The branch, master has been updated
via a07eb08... s4:dcesrv_samr: always use mem_ctx as initial parent for
samr_*_state
via 4ab83fb... s4:loadparm: don't leak the names of all shares in each
lp_service() call
via 69e96f0... s4:dsdb/partition_init: don't leak a talloc_new() in
case we have no data yet
via dc8e681... libcli/auth: initialize creds in
netlogon_creds_client_init_session_key()
via fab9aff... s4:gensec/schannel: remove unused talloc_reference() in
schannel_update()
via f2da9c8... libcli/auth: fix memory leak in
schannel_creds_server_step_check_ldb()
via 5ae1d70... libcli/auth: don't leak the ldb_msg in
schannel_store_session_key_ldb()
from 3054fe4... Fix bug 6802 - A created folder does not properly
inherit permissions from parent.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a07eb08870823fa443911d3b857724bde1e3021b
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Oct 23 17:30:47 2009 +0200
s4:dcesrv_samr: always use mem_ctx as initial parent for samr_*_state
We always steal the state to the policy handle on success,
but untill then keep it on the short term context.
metze
commit 4ab83fb1b7d2929c6ae454f3f073d4baf3510ca3
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Oct 23 15:12:01 2009 +0200
s4:loadparm: don't leak the names of all shares in each lp_service() call
metze
commit 69e96f08f1def1c28abe928ccbb0717566e49c8c
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Oct 23 15:11:08 2009 +0200
s4:dsdb/partition_init: don't leak a talloc_new() in case we have no data
yet
metze
commit dc8e681755242b21bfb0e2d0cade633542ba7c81
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Oct 23 17:26:58 2009 +0200
libcli/auth: initialize creds in netlogon_creds_client_init_session_key()
metze
commit fab9aff6a20b7dcb5a570fd2a103b5e5da6fea93
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Oct 23 17:25:19 2009 +0200
s4:gensec/schannel: remove unused talloc_reference() in schannel_update()
We never expose creds to the caller in schannel_update().
metze
commit f2da9c8c1a2f7a4b805f43fd643f877c9274799a
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Oct 23 17:23:56 2009 +0200
libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb()
metze
commit 5ae1d700ebf4b6bb63128f50c01ce4365b4e8d94
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Oct 23 15:10:20 2009 +0200
libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb()
metze
-----------------------------------------------------------------------
Summary of changes:
libcli/auth/credentials.c | 5 +-
libcli/auth/schannel_state_ldb.c | 63 ++++++++++++++---------
source4/auth/gensec/schannel.c | 2 +-
source4/dsdb/samdb/ldb_modules/partition_init.c | 7 ++-
source4/param/loadparm.c | 5 ++-
source4/rpc_server/samr/dcesrv_samr.c | 14 +++---
6 files changed, 58 insertions(+), 38 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 87d1866..667a2fa 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -248,8 +248,9 @@ struct netlogon_creds_CredentialState
*netlogon_creds_client_init(TALLOC_CTX *me
struct netlogon_creds_CredentialState
*netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx,
const uint8_t session_key[16])
{
- struct netlogon_creds_CredentialState *creds = talloc(mem_ctx, struct
netlogon_creds_CredentialState);
-
+ struct netlogon_creds_CredentialState *creds;
+
+ creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
if (!creds) {
return NULL;
}
diff --git a/libcli/auth/schannel_state_ldb.c b/libcli/auth/schannel_state_ldb.c
index 62873a4..ba3d96f 100644
--- a/libcli/auth/schannel_state_ldb.c
+++ b/libcli/auth/schannel_state_ldb.c
