s3:libads: Allocate ads->auth.password under ADS_STRUCT talloc context

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c
index 85a4aaa1581b1daa59ac6668c6321d66b355134b..b9570b24d82982b366f4e4e4a29878f2b114c41f 100644 (file)
--- a/libgpo/pygpo.c
+++ b/libgpo/pygpo.c
@@ -230,13 +230,17 @@ static PyObject* py_ads_connect(ADS *self,
                return NULL;
        }
        SAFE_FREE(self->ads_ptr->auth.user_name);
-       SAFE_FREE(self->ads_ptr->auth.password);
+       TALLOC_FREE(self->ads_ptr->auth.password);
        TALLOC_FREE(self->ads_ptr->auth.realm);
        if (self->cli_creds) {
                self->ads_ptr->auth.user_name =
                        SMB_STRDUP(cli_credentials_get_username(self->cli_creds));
-               self->ads_ptr->auth.password =
-                       SMB_STRDUP(cli_credentials_get_password(self->cli_creds));
+               self->ads_ptr->auth.password = talloc_strdup(self->ads_ptr,
+                       cli_credentials_get_password(self->cli_creds));
+               if (self->ads_ptr->auth.password == NULL) {
+                       PyErr_NoMemory();
+                       goto err;
+               }
                self->ads_ptr->auth.realm = talloc_strdup(self->ads_ptr,
                        cli_credentials_get_realm(self->cli_creds));
                if (self->ads_ptr->auth.realm == NULL) {
@@ -254,22 +258,29 @@ static PyObject* py_ads_connect(ADS *self,
                        goto err;
                }
 
-               passwd = secrets_fetch_machine_password(self->ads_ptr->server.workgroup,
-                                                       NULL, NULL);
+               ret = asprintf(&(self->ads_ptr->auth.user_name), "%s$",
+                                  lp_netbios_name());
+               if (ret == -1) {
+                       PyErr_NoMemory();
+                       goto err;
+               }
+
+               passwd = secrets_fetch_machine_password(
+                       self->ads_ptr->server.workgroup, NULL, NULL);
                if (passwd == NULL) {
                        PyErr_SetString(PyExc_RuntimeError,
                                        "Failed to fetch the machine account "
                                        "password");
                        goto err;
                }
-               ret = asprintf(&(self->ads_ptr->auth.user_name), "%s$",
-                                  lp_netbios_name());
-               if (ret == -1) {
-                       SAFE_FREE(passwd);
+
+               self->ads_ptr->auth.password = talloc_strdup(self->ads_ptr,
+                                                            passwd);
+               SAFE_FREE(passwd);
+               if (self->ads_ptr->auth.password == NULL) {
                        PyErr_NoMemory();
                        goto err;
                }
-               self->ads_ptr->auth.password = passwd; /* take ownership of this data */
                self->ads_ptr->auth.realm = talloc_asprintf_strupper_m(
                        self->ads_ptr, "%s", self->ads_ptr->server.realm);
                if (self->ads_ptr->auth.realm == NULL) {

diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c
index 7438e8407bec45500aae25ad530c78093c0c61fe..aa0cefe163e9223fa467ffcd8062a52b910788f4 100644 (file)
--- a/source3/lib/netapi/joindomain.c
+++ b/source3/lib/netapi/joindomain.c
@@ -446,15 +446,23 @@ WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx,
                }
        }
 
-       SAFE_FREE(ads->auth.password);
+       TALLOC_FREE(ads->auth.password);
        if (r->in.password) {
-               ads->auth.password = SMB_STRDUP(r->in.password);
+               ads->auth.password = talloc_strdup(ads, r->in.password);
+               if (ads->auth.password == NULL) {
+                       ret = WERR_NOT_ENOUGH_MEMORY;
+                       goto out;
+               }
        } else {
                const char *password = NULL;
 
                libnetapi_get_password(ctx, &password);
                if (password != NULL) {
-                       ads->auth.password = SMB_STRDUP(password);
+                       ads->auth.password = talloc_strdup(ads, password);
+                       if (ads->auth.password == NULL) {
+                               ret = WERR_NOT_ENOUGH_MEMORY;
+                               goto out;
+                       }
                }
        }
 

diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c
index e344d42ae43911cf2b49311fdf75975e38f1a75e..b1ae510aafdcc1d45c5036948714a3fd65ac5702 100644 (file)
--- a/source3/libads/ads_struct.c
+++ b/source3/libads/ads_struct.c
@@ -130,7 +130,6 @@ static void ads_destroy(ADS_STRUCT **ads)
 #ifdef HAVE_LDAP
                ads_disconnect(*ads);
 #endif
-               SAFE_FREE((*ads)->auth.password);
                SAFE_FREE((*ads)->auth.user_name);
                SAFE_FREE((*ads)->auth.kdc_server);
                SAFE_FREE((*ads)->auth.ccache_name);

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 4dd6ab5410a1c4ed4568426f61f62cc3367f77c1..0ec5ff4c1d8c09f1702c525eda9f9bb77b537617 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -185,8 +185,12 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name,
        }
 
        if (password) {
-               SAFE_FREE(my_ads->auth.password);
-               my_ads->auth.password = SMB_STRDUP(password);
+               TALLOC_FREE(my_ads->auth.password);
+               my_ads->auth.password = talloc_strdup(my_ads, password);
+               if (my_ads->auth.password == NULL) {
+                       status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+                       goto out;
+               }
        }
 
        if (ccname != NULL) {

diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c
index 026605372c036ff5434dafca0e260776710ed9ef..ff41baad5a2d111fd7af3cea56316664e353438d 100644 (file)
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -220,12 +220,8 @@ WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer,
        char *printer_dn;
        WERROR result;
        ADS_STATUS ads_status;
-       TALLOC_CTX *tmp_ctx;
-
-       tmp_ctx = talloc_new(mem_ctx);
-       if (tmp_ctx == NULL) {
-               return WERR_NOT_ENOUGH_MEMORY;
-       }
+       TALLOC_CTX *tmp_ctx = talloc_stackframe();
+       char *machine_password = NULL;
 
        ads = ads_init(tmp_ctx,
                       lp_realm(),
@@ -239,9 +235,17 @@ WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer,
 
        old_krb5ccname = getenv(KRB5_ENV_CCNAME);
        setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
-       SAFE_FREE(ads->auth.password);
-       ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
+       TALLOC_FREE(ads->auth.password);
+       machine_password = secrets_fetch_machine_password(lp_workgroup(),
                                                            NULL, NULL);
+       if (machine_password != NULL) {
+               ads->auth.password = talloc_strdup(ads, machine_password);
+               SAFE_FREE(machine_password);
+               if (ads->auth.password == NULL) {
+                       result = WERR_NOT_ENOUGH_MEMORY;
+                       goto out;
+               }
+       }
 
        ads_status = ads_connect(ads);
        if (!ADS_ERR_OK(ads_status)) {
@@ -647,6 +651,7 @@ WERROR nt_printer_publish(TALLOC_CTX *mem_ctx,
        ADS_STRUCT *ads = NULL;
        WERROR win_rc;
        char *old_krb5ccname = NULL;
+       char *machine_password = NULL;
 
        sinfo2 = talloc_zero(tmp_ctx, struct spoolss_SetPrinterInfo2);
        if (!sinfo2) {
@@ -693,9 +698,17 @@ WERROR nt_printer_publish(TALLOC_CTX *mem_ctx,
        }
        old_krb5ccname = getenv(KRB5_ENV_CCNAME);
        setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
-       SAFE_FREE(ads->auth.password);
-       ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
+       TALLOC_FREE(ads->auth.password);
+       machine_password = secrets_fetch_machine_password(lp_workgroup(),
                NULL, NULL);
+       if (machine_password != NULL) {
+               ads->auth.password = talloc_strdup(ads, machine_password);
+               SAFE_FREE(machine_password);
+               if (ads->auth.password == NULL) {
+                       win_rc = WERR_NOT_ENOUGH_MEMORY;
+                       goto done;
+               }
+       }
 
