The branch, master has been updated via a07eb08... s4:dcesrv_samr: always use mem_ctx as initial parent for samr_*_state via 4ab83fb... s4:loadparm: don't leak the names of all shares in each lp_service() call via 69e96f0... s4:dsdb/partition_init: don't leak a talloc_new() in case we have no data yet via dc8e681... libcli/auth: initialize creds in netlogon_creds_client_init_session_key() via fab9aff... s4:gensec/schannel: remove unused talloc_reference() in schannel_update() via f2da9c8... libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb() via 5ae1d70... libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb() from 3054fe4... Fix bug 6802 - A created folder does not properly inherit permissions from parent.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a07eb08870823fa443911d3b857724bde1e3021b Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 23 17:30:47 2009 +0200 s4:dcesrv_samr: always use mem_ctx as initial parent for samr_*_state We always steal the state to the policy handle on success, but untill then keep it on the short term context. metze commit 4ab83fb1b7d2929c6ae454f3f073d4baf3510ca3 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 23 15:12:01 2009 +0200 s4:loadparm: don't leak the names of all shares in each lp_service() call metze commit 69e96f08f1def1c28abe928ccbb0717566e49c8c Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 23 15:11:08 2009 +0200 s4:dsdb/partition_init: don't leak a talloc_new() in case we have no data yet metze commit dc8e681755242b21bfb0e2d0cade633542ba7c81 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 23 17:26:58 2009 +0200 libcli/auth: initialize creds in netlogon_creds_client_init_session_key() metze commit fab9aff6a20b7dcb5a570fd2a103b5e5da6fea93 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 23 17:25:19 2009 +0200 s4:gensec/schannel: remove unused talloc_reference() in schannel_update() We never expose creds to the caller in schannel_update(). metze commit f2da9c8c1a2f7a4b805f43fd643f877c9274799a Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 23 17:23:56 2009 +0200 libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb() metze commit 5ae1d700ebf4b6bb63128f50c01ce4365b4e8d94 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Oct 23 15:10:20 2009 +0200 libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb() metze ----------------------------------------------------------------------- Summary of changes: libcli/auth/credentials.c | 5 +- libcli/auth/schannel_state_ldb.c | 63 ++++++++++++++--------- source4/auth/gensec/schannel.c | 2 +- source4/dsdb/samdb/ldb_modules/partition_init.c | 7 ++- source4/param/loadparm.c | 5 ++- source4/rpc_server/samr/dcesrv_samr.c | 14 +++--- 6 files changed, 58 insertions(+), 38 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 87d1866..667a2fa 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -248,8 +248,9 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *me struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx, const uint8_t session_key[16]) { - struct netlogon_creds_CredentialState *creds = talloc(mem_ctx, struct netlogon_creds_CredentialState); - + struct netlogon_creds_CredentialState *creds; + + creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState); if (!creds) { return NULL; } diff --git a/libcli/auth/schannel_state_ldb.c b/libcli/auth/schannel_state_ldb.c index 62873a4..ba3d96f 100644 --- a/libcli/auth/schannel_state_ldb.c +++ b/libcli/auth/schannel_state_ldb.c @@ -95,7 +95,7 @@ NTSTATUS schannel_store_session_key_ldb(struct ldb_context *ldb, return NT_STATUS_NO_MEMORY; } - msg = ldb_msg_new(ldb); + msg = ldb_msg_new(mem_ctx); if (msg == NULL) { return NT_STATUS_NO_MEMORY; } @@ -270,10 +270,21 @@ NTSTATUS schannel_creds_server_step_check_ldb(struct ldb_context *ldb, struct netr_Authenticator *return_authenticator, struct netlogon_creds_CredentialState **creds_out) { - struct netlogon_creds_CredentialState *creds; + struct netlogon_creds_CredentialState *creds = NULL; NTSTATUS nt_status; int ret; + /* If we are flaged that schannel is required for a call, and + * it is not in use, then make this an error */ + + /* It would be good to make this mandetory once schannel is + * negoiated, but this is not what windows does */ + if (schannel_required_for_call && !schannel_in_use) { + DEBUG(0,("schannel_creds_server_step_check: client %s not using schannel for netlogon, despite negotiating it\n", + creds->computer_name )); + return NT_STATUS_ACCESS_DENIED; + } + ret = ldb_transaction_start(ldb); if (ret != 0) { return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -285,37 +296,39 @@ NTSTATUS schannel_creds_server_step_check_ldb(struct ldb_context *ldb, nt_status = schannel_fetch_session_key_ldb(ldb, ldb, computer_name, &creds); + if (!NT_STATUS_IS_OK(nt_status)) { + ldb_transaction_cancel(ldb); + return nt_status; + } - /* If we are flaged that schannel is required for a call, and - * it is not in use, then make this an error */ - - /* It would be good to make this mandetory once schannel is - * negoiated, bu this is not what windows does */ - if (schannel_required_for_call && !schannel_in_use) { - DEBUG(0,("schannel_creds_server_step_check: client %s not using schannel for netlogon, despite