@@ -95,7 +95,7 @@ NTSTATUS schannel_store_session_key_ldb(struct ldb_context
*ldb,
return NT_STATUS_NO_MEMORY;
}
- msg = ldb_msg_new(ldb);
+ msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -270,10 +270,21 @@ NTSTATUS schannel_creds_server_step_check_ldb(struct
ldb_context *ldb,
struct netr_Authenticator
*return_authenticator,
struct
netlogon_creds_CredentialState **creds_out)
{
- struct netlogon_creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds = NULL;
NTSTATUS nt_status;
int ret;
+ /* If we are flaged that schannel is required for a call, and
+ * it is not in use, then make this an error */
+
+ /* It would be good to make this mandetory once schannel is
+ * negoiated, but this is not what windows does */
+ if (schannel_required_for_call && !schannel_in_use) {
+ DEBUG(0,("schannel_creds_server_step_check: client %s not using
schannel for netlogon, despite negotiating it\n",
+ creds->computer_name ));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
ret = ldb_transaction_start(ldb);
if (ret != 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -285,37 +296,39 @@ NTSTATUS schannel_creds_server_step_check_ldb(struct
ldb_context *ldb,
nt_status = schannel_fetch_session_key_ldb(ldb, ldb, computer_name,
&creds);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ ldb_transaction_cancel(ldb);
+ return nt_status;
+ }
- /* If we are flaged that schannel is required for a call, and
- * it is not in use, then make this an error */
-
- /* It would be good to make this mandetory once schannel is
- * negoiated, bu this is not what windows does */
- if (schannel_required_for_call && !schannel_in_use) {
- DEBUG(0,("schannel_creds_server_step_check: client %s not using
schannel for netlogon, despite negotiating it\n",
- creds->computer_name ));
+ nt_status = netlogon_creds_server_step_check(creds,
+ received_authenticator,
+ return_authenticator);
+ if (!NT_STATUS_IS_OK(nt_status)) {
ldb_transaction_cancel(ldb);
- return NT_STATUS_ACCESS_DENIED;
+ talloc_free(creds);
+ return nt_status;
}
- if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = netlogon_creds_server_step_check(creds,
-
received_authenticator,
-
return_authenticator);
+ nt_status = schannel_store_session_key_ldb(ldb, mem_ctx, creds);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ ldb_transaction_cancel(ldb);
+ talloc_free(creds);
+ return nt_status;
}
- if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = schannel_store_session_key_ldb(ldb, mem_ctx, creds);
+ ldb_transaction_commit(ldb);
+ if (ret != 0) {
+ talloc_free(creds);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- if (NT_STATUS_IS_OK(nt_status)) {
- ldb_transaction_commit(ldb);
- if (creds_out) {
- *creds_out = creds;
- talloc_steal(mem_ctx, creds);
- }
+ if (creds_out) {
+ *creds_out = creds;
+ talloc_steal(mem_ctx, creds);
} else {
- ldb_transaction_cancel(ldb);
+ talloc_free(creds);
}
- return nt_status;
+
+ return NT_STATUS_OK;
}
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 58cbb6a..7b8bdec 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -156,7 +156,7 @@ static NTSTATUS schannel_update(struct gensec_security
*gensec_security, TALLOC_
return status;
}
- state->creds = talloc_reference(state, creds);
+ state->creds = talloc_steal(state, creds);
bind_schannel_ack.MessageType = NL_NEGOTIATE_RESPONSE;
bind_schannel_ack.Flags = 0;
diff --git a/source4/dsdb/samdb/ldb_modules/partition_init.c
b/source4/dsdb/samdb/ldb_modules/partition_init.c
index cc778d6..28eab9b 100644
--- a/source4/dsdb/samdb/ldb_modules/partition_init.c
+++ b/source4/dsdb/samdb/ldb_modules/partition_init.c