        /* ads_connect() will find the DC for us */
        ads_rc = ads_connect(ads);
@@ -741,6 +754,7 @@ WERROR check_published_printers(struct messaging_context *msg_ctx)
        NTSTATUS status;
        WERROR result;
        char *old_krb5ccname = NULL;
+       char *machine_password = NULL;
 
        ads = ads_init(tmp_ctx,
                       lp_realm(),
@@ -754,10 +768,17 @@ WERROR check_published_printers(struct messaging_context *msg_ctx)
        }
        old_krb5ccname = getenv(KRB5_ENV_CCNAME);
        setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
-       SAFE_FREE(ads->auth.password);
-       ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
+       TALLOC_FREE(ads->auth.password);
+       machine_password = secrets_fetch_machine_password(lp_workgroup(),
                NULL, NULL);
-
+       if (machine_password != NULL) {
+               ads->auth.password = talloc_strdup(ads, machine_password);
+               SAFE_FREE(machine_password);
+               if (ads->auth.password == NULL) {
+                       result = WERR_NOT_ENOUGH_MEMORY;
+                       goto done;
+               }
+       }
        /* ads_connect() will find the DC for us */
        ads_rc = ads_connect(ads);
        if (!ADS_ERR_OK(ads_rc)) {

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 11efde7947f3c44cd060596001f84b2a580eedca..008e0e89be2ff2d5f2cde2067f329e056441edf4 100644 (file)
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -659,8 +659,12 @@ retry:
 
        if (c->opt_password) {
                use_in_memory_ccache();
-               SAFE_FREE(ads->auth.password);
-               ads->auth.password = smb_xstrdup(c->opt_password);
+               TALLOC_FREE(ads->auth.password);
+               ads->auth.password = talloc_strdup(ads, c->opt_password);
+               if (ads->auth.password == NULL) {
+                       TALLOC_FREE(ads);
+                       return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+               }
        }
 
        SAFE_FREE(ads->auth.user_name);

diff --git a/source3/utils/net_ads_join_dns.c b/source3/utils/net_ads_join_dns.c
index 286a77c5c9d667c5c14c70e627e6aacc61811ff6..1009f510e3b360a2ca939f6e8220400086a476bd 100644 (file)
--- a/source3/utils/net_ads_join_dns.c
+++ b/source3/utils/net_ads_join_dns.c
@@ -244,6 +244,7 @@ void net_ads_join_dns_updates(struct net_context *c, TALLOC_CTX *ctx, struct lib
        ADS_STRUCT *ads_dns = NULL;
        int ret;
        NTSTATUS status;
+       char *machine_password = NULL;
 
        /*
         * In a clustered environment, don't do dynamic dns updates:
@@ -289,11 +290,17 @@ void net_ads_join_dns_updates(struct net_context *c, TALLOC_CTX *ctx, struct lib
                goto done;
        }
 
-       ads_dns->auth.password = secrets_fetch_machine_password(
+       machine_password = secrets_fetch_machine_password(
                r->out.netbios_domain_name, NULL, NULL);
-       if (ads_dns->auth.password == NULL) {
-               d_fprintf(stderr, _("DNS update failed: out of memory\n"));
-               goto done;
+       if (machine_password != NULL) {
+               ads_dns->auth.password = talloc_strdup(ads_dns,
+                                                      machine_password);
+               SAFE_FREE(machine_password);
+               if (ads_dns->auth.password == NULL) {
+                       d_fprintf(stderr,
+                                 _("DNS update failed: out of memory\n"));
+                       goto done;
+               }
        }
 
        ads_dns->auth.realm = talloc_asprintf_strupper_m(ads_dns, "%s", r->out.dns_domain_name);

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 4da52a40f935d59f063a30215d8d96e287eabeed..d2b0962ac717af031f18fc4034c92837a19c251c 100644 (file)
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -125,11 +125,15 @@ static ADS_STATUS ads_cached_connection_connect(const char *target_realm,
                goto out;
        }
 
-       SAFE_FREE(ads->auth.password);
+       TALLOC_FREE(ads->auth.password);
        TALLOC_FREE(ads->auth.realm);
 
        ads->auth.renewable = renewable;
-       ads->auth.password = password;
+       ads->auth.password = talloc_strdup(ads, password);
+       if (ads->auth.password == NULL) {
+               status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+               goto out;
+       }
 
        /* In FIPS mode, client use kerberos is forced to required. */
        krb5_state = lp_client_use_kerberos();