[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha7-2412-g5c19c60
Andrew Bartlett
abartlet at samba.org
Fri Jun 19 01:32:44 GMT 2009
The branch, master has been updated
via 5c19c60c5741196fc0a2b8db901e1be02139ae4e (commit)
via a8e757ba4ca2a003c114295473fe08a8f80fb2c2 (commit)
via 2627c6c0c2d3d96b3d458092ba8b090447a76a61 (commit)
via 0376d056e58d76b7792a5512d84c07f703838b4d (commit)
from 5d40677a9b7d97a028878422be3dc1ace4bfeecf (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5c19c60c5741196fc0a2b8db901e1be02139ae4e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Jun 19 11:29:31 2009 +1000
s4:ldb Add test for integer normalisation behaviour
This uses groupType as the example, but this actually applies to all
integer types in AD.
Andrew Bartlett
commit a8e757ba4ca2a003c114295473fe08a8f80fb2c2
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Thu Jun 18 11:18:05 2009 +0200
A fix in the ACL code used by both SAMBA 3 and 4
This fixes an uninitialised structure. It has been found through valgrind
in the RAW-ACLs test suite (Bug #6397).
commit 2627c6c0c2d3d96b3d458092ba8b090447a76a61
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Thu Jun 18 11:16:16 2009 +0200
Fixed some uninitialised variables
I tried hard to not change the program logic. Should fix bug #6439.
commit 0376d056e58d76b7792a5512d84c07f703838b4d
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Thu Jun 18 11:05:45 2009 +0200
Correct handling of 32-bit integer attributes in SAMBA 4
- LDB handles now all 32-bit integer attributes correctly (also with overflows)
according to the schema
- LDAP backends handle the attributes "groupType", "userAccountControl" and
"sAMAccountType" correctly. This handling doesn't yet use the schema but
the conversion file "simple_ldap.map.c" which contains them hardcoded.
Did also a refactoring of the conversion function there.
- Bug #6136 should be gone
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 1 -
libcli/security/security_descriptor.c | 2 +-
source4/auth/kerberos/gssapi_parse.c | 6 +--
source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 39 +++++++----
source4/dsdb/schema/schema_syntax.c | 15 ++--
source4/lib/ldb-samba/ldif_handlers.c | 84 ++++++++++++++-------
source4/lib/ldb-samba/ldif_handlers.h | 4 +
source4/lib/ldb/tests/python/ldap.py | 17 +++++
source4/lib/registry/regf.c | 3 +-
source4/lib/tls/tls.c | 3 +-
source4/utils/ntlm_auth.c | 13 +++-
11 files changed, 126 insertions(+), 61 deletions(-)
Changeset truncated at 500 lines:
diff --git a/.gitignore b/.gitignore
index e8e1dfa..1ace6e7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -206,7 +206,6 @@ source4/lib/ldb/examples/ldbreader
source4/lib/ldb/examples/ldifreader
source4/lib/ldb/lib
source4/lib/ldb/man/*.html
-source4/lib/ldb-samba/ldif_handlers.h
source4/lib/ldb/samba/ldif_handlers_proto.h
source4/lib/ldb/tests/tmp
source4/libnet/libnet_proto.h
diff --git a/libcli/security/security_descriptor.c b/libcli/security/security_descriptor.c
index 59d82b8..f18a326 100644
--- a/libcli/security/security_descriptor.c
+++ b/libcli/security/security_descriptor.c
@@ -373,7 +373,7 @@ static struct security_descriptor *security_descriptor_appendv(struct security_d
while ((sidstr = va_arg(ap, const char *))) {
struct dom_sid *sid;
- struct security_ace *ace = talloc(sd, struct security_ace);
+ struct security_ace *ace = talloc_zero(sd, struct security_ace);
NTSTATUS status;
if (ace == NULL) {
diff --git a/source4/auth/kerberos/gssapi_parse.c b/source4/auth/kerberos/gssapi_parse.c
index 489ebca..b538d82 100644
--- a/source4/auth/kerberos/gssapi_parse.c
+++ b/source4/auth/kerberos/gssapi_parse.c
@@ -35,12 +35,8 @@ DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *tick
struct asn1_data *data;
DATA_BLOB ret;
- if (!data || !ticket->data) {
- return data_blob(NULL,0);
- }
-
data = asn1_init(mem_ctx);
- if (data == NULL) {
+ if (!data || !ticket->data) {
return data_blob(NULL,0);
}
diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
index 948241b..0a6c350 100644
--- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
+++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
@@ -146,19 +146,10 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC
static struct ldb_val normalise_to_signed32(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
{
- long long int signed_ll = strtoll((const char *)val->data, NULL, 10);
- if (signed_ll >= 0x80000000LL) {
- union {
- int32_t signed_int;
- uint32_t unsigned_int;
- } u = {
- .unsigned_int = strtoul((const char *)val->data, NULL, 10)
- };
-
- struct ldb_val out = data_blob_string_const(talloc_asprintf(ctx, "%d", u.signed_int));
- return out;
- }
- return val_copy(module, ctx, val);
+ struct ldb_val out;
+ int32_t i = (int32_t) strtol((char *)val->data, NULL, 0);
+ out = data_blob_string_const(talloc_asprintf(ctx, "%d", i));
+ return out;
}
static struct ldb_val usn_to_entryCSN(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
@@ -359,6 +350,17 @@ static const struct ldb_map_attribute entryuuid_attributes[] =
}
},
{
+ .local_name = "userAccountControl",
+ .type = MAP_CONVERT,
+ .u = {
+ .convert = {
+ .remote_name = "userAccountControl",
+ .convert_local = normalise_to_signed32,
+ .convert_remote = val_copy,
+ },
+ }
+ },
+ {
.local_name = "sAMAccountType",
.type = MAP_CONVERT,
.u = {
@@ -500,6 +502,17 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] =
}
},
{
+ .local_name = "userAccountControl",
+ .type = MAP_CONVERT,
+ .u = {
+ .convert = {
+ .remote_name = "userAccountControl",
+ .convert_local = normalise_to_signed32,
+ .convert_remote = val_copy,
+ },
+ }
+ },
+ {
.local_name = "sAMAccountType",
.type = MAP_CONVERT,
.u = {
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index 4fd6501..c26b407 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -829,17 +829,14 @@ static WERROR dsdb_syntax_UNICODE_ldb_to_drsuapi(struct ldb_context *ldb,
W_ERROR_HAVE_NO_MEMORY(blobs);
for (i=0; i < in->num_values; i++) {
- ssize_t ret;
-
out->value_ctr.values[i].blob = &blobs[i];
- if (!convert_string_talloc_convenience(blobs, schema->iconv_convenience, CH_UNIX, CH_UTF16,
- in->values[i].data,
- in->values[i].length,
- (void **)&blobs[i].data, NULL, false)) {
- return WERR_FOOBAR;
+ if (!convert_string_talloc_convenience(blobs,
+ schema->iconv_convenience, CH_UNIX, CH_UTF16,
+ in->values[i].data, in->values[i].length,
+ (void **)&blobs[i].data, &blobs[i].length, false)) {
+ return WERR_FOOBAR;
}
- blobs[i].length = ret;
}
return WERR_OK;
@@ -1243,6 +1240,7 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
.ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
.equality = "integerMatch",
.comment = "Integer",
+ .ldb_syntax = LDB_SYNTAX_SAMBA_INT32
},{
.name = "String(Octet)",
.ldap_oid = LDB_SYNTAX_OCTET_STRING,
@@ -1279,6 +1277,7 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
.attributeSyntax_oid = "2.5.5.9",
.drsuapi_to_ldb = dsdb_syntax_INT32_drsuapi_to_ldb,
.ldb_to_drsuapi = dsdb_syntax_INT32_ldb_to_drsuapi,
+ .ldb_syntax = LDB_SYNTAX_SAMBA_INT32
},{
/* not used in w2k3 forest */
.name = "String(Numeric)",
diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c
index 30be444..43cb960 100644
--- a/source4/lib/ldb-samba/ldif_handlers.c
+++ b/source4/lib/ldb-samba/ldif_handlers.c
@@ -3,6 +3,7 @@
Copyright (C) Andrew Tridgell 2005
Copyright (C) Andrew Bartlett 2006-2007
+ Copyright (C) Matthias Dieter Wallnöfer 2009
** NOTE! The following LGPL license applies to the ldb
** library. This does NOT imply that all of Samba is released
** under the LGPL
@@ -79,7 +80,7 @@ static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx,
return 0;
}
-static bool ldb_comparision_objectSid_isString(const struct ldb_val *v)
+static bool ldif_comparision_objectSid_isString(const struct ldb_val *v)
{
if (v->length < 3) {
return false;
@@ -93,13 +94,13 @@ static bool ldb_comparision_objectSid_isString(const struct ldb_val *v)
