[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett Thu, 30 Aug 2012 23:12:08 -0700

The branch, master has been updated
       via  d2c0387 s4-kdc: Give information on how long the password history is
       via  efec5a9 s4-libnet: Fix memory leak of lsa_RefDomainList and 
lsa_String onto libnet_ctx
       via  a5d57a0 auth/credentials: Do not print passwords in a talloc memory 
dump
      from  a3b67e5 VERSION: Move on to beta9


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit d2c0387d66038fb474daa1507923c2138a6e584f
Author: Andrew Bartlett <abart...@samba.org>
Date:   Fri Aug 31 14:02:28 2012 +1000

    s4-kdc: Give information on how long the password history is
    
    Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
    Autobuild-Date(master): Fri Aug 31 08:06:17 CEST 2012 on sn-devel-104

commit efec5a9299455bd53cc770f2bc364f9a6f4f8def
Author: Andrew Bartlett <abart...@samba.org>
Date:   Fri Aug 31 12:38:41 2012 +1000

    s4-libnet: Fix memory leak of lsa_RefDomainList and lsa_String onto 
libnet_ctx
    
    These are only needed for as long as the call, and should be children of the
    private context.
    
    This was found based on a log provided by Ricky Nance
    <ricky.na...@weaubleau.k12.mo.us>.  Thanks Ricky!
    
    Andrew Bartlett

commit a5d57a04c2e515212cc1f2b51c9a02acb33a79ba
Author: Andrew Bartlett <abart...@samba.org>
Date:   Fri Aug 31 11:19:54 2012 +1000

    auth/credentials: Do not print passwords in a talloc memory dump
    
    The fact that a password was created here is enough information, so
    overwrite with the function name and line.
    
    Andrew Bartlett

-----------------------------------------------------------------------

Summary of changes:
 auth/credentials/credentials.c |    8 ++++++++
 source4/kdc/kpasswdd.c         |    3 ++-
 source4/libnet/libnet_lookup.c |    4 ++--
 3 files changed, 12 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 05f0a62..e636123 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -371,6 +371,10 @@ _PUBLIC_ bool cli_credentials_set_password(struct 
cli_credentials *cred,
 {
        if (obtained >= cred->password_obtained) {
                cred->password = talloc_strdup(cred, val);
+               if (cred->password) {
+                       /* Don't print the actual password in talloc memory 
dumps */
+                       talloc_set_name_const(cred->password, "password set via 
cli_credentials_set_password");
+               }
                cred->password_obtained = obtained;
                cli_credentials_invalidate_ccache(cred, 
cred->password_obtained);
 
@@ -416,6 +420,10 @@ _PUBLIC_ bool cli_credentials_set_old_password(struct 
cli_credentials *cred,
                                      enum credentials_obtained obtained)
 {
        cred->old_password = talloc_strdup(cred, val);
+       if (cred->old_password) {
+               /* Don't print the actual password in talloc memory dumps */
+               talloc_set_name_const(cred->old_password, "password set via 
cli_credentials_set_old_password");
+       }
        return true;
 }
 
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 8bed20e..c05ea82 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -119,7 +119,8 @@ static bool kpasswd_make_pwchange_reply(struct kdc_server 
*kdc,
                        reject_string = "Password does not meet complexity 
requirements";
                        break;
                case SAM_PWD_CHANGE_PWD_IN_HISTORY:
-                       reject_string = "Password is already in password 
history";
+                       reject_string = talloc_asprintf(mem_ctx, "Password is 
already in password history, cannot match any of your %d passwords",
+                                                       
dominfo->password_history_length);
                        break;
                default:
                        reject_string = talloc_asprintf(mem_ctx, "Password must 
be at least %d characters long, and cannot match any of your %d previous 
passwords",
diff --git a/source4/libnet/libnet_lookup.c b/source4/libnet/libnet_lookup.c
index 31ac6e4..cf2d70c 100644
--- a/source4/libnet/libnet_lookup.c
+++ b/source4/libnet/libnet_lookup.c
@@ -308,7 +308,7 @@ static bool prepare_lookup_params(struct libnet_context 
*ctx,
        s->sids.count = 0;
        s->sids.sids  = NULL;
        
-       s->names = talloc_array(ctx, struct lsa_String, single_name);
+       s->names = talloc_array(s, struct lsa_String, single_name);
        if (composite_nomem(s->names, c)) return false;
        s->names[0].string = s->name;
        
@@ -320,7 +320,7 @@ static bool prepare_lookup_params(struct libnet_context 
*ctx,
        s->lookup.in.count     = &s->count;
        s->lookup.out.count    = &s->count;
        s->lookup.out.sids     = &s->sids;
-       s->lookup.out.domains  = talloc_zero(ctx, struct lsa_RefDomainList *);
+       s->lookup.out.domains  = talloc_zero(s, struct lsa_RefDomainList *);
        if (composite_nomem(s->lookup.out.domains, c)) return false;
        
        return true;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to