negotiating it\n", - creds->computer_name )); + nt_status = netlogon_creds_server_step_check(creds, + received_authenticator, + return_authenticator); + if (!NT_STATUS_IS_OK(nt_status)) { ldb_transaction_cancel(ldb); - return NT_STATUS_ACCESS_DENIED; + talloc_free(creds); + return nt_status; } - if (NT_STATUS_IS_OK(nt_status)) { - nt_status = netlogon_creds_server_step_check(creds, - received_authenticator, - return_authenticator); + nt_status = schannel_store_session_key_ldb(ldb, mem_ctx, creds); + if (!NT_STATUS_IS_OK(nt_status)) { + ldb_transaction_cancel(ldb); + talloc_free(creds); + return nt_status; } - if (NT_STATUS_IS_OK(nt_status)) { - nt_status = schannel_store_session_key_ldb(ldb, mem_ctx, creds); + ldb_transaction_commit(ldb); + if (ret != 0) { + talloc_free(creds); + return NT_STATUS_INTERNAL_DB_CORRUPTION; } - if (NT_STATUS_IS_OK(nt_status)) { - ldb_transaction_commit(ldb); - if (creds_out) { - *creds_out = creds; - talloc_steal(mem_ctx, creds); - } + if (creds_out) { + *creds_out = creds; + talloc_steal(mem_ctx, creds); } else { - ldb_transaction_cancel(ldb); + talloc_free(creds); } - return nt_status; + + return NT_STATUS_OK; } diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 58cbb6a..7b8bdec 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -156,7 +156,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ return status; } - state->creds = talloc_reference(state, creds); + state->creds = talloc_steal(state, creds); bind_schannel_ack.MessageType = NL_NEGOTIATE_RESPONSE; bind_schannel_ack.Flags = 0; diff --git a/source4/dsdb/samdb/ldb_modules/partition_init.c b/source4/dsdb/samdb/ldb_modules/partition_init.c index cc778d6..28eab9b 100644 --- a/source4/dsdb/samdb/ldb_modules/partition_init.c +++ b/source4/dsdb/samdb/ldb_modules/partition_init.c @@ -353,22 +353,25 @@ static int add_partition_to_data(struct ldb_context *ldb, struct partition_priva int partition_reload_if_required(struct ldb_module *module, struct partition_private_data *data) - { uint64_t seq; int ret, i; struct ldb_context *ldb = ldb_module_get_ctx(module); struct ldb_message *msg; struct ldb_message_element *partition_attributes; - TALLOC_CTX *mem_ctx = talloc_new(data); + TALLOC_CTX *mem_ctx; + if (!data) { /* Not initilised yet */ return LDB_SUCCESS; } + + mem_ctx = talloc_new(data); if (!mem_ctx) { ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; } + ret = partition_primary_sequence_number(module, mem_ctx, LDB_SEQ_HIGHEST_SEQ, &seq); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 882de13..669e0d7 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -2609,8 +2609,11 @@ struct loadparm_service *lp_service(struct loadparm_context *lp_ctx, serviceName = standard_sub_basic( lp_ctx->services[iService], lp_ctx->services[iService]->szService); - if (strequal(serviceName, service_name)) + if (strequal(serviceName, service_name)) { + talloc_free(serviceName); return lp_ctx->services[iService]; + } + talloc_free(serviceName); } } diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 08f1471..7be1cf9 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -165,7 +165,7 @@ static NTSTATUS dcesrv_samr_Connect(struct dcesrv_call_state *dce_call, TALLOC_C ZERO_STRUCTP(r->out.connect_handle); - c_state = talloc(dce_call->conn, struct samr_connect_state); + c_state = talloc(mem_ctx, struct samr_connect_state); if (!c_state) { return NT_STATUS_NO_MEMORY; } @@ -398,7 +398,7 @@ static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLO return NT_STATUS_INVALID_PARAMETER; } - d_state = talloc(c_state, struct samr_domain_state); + d_state = talloc(mem_ctx, struct samr_domain_state); if (!d_state) { return NT_STATUS_NO_MEMORY; } @@ -1040,7 +1040,7 @@ static NTSTATUS dcesrv_samr_CreateDomainGroup(struct dcesrv_call_state *dce_call return NT_STATUS_INTERNAL_DB_CORRUPTION; } - a_state = talloc(d_state, struct samr_account_state); + a_state = talloc(mem_ctx, struct samr_account_state); if (!a_state) { return NT_STATUS_NO_MEMORY; } @@ -1333,7 +1333,7 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL return NT_STATUS_INTERNAL_DB_CORRUPTION; } - a_state = talloc(d_state, struct samr_account_state); + a_state = talloc(mem_ctx, struct samr_account_state); if (!a_state) { ldb_transaction_cancel(d_state->sam_ctx); return NT_STATUS_NO_MEMORY; @@ -1614,7 +1614,7 @@ static NTSTATUS dcesrv_samr_CreateDomAlias(struct dcesrv_call_state *dce_call, T return NT_STATUS_INTERNAL_DB_CORRUPTION; } - a_state = talloc(d_state, struct samr_account_state); + a_state = talloc(mem_ctx, struct samr_account_state); if (!a_state) { return NT_STATUS_NO_MEMORY; } @@ -2043,7 +2043,7 @@ static NTSTATUS dcesrv_samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC return NT_STATUS_INTERNAL_DB_CORRUPTION; } - a_state = talloc(d_state, struct samr_account_state); + a_state = talloc(mem_ctx, struct samr_account_state); if (!a_state) { return NT_STATUS_NO_MEMORY; } @@ -2520,7 +2520,7 @@ static NTSTATUS dcesrv_samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC return NT_STATUS_INTERNAL_DB_CORRUPTION; } - a_state = talloc(d_state, struct samr_account_state); + a_state = talloc(mem_ctx, struct samr_account_state); if (!a_state) { return NT_STATUS_NO_MEMORY; } -- Samba Shared Repository