (state->param + pdisp < state->param) @@ -655,7 +655,7 @@ goto bad_param; if (ddisp > state->total_data) goto bad_param; - if ((smb_base(inbuf) + doff + dcnt >= inbuf + bufsize) || + if ((smb_base(inbuf) + doff + dcnt >= inbuf + size) || (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) goto bad_param; if (state->data + ddisp < state->data) Modified: trunk/source/smbd/nttrans.c === --- trunk/source/smbd/nttrans.c 2006-03-29 09:40:42 UTC (rev 14753) +++ trunk/source/smbd/nttrans.c 2006-03-29 10:20:28 UTC (rev 14754) @@ -3029,7 +3029,7 @@ goto bad_param; if (pdisp > state->total_param) goto bad_param; - if ((smb_base(inbuf) + poff + pcnt >= inbuf+bufsize) || + if ((smb_base(inbuf) + poff + pcnt >= inbuf + size) || (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) goto bad_param; if (state->param + pdisp < state->param) @@ -3046,7 +3046,7 @@ goto bad_param; if (ddisp > state->total_data) goto bad_param; - if ((smb_base(inbuf) + doff + dcnt >= inbuf + bufsize) || + if ((smb_base(inbuf) + doff + dcnt >= inbuf + size) || (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) goto bad_param; if (state->data + ddisp < state->data) Modified: trunk/source/smbd/trans2.c === --- trunk/source/smbd/trans2.c 2006-03-29 09:40:42 UTC (rev 14753) +++ trunk/source/smbd/trans2.c 2006-03-29 10:20:28 UTC (rev 14754) @@ -5314,7 +5314,7 @@ goto bad_param; if (pdisp > state->total_param) goto bad_param; - if ((smb_base(inbuf) + poff + pcnt >= inbuf+bufsize) || + if ((smb_base(inbuf) + poff + pcnt >= inbuf + size) || (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) goto bad_param; if (state->param + pdisp < state->param) @@ -5331,7 +5331,7 @@ goto bad_param; if (ddisp > state->total_data) goto bad_param; - if ((smb_base(inbuf) + doff + dcnt >= inbuf + bufsize) || + if ((smb_base(inbuf) + doff + dcnt >= inbuf + size) || (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) goto bad_param; if (state->data + ddisp < state->data)
svn commit: samba r14753 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd Date: 2006-03-29 09:40:42 + (Wed, 29 Mar 2006) New Revision: 14753 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14753 Log: Fix the kerberized pam_auth: As we could have created a new credential cache with a valid TGT in it but we werent able to get or verify the service ticket for this local host afterwards and therefor didn't get the PAC, we need to remove that ccache entirely. Also remove an ugly pair of (not needed) seteuid calls around the ticket destroy wrapper. Guenther Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c trunk/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-03-28 17:10:20 UTC (rev 14752) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-03-29 09:40:42 UTC (rev 14753) @@ -342,7 +342,7 @@ goto done; memory_ccache: - gen_cc = talloc_strdup(mem_ctx, "MEMORY:winbind_cache"); + gen_cc = talloc_strdup(mem_ctx, "MEMORY:winbindd_pam_ccache"); done: if (gen_cc == NULL) { @@ -495,7 +495,7 @@ DEBUG(1,("winbindd_raw_kerberos_login: kinit failed for '%s' with: %s (%d)\n", principal_s, error_message(krb5_ret), krb5_ret)); result = krb5_to_nt_status(krb5_ret); - goto done; + goto failed; } /* does http_timestring use heimdals libroken strftime?? - Guenther */ @@ -507,7 +507,7 @@ client_princ = talloc_strdup(state->mem_ctx, global_myname()); if (client_princ == NULL) { result = NT_STATUS_NO_MEMORY; - goto done; + goto failed; } strlower_m(client_princ); @@ -515,7 +515,7 @@ if (local_service == NULL) { DEBUG(0,("winbindd_raw_kerberos_login: out of memory\n")); result = NT_STATUS_NO_MEMORY; - goto done; + goto failed; } krb5_ret = cli_krb5_get_ticket(local_service, @@ -525,10 +525,10 @@ 0, cc); if (krb5_ret) { - DEBUG(1,("winbindd_raw_kerberos_login: failed to get ticket for: %s\n", - local_service)); + DEBUG(1,("winbindd_raw_kerberos_login: failed to get ticket for %s: %s\n", + local_service, error_message(krb5_ret))); result = krb5_to_nt_status(krb5_ret); - goto done; + goto failed; } if (!internal_ccache) { @@ -547,7 +547,7 @@ if (!NT_STATUS_IS_OK(result)) { DEBUG(0,("winbindd_raw_kerberos_login: ads_verify_ticket failed: %s\n", nt_errstr(result))); - goto done; + goto failed; } DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n", @@ -556,14 +556,14 @@ if (!pac_data) { DEBUG(3,("winbindd_raw_kerberos_login: no pac data\n")); result = NT_STATUS_INVALID_PARAMETER; - goto done; + goto failed; } logon_info = get_logon_info_from_pac(pac_data); if (logon_info == NULL) { DEBUG(1,("winbindd_raw_kerberos_login: no logon info\n")); result = NT_STATUS_INVALID_PARAMETER; - goto done; + goto failed; } @@ -599,6 +599,22 @@ result = NT_STATUS_OK; + goto done; + +failed: + + /* we could have created a new credential cache with a valid tgt in it +* but we werent able to get or verify the service ticket for this +* local host and therefor didn't get the PAC, we need to remove that +* cache entirely now */ + + krb5_ret = ads_kdestroy(cc); + if (krb5_ret) { + DEBUG(0,("winbindd_raw_kerberos_login: " +"could not destroy krb5 credential cache: " +"%s\n", error_message(krb5_ret))); + } + done: data_blob_free(&session_key); data_blob_free(&session_key_krb5); @@ -1802,12 +1818,8 @@ goto process_result; } - seteuid(entry->uid); - ret = ads_kdestroy(entry->ccname); - seteuid(0); - if (ret) { DEBUG(0,("winbindd_pam_logoff: failed to destroy user ccache %s with: %s\n", entry->ccname, error_message(ret))); Modified: trunk/source/nsswitch/winbindd_pam.c === --- trunk/source/nsswitch/winbindd_pam.c2006-03-28 17:10:20 UTC (rev 14752) +++ trunk/source/nsswitch/winbindd_pam.c2006-03-29 09:40:42 UTC (rev 14753) @@ -342,7 +342,7 @@