/*
compare two objectSids
*/
-static int ldb_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx,
+static int ldif_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *v1, const struct ldb_val *v2)
{
- if (ldb_comparision_objectSid_isString(v1) && ldb_comparision_objectSid_isString(v2)) {
+ if (ldif_comparision_objectSid_isString(v1) && ldif_comparision_objectSid_isString(v2)) {
return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
- } else if (ldb_comparision_objectSid_isString(v1)
- && !ldb_comparision_objectSid_isString(v2)) {
+ } else if (ldif_comparision_objectSid_isString(v1)
+ && !ldif_comparision_objectSid_isString(v2)) {
struct ldb_val v;
int ret;
if (ldif_read_objectSid(ldb, mem_ctx, v1, &v) != 0) {
@@ -109,8 +110,8 @@ static int ldb_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx,
ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
talloc_free(v.data);
return ret;
- } else if (!ldb_comparision_objectSid_isString(v1)
- && ldb_comparision_objectSid_isString(v2)) {
+ } else if (!ldif_comparision_objectSid_isString(v1)
+ && ldif_comparision_objectSid_isString(v2)) {
struct ldb_val v;
int ret;
if (ldif_read_objectSid(ldb, mem_ctx, v2, &v) != 0) {
@@ -127,10 +128,10 @@ static int ldb_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx,
/*
canonicalise a objectSid
*/
-static int ldb_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx,
+static int ldif_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *in, struct ldb_val *out)
{
- if (ldb_comparision_objectSid_isString(in)) {
+ if (ldif_comparision_objectSid_isString(in)) {
if (ldif_read_objectSid(ldb, mem_ctx, in, out) != 0) {
/* Perhaps not a string after all */
return ldb_handler_copy(ldb, mem_ctx, in, out);
@@ -145,7 +146,7 @@ static int extended_dn_read_SID(struct ldb_context *ldb, void *mem_ctx,
{
struct dom_sid sid;
enum ndr_err_code ndr_err;
- if (ldb_comparision_objectSid_isString(in)) {
+ if (ldif_comparision_objectSid_isString(in)) {
if (ldif_read_objectSid(ldb, mem_ctx, in, out) == 0) {
return 0;
}
@@ -214,7 +215,7 @@ static int ldif_write_objectGUID(struct ldb_context *ldb, void *mem_ctx,
return 0;
}
-static bool ldb_comparision_objectGUID_isString(const struct ldb_val *v)
+static bool ldif_comparision_objectGUID_isString(const struct ldb_val *v)
{
if (v->length != 36 && v->length != 38) return false;
@@ -257,13 +258,13 @@ static int extended_dn_read_GUID(struct ldb_context *ldb, void *mem_ctx,
/*
compare two objectGUIDs
*/
-static int ldb_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx,
+static int ldif_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *v1, const struct ldb_val *v2)
{
- if (ldb_comparision_objectGUID_isString(v1) && ldb_comparision_objectGUID_isString(v2)) {
+ if (ldif_comparision_objectGUID_isString(v1) && ldif_comparision_objectGUID_isString(v2)) {
return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
- } else if (ldb_comparision_objectGUID_isString(v1)
- && !ldb_comparision_objectGUID_isString(v2)) {
+ } else if (ldif_comparision_objectGUID_isString(v1)
+ && !ldif_comparision_objectGUID_isString(v2)) {
struct ldb_val v;
int ret;
if (ldif_read_objectGUID(ldb, mem_ctx, v1, &v) != 0) {
@@ -273,8 +274,8 @@ static int ldb_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx,
ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
talloc_free(v.data);
return ret;
- } else if (!ldb_comparision_objectGUID_isString(v1)
- && ldb_comparision_objectGUID_isString(v2)) {
+ } else if (!ldif_comparision_objectGUID_isString(v1)
+ && ldif_comparision_objectGUID_isString(v2)) {
struct ldb_val v;
int ret;
if (ldif_read_objectGUID(ldb, mem_ctx, v2, &v) != 0) {
@@ -291,10 +292,10 @@ static int ldb_comparison_objectGUID(struct ldb_context *ldb, void *mem_ctx,
/*
canonicalise a objectGUID
*/
-static int ldb_canonicalise_objectGUID(struct ldb_context *ldb, void *mem_ctx,
+static int ldif_canonicalise_objectGUID(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *in, struct ldb_val *out)