@@ -353,22 +353,25 @@ static int add_partition_to_data(struct ldb_context *ldb,
struct partition_priva
int partition_reload_if_required(struct ldb_module *module,
struct partition_private_data *data)
-
{
uint64_t seq;
int ret, i;
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct ldb_message *msg;
struct ldb_message_element *partition_attributes;
- TALLOC_CTX *mem_ctx = talloc_new(data);
+ TALLOC_CTX *mem_ctx;
+
if (!data) {
/* Not initilised yet */
return LDB_SUCCESS;
}
+
+ mem_ctx = talloc_new(data);
if (!mem_ctx) {
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
+
ret = partition_primary_sequence_number(module, mem_ctx,
LDB_SEQ_HIGHEST_SEQ, &seq);
if (ret != LDB_SUCCESS) {
talloc_free(mem_ctx);
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 882de13..669e0d7 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -2609,8 +2609,11 @@ struct loadparm_service *lp_service(struct
loadparm_context *lp_ctx,
serviceName = standard_sub_basic(
lp_ctx->services[iService],
lp_ctx->services[iService]->szService);
- if (strequal(serviceName, service_name))
+ if (strequal(serviceName, service_name)) {
+ talloc_free(serviceName);
return lp_ctx->services[iService];
+ }
+ talloc_free(serviceName);
}
}
diff --git a/source4/rpc_server/samr/dcesrv_samr.c
b/source4/rpc_server/samr/dcesrv_samr.c
index 08f1471..7be1cf9 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -165,7 +165,7 @@ static NTSTATUS dcesrv_samr_Connect(struct
dcesrv_call_state *dce_call, TALLOC_C
ZERO_STRUCTP(r->out.connect_handle);
- c_state = talloc(dce_call->conn, struct samr_connect_state);
+ c_state = talloc(mem_ctx, struct samr_connect_state);
if (!c_state) {
return NT_STATUS_NO_MEMORY;
}
@@ -398,7 +398,7 @@ static NTSTATUS dcesrv_samr_OpenDomain(struct
dcesrv_call_state *dce_call, TALLO
return NT_STATUS_INVALID_PARAMETER;
}
- d_state = talloc(c_state, struct samr_domain_state);
+ d_state = talloc(mem_ctx, struct samr_domain_state);
if (!d_state) {
return NT_STATUS_NO_MEMORY;
}
@@ -1040,7 +1040,7 @@ static NTSTATUS dcesrv_samr_CreateDomainGroup(struct
dcesrv_call_state *dce_call
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- a_state = talloc(d_state, struct samr_account_state);
+ a_state = talloc(mem_ctx, struct samr_account_state);
if (!a_state) {
return NT_STATUS_NO_MEMORY;
}
@@ -1333,7 +1333,7 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct
dcesrv_call_state *dce_call, TALL
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- a_state = talloc(d_state, struct samr_account_state);
+ a_state = talloc(mem_ctx, struct samr_account_state);
if (!a_state) {
ldb_transaction_cancel(d_state->sam_ctx);
return NT_STATUS_NO_MEMORY;
@@ -1614,7 +1614,7 @@ static NTSTATUS dcesrv_samr_CreateDomAlias(struct
dcesrv_call_state *dce_call, T
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- a_state = talloc(d_state, struct samr_account_state);
+ a_state = talloc(mem_ctx, struct samr_account_state);
if (!a_state) {
return NT_STATUS_NO_MEMORY;
}
@@ -2043,7 +2043,7 @@ static NTSTATUS dcesrv_samr_OpenGroup(struct
dcesrv_call_state *dce_call, TALLOC
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- a_state = talloc(d_state, struct samr_account_state);
+ a_state = talloc(mem_ctx, struct samr_account_state);
if (!a_state) {
return NT_STATUS_NO_MEMORY;
}
@@ -2520,7 +2520,7 @@ static NTSTATUS dcesrv_samr_OpenAlias(struct
dcesrv_call_state *dce_call, TALLOC
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- a_state = talloc(d_state, struct samr_account_state);
+ a_state = talloc(mem_ctx, struct samr_account_state);
if (!a_state) {
return NT_STATUS_NO_MEMORY;
}
--
Samba Shared Repository
