Package: samba
Version: 3.0.21a-1
Severity: important
Tags: patch
The vfs module "full_audit" is broken, somehow the parameter bitmap
gets freed after the client disconnects from the share (but not the
server). In result, the modules logs everything, filling up /var and
using lots of cpu for smbd and syslog processes.
The patch has been tested and works fine, it's an immediate fix but
maybe not the right way to do it.
It would be appreciated to have the patch in debian while it is
submitted upstream.
regards
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.32
Locale: LANG=C, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Versions of packages samba depends on:
ii debconf [debc 1.4.66 Debian configuration management sy
ii libacl1 2.2.34-1 Access control list shared library
ii libattr1 2.4.25-1 Extended attribute shared library
ii libc6 2.3.5-8 GNU C Library: Shared libraries an
ii libcomerr2 1.38+1.39-WIP-2005.12.10-1 common error description library
ii libcupsys2 1.1.23-12 Common UNIX Printing System(tm) -
ii libkrb53 1.4.3-5 MIT Kerberos runtime libraries
ii libldap2 2.1.30-12 OpenLDAP libraries
ii libpam-module 0.79-3 Pluggable Authentication Modules f
ii libpam-runtim 0.79-3 Runtime support for the PAM librar
ii libpam0g 0.79-3 Pluggable Authentication Modules l
ii libpopt0 1.7-5 lib for parsing cmdline parameters
ii logrotate 3.7.1-2 Log rotation utility
ii lsb-base 3.0-13 Linux Standard Base 3.0 init scrip
ii netbase 4.24 Basic TCP/IP networking system
ii samba-common 3.0.21a-1 Samba common files used by both th
Versions of packages samba recommends:
pn smbldap-tools <none> (no description available)
-- debconf information excluded
--- vfs_full_audit.c.orig 2006-01-16 15:29:14.000000000 +0000
+++ vfs_full_audit.c 2006-01-16 15:31:12.000000000 +0000
@@ -667,7 +667,7 @@
static BOOL log_success(vfs_op_type op)
{
if (success_ops == NULL)
- return True;
+ return False;
return bitmap_query(success_ops, op);
}
@@ -677,7 +677,7 @@
static BOOL log_failure(vfs_op_type op)
{
if (failure_ops == NULL)
- return True;
+ return False;
return bitmap_query(failure_ops, op);
}
@@ -776,16 +776,25 @@
{
int result;
const char *none[] = { NULL };
- const char *all [] = { "all" };
openlog("smbd_audit", 0, audit_syslog_facility(handle));
+
+ if (success_ops) {
+ bitmap_free(success_ops);
+ success_ops = NULL;
+ }
+
+ if (failure_ops) {
+ bitmap_free(failure_ops);
+ failure_ops = NULL;
+ }
init_bitmap(&success_ops,
lp_parm_string_list(SNUM(conn), "full_audit", "success",
none));
init_bitmap(&failure_ops,
lp_parm_string_list(SNUM(conn), "full_audit", "failure",
- all));
+ none));
result = SMB_VFS_NEXT_CONNECT(handle, conn, svc, user);
@@ -803,12 +812,6 @@
do_log(SMB_VFS_OP_DISCONNECT, True, handle,
"%s", lp_servicename(SNUM(conn)));
- bitmap_free(success_ops);
- success_ops = NULL;
-
- bitmap_free(failure_ops);
- failure_ops = NULL;
-
return;
}