{
- if (ldb_comparision_objectGUID_isString(in)) {
+ if (ldif_comparision_objectGUID_isString(in)) {
if (ldif_read_objectGUID(ldb, mem_ctx, in, out) != 0) {
/* Perhaps it wasn't a valid string after all */
return ldb_handler_copy(ldb, mem_ctx, in, out);
@@ -626,6 +627,31 @@ static int ldif_comparison_prefixMap(struct ldb_context *ldb, void *mem_ctx,
return ret;
}
+/* Canonicalisation of two 32-bit integers */
+static int ldif_canonicalise_int32(struct ldb_context *ldb, void *mem_ctx,
+ const struct ldb_val *in, struct ldb_val *out)
+{
+ char *end;
+ int32_t i = (int32_t) strtol((char *)in->data, &end, 0);
+ if (*end != 0) {
+ return -1;
+ }
+ out->data = (uint8_t *) talloc_asprintf(mem_ctx, "%d", i);
+ if (out->data == NULL) {
+ return -1;
+ }
+ out->length = strlen((char *)out->data);
+ return 0;
+}
+
+/* Comparison of two 32-bit integers */
+static int ldif_comparison_int32(struct ldb_context *ldb, void *mem_ctx,
+ const struct ldb_val *v1, const struct ldb_val *v2)
+{
+ return (int32_t) strtol((char *)v1->data, NULL, 0)
+ - (int32_t) strtol((char *)v2->data, NULL, 0);
+}
+
static int extended_dn_write_hex(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *in, struct ldb_val *out)
{
@@ -636,18 +662,13 @@ static int extended_dn_write_hex(struct ldb_context *ldb, void *mem_ctx,
return 0;
}
-
-#define LDB_SYNTAX_SAMBA_GUID "LDB_SYNTAX_SAMBA_GUID"
-#define LDB_SYNTAX_SAMBA_OBJECT_CATEGORY "LDB_SYNTAX_SAMBA_OBJECT_CATEGORY"
-#define LDB_SYNTAX_SAMBA_PREFIX_MAP "LDB_SYNTAX_SAMBA_PREFIX_MAP"
-
static const struct ldb_schema_syntax samba_syntaxes[] = {
{
.name = LDB_SYNTAX_SAMBA_SID,
.ldif_read_fn = ldif_read_objectSid,
.ldif_write_fn = ldif_write_objectSid,
- .canonicalise_fn = ldb_canonicalise_objectSid,
- .comparison_fn = ldb_comparison_objectSid
+ .canonicalise_fn = ldif_canonicalise_objectSid,
+ .comparison_fn = ldif_comparison_objectSid
},{
.name = LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR,
.ldif_read_fn = ldif_read_ntSecurityDescriptor,
@@ -658,8 +679,8 @@ static const struct ldb_schema_syntax samba_syntaxes[] = {
.name = LDB_SYNTAX_SAMBA_GUID,
.ldif_read_fn = ldif_read_objectGUID,
.ldif_write_fn = ldif_write_objectGUID,
- .canonicalise_fn = ldb_canonicalise_objectGUID,
- .comparison_fn = ldb_comparison_objectGUID
+ .canonicalise_fn = ldif_canonicalise_objectGUID,
+ .comparison_fn = ldif_comparison_objectGUID
},{
.name = LDB_SYNTAX_SAMBA_OBJECT_CATEGORY,
.ldif_read_fn = ldb_handler_copy,
@@ -672,6 +693,12 @@ static const struct ldb_schema_syntax samba_syntaxes[] = {
.ldif_write_fn = ldif_write_prefixMap,
.canonicalise_fn = ldif_canonicalise_prefixMap,
.comparison_fn = ldif_comparison_prefixMap
+ },{
+ .name = LDB_SYNTAX_SAMBA_INT32,
+ .ldif_read_fn = ldb_handler_copy,
+ .ldif_write_fn = ldb_handler_copy,
+ .canonicalise_fn = ldif_canonicalise_int32,
+ .comparison_fn = ldif_comparison_int32
}
};
@@ -694,6 +721,7 @@ static const struct ldb_dn_extended_syntax samba_dn_syntax[] = {
}
};
+/* TODO: Should be dynamic at some point */
static const struct {
const char *name;
const char *syntax;
diff --git a/source4/lib/ldb-samba/ldif_handlers.h b/source4/lib/ldb-samba/ldif_handlers.h
index e37c416..3e1f17e 100644
--- a/source4/lib/ldb-samba/ldif_handlers.h
+++ b/source4/lib/ldb-samba/ldif_handlers.h
@@ -3,6 +3,10 @@
#define LDB_SYNTAX_SAMBA_SID "LDB_SYNTAX_SAMBA_SID"
#define LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR "1.2.840.113556.1.4.907"
+#define LDB_SYNTAX_SAMBA_GUID "LDB_SYNTAX_SAMBA_GUID"
+#define LDB_SYNTAX_SAMBA_OBJECT_CATEGORY "LDB_SYNTAX_SAMBA_OBJECT_CATEGORY"
+#define LDB_SYNTAX_SAMBA_PREFIX_MAP "LDB_SYNTAX_SAMBA_PREFIX_MAP"
+#define LDB_SYNTAX_SAMBA_INT32 "LDB_SYNTAX_SAMBA_INT32"
#include "lib/ldb-samba/ldif_handlers_proto.h"
diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index caa1c47..5418cc9 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -124,6 +124,23 @@ class BasicTests(unittest.TestCase):
