From a571667a487f08f3f0d6625df1a6307c7b43080e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb@sernet.de>
Date: Fri, 5 Jul 2013 13:19:59 +0200
Subject: [PATCH 1/3] s3-lib: fix segf while reading incomplete session info
 (bug #10003)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 53aa069b97070c73b782e2868b9b9686abe353cc)
---
 source3/lib/conn_tdb.c      |  9 +++++++--
 source3/lib/sessionid_tdb.c | 15 ++++++++++-----
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c
index a7e7cf0..bb7618f 100644
--- a/source3/lib/conn_tdb.c
+++ b/source3/lib/conn_tdb.c
@@ -53,8 +53,13 @@ static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
 	uint32_t id = global->session_global_id;
 	struct connections_forall_session sess;
 
-	sess.uid = global->auth_session_info->unix_token->uid;
-	sess.gid = global->auth_session_info->unix_token->gid;
+	if (global->auth_session_info == NULL) {
+		sess.uid = -1;
+		sess.gid = -1;
+	} else {
+		sess.uid = global->auth_session_info->unix_token->uid;
+		sess.gid = global->auth_session_info->unix_token->gid;
+	}
 	strncpy(sess.machine, global->channels[0].remote_name, sizeof(sess.machine));
 	strncpy(sess.addr, global->channels[0].remote_address, sizeof(sess.addr));
 
diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c
index 045b3d2..7a19611 100644
--- a/source3/lib/sessionid_tdb.c
+++ b/source3/lib/sessionid_tdb.c
@@ -38,16 +38,21 @@ static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global,
 		(struct sessionid_traverse_read_state *)private_data;
 	struct auth_session_info *session_info = global->auth_session_info;
 	struct sessionid session = {
-		.uid = session_info->unix_token->uid,
-		.gid = session_info->unix_token->gid,
+		.uid = -1,
+		.gid = -1,
 		.id_num = global->session_global_id,
 		.connect_start = nt_time_to_unix(global->creation_time),
 		.pid = global->channels[0].server_id,
 	};
 
-	strncpy(session.username,
-		session_info->unix_info->unix_name,
-		sizeof(fstring)-1);
+	if (session_info != NULL) {
+		session.uid = session_info->unix_token->uid;
+		session.gid = session_info->unix_token->gid;
+		strncpy(session.username,
+			session_info->unix_info->unix_name,
+			sizeof(fstring)-1);
+	}
+
 	strncpy(session.remote_machine,
 		global->channels[0].remote_name,
 		sizeof(fstring)-1);
-- 
1.8.1.5


From 71dcc11e81574d5931020b3350847a75b3c986cb Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 8 Jul 2013 16:31:13 +0200
Subject: [PATCH 2/3] s3-lib: hide incomplete smbXsrv_tcon_global records
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Part of fix for bug #10003

Pair-programmed-with: Björn Baumbach <bb@sernet.de>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c52e61f7ba215da28cbb7b8e328aea110ad79b11)
---
 source3/lib/conn_tdb.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c
index bb7618f..b218831 100644
--- a/source3/lib/conn_tdb.c
+++ b/source3/lib/conn_tdb.c
@@ -91,6 +91,19 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global,
 
 	TDB_DATA val = tdb_null;
 
+	/*
+	 * Note: that share_name is defined as array without a pointer.
+	 * that's why it's always a valid pointer here.
+	 */
+	if (strlen(global->share_name) == 0) {
+		/*
+		 * when a smbXsrv_tcon is created it's created
+		 * with emtpy share_name first in order to allocate
+		 * an id, before filling in the details.
+		 */
+		return 0;
+	}
+
 	status = dbwrap_fetch(state->session_by_pid, state,
 			      make_tdb_data((void*)&sess_id, sizeof(sess_id)),
 			      &val);
-- 
1.8.1.5


From 1be688a6b61e9a5daeb63f7d3a46d87de030a5de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb@sernet.de>
Date: Tue, 9 Jul 2013 12:32:34 +0200
Subject: [PATCH 3/3] s3-smbstatus: display [u|g]id of -1 as "-1" in connection
 list
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In order to avoid displayed uid or gid of "4294967295" instead of "-1", we
need to fetch the special case -1.
The id can be -1 if we are reading e.g. incomplete session information.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 10 01:18:30 CEST 2013 on sn-devel-104
(cherry picked from commit 577cef82c776759c9f3cad7d33057ac865c40769)
---
 source3/utils/status.c | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/source3/utils/status.c b/source3/utils/status.c
index f4b5f4e..be7c52f 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -283,13 +283,29 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
 
 	Ucrit_addPid(session->pid);
 
-	fstr_sprintf(uid_str, "%u", (unsigned int)session->uid);
-	fstr_sprintf(gid_str, "%u", (unsigned int)session->gid);
+	fstrcpy(uid_str, "-1");
+
+	if (session->uid != -1) {
+		if (numeric_only) {
+			fstr_sprintf(uid_str, "%u", (unsigned int)session->uid);
+		} else {
+			fstrcpy(uid_str, uidtoname(session->uid));
+		}
+	}
+
+	fstrcpy(gid_str, "-1");
+
+	if (session->gid != -1) {
+		if (numeric_only) {
+			fstr_sprintf(gid_str, "%u", (unsigned int)session->gid);
+		} else {
+			fstrcpy(gid_str, gidtoname(session->gid));
+		}
+	}
 
 	d_printf("%-7s   %-12s  %-12s  %-12s (%s)\n",
 		 procid_str_static(&session->pid),
-		 numeric_only ? uid_str : uidtoname(session->uid),
-		 numeric_only ? gid_str : gidtoname(session->gid),
+		 uid_str, gid_str,
 		 session->remote_machine, session->hostname);
 
 	return 0;
-- 
1.8.1.5