ldb.delete("cn=parentguidtest,cn=testotherusers," + self.base_dn)
ldb.delete("cn=testotherusers," + self.base_dn)
+ def test_groupType(self):
+ """Test groupType behaviour
+ (should appear to be casted to a 32 bit signed integer before comparsion)"""
+ print "Testing groupType behaviour\n"
+
+ res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
+ attrs=["groupType"], expression="groupType=2147483650");
+
+ res2 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
+ attrs=["groupType"], expression="groupType=-2147483646");
+
+ self.assertEquals(len(res1), len(res2))
+
+ self.assertTrue(res1.count > 0)
+
+ self.assertEquals(res1[0]["groupType"][0], "-2147483646")
+
def test_all(self):
"""Basic tests"""
diff --git a/source4/lib/registry/regf.c b/source4/lib/registry/regf.c
index fbb9cd9..6d4ea1b 100644
--- a/source4/lib/registry/regf.c
+++ b/source4/lib/registry/regf.c
@@ -1727,7 +1727,8 @@ static WERROR regf_add_key(TALLOC_CTX *ctx, const struct hive_key *parent,
if (!hbin_get_tdr(regf, regf->header->data_offset, root,
(tdr_pull_fn_t)tdr_pull_nk_block, root)) {
- DEBUG(0, ("Unable to find HBIN data for offset %d\n", offset));
+ DEBUG(0, ("Unable to find HBIN data for offset %d\n",
+ regf->header->data_offset));
return WERR_GENERAL_FAILURE;
}
nk.sk_offset = root->sk_offset;
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index 1014ab0..8a5ee89 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -547,7 +547,6 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
struct tls_context *tls;
int ret = 0;
const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
- char *cafile;
struct socket_context *new_sock;
NTSTATUS nt_status;
@@ -574,7 +573,7 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
gnutls_global_init();
gnutls_certificate_allocate_credentials(&tls->xcred);
- gnutls_certificate_set_x509_trust_file(tls->xcred, cafile, GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_x509_trust_file(tls->xcred, ca_path, GNUTLS_X509_FMT_PEM);
TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT));
TLSCHECK(gnutls_set_default_priority(tls->session));
gnutls_certificate_type_set_priority(tls->session, cert_type_priority);
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c
index 1c9eabe..97a983c 100644
--- a/source4/utils/ntlm_auth.c
+++ b/source4/utils/ntlm_auth.c
@@ -465,6 +465,9 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
if (!ev) {
exit(1);
}
+
+ mem_ctx = talloc_named(NULL, 0, "manage_gensec_request internal mem_ctx");
+
/* setup gensec */
if (!(state->gensec_state)) {
switch (stdio_helper_mode) {
@@ -475,6 +478,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
nt_status = gensec_client_start(NULL, &state->gensec_state, ev,
lp_gensec_settings(NULL, lp_ctx));
if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(mem_ctx);
exit(1);
}
@@ -488,6 +492,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
msg = messaging_client_init(state, lp_messaging_path(state, lp_ctx),
lp_iconv_convenience(lp_ctx), ev);
if (!msg) {
+ talloc_free(mem_ctx);
exit(1);
}
nt_status = auth_context_create_methods(mem_ctx,
@@ -498,17 +503,20 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
&auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(mem_ctx);
exit(1);
}
if (!NT_STATUS_IS_OK(gensec_server_start(state, ev,
lp_gensec_settings(state, lp_ctx),
auth_context, &state->gensec_state))) {
+ talloc_free(mem_ctx);
exit(1);
}
break;
}
default:
+ talloc_free(mem_ctx);
abort();
}
@@ -559,20 +567,21 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
nt_status = gensec_start_mech_by_oid(state->gensec_state, GENSEC_OID_NTLMSSP);
break;
default:
+ talloc_free(mem_ctx);
abort();
}
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("GENSEC mech failed to start: %s\n", nt_errstr(nt_status)));
mux_printf(mux_id, "BH GENSEC mech failed to start\n");
+ talloc_free(mem_ctx);
return;
--
Samba Shared Repository
More information about the samba-cvs
mailing list