Fixed memory leaks in lsa_XX calls. Fixed memory leaks in smbcacls. Merged

in fixes from appliance-head and 2.2. Fixed multiple connection.tdb open
problem.
Jeremy.
(This used to be commit 0a40bc83e14c69a09948ec09bb6fc5026c4f4c14)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9a81fa273d9bb5ee22e45eb1ea3d008c62305657..8b4fcb173d81593646f78f7683ead79c0245e0fb 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -157,7 +157,7 @@ void message_dispatch(void);
 void message_register(int msg_type, 
                      void (*fn)(int msg_type, pid_t pid, void *buf, size_t len));
 void message_deregister(int msg_type);
-BOOL message_send_all(int msg_type, void *buf, size_t len, BOOL duplicates_allowed);
+BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type, void *buf, size_t len, BOOL duplicates_allowed);
 
 /*The following definitions come from  lib/ms_fnmatch.c  */
 
@@ -2312,8 +2312,7 @@ BOOL lsa_io_r_lookup_sids(char *desc, LSA_R_LOOKUP_SIDS *r_s, prs_struct *ps, in
 void init_q_lookup_names(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_NAMES *q_l, 
                         POLICY_HND *hnd, int num_names, char **names);
 BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps, int depth);
-BOOL lsa_io_r_lookup_names(TALLOC_CTX *mem_ctx, char *desc, 
-                          LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth);
+BOOL lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth);
 void init_lsa_q_close(LSA_Q_CLOSE *q_c, POLICY_HND *hnd);
 BOOL lsa_io_q_close(char *desc, LSA_Q_CLOSE *q_c, prs_struct *ps, int depth);
 BOOL lsa_io_r_close(char *desc,  LSA_R_CLOSE *r_c, prs_struct *ps, int depth);
@@ -3474,6 +3473,7 @@ void conn_free(connection_struct *conn);
 
 /*The following definitions come from  smbd/connection.c  */
 
+TDB_CONTEXT *conn_tdb_ctx(void);
 BOOL yield_connection(connection_struct *conn,char *name,int max_connections);
 BOOL claim_connection(connection_struct *conn,char *name,int max_connections,BOOL Clear);
 

diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index e5aafcb64610bc1dddabaf7ce724ffe8f3d43a15..d46ad74553e51f0b6379bb6b1db0f1a5f03713ce 100644 (file)
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -384,22 +384,13 @@ this is a useful function for sending messages to all smbd processes.
 It isn't very efficient, but should be OK for the sorts of applications that 
 use it. When we need efficient broadcast we can add it.
 ****************************************************************************/
-BOOL message_send_all(int msg_type, void *buf, size_t len, BOOL duplicates_allowed)
+BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type, void *buf, size_t len, BOOL duplicates_allowed)
 {
-       TDB_CONTEXT *the_tdb;
-
-       the_tdb = tdb_open(lock_path("connections.tdb"), 0, 0, O_RDONLY, 0);
-       if (!the_tdb) {
-               DEBUG(2,("Failed to open connections database in message_send_all\n"));
-               return False;
-       }
-
        msg_all.msg_type = msg_type;
        msg_all.buf = buf;
        msg_all.len = len;
        msg_all.duplicates = duplicates_allowed;
 
-       tdb_traverse(the_tdb, traverse_fn, NULL);
-       tdb_close(the_tdb);
+       tdb_traverse(conn_tdb, traverse_fn, NULL);
        return True;
 }

diff --git a/source3/lib/talloc.c b/source3/lib/talloc.c
index acc6204bed02dac32f411946ec4084ce6adb6c82..a04bd2561bb3471450560739e0e7db16e01c9eac 100644 (file)
--- a/source3/lib/talloc.c
+++ b/source3/lib/talloc.c
@@ -96,6 +96,9 @@ void talloc_destroy_pool(TALLOC_CTX *t)
 {
        struct talloc_chunk *c;
        
+       if (!t)
+               return;
+
        while (t->list) {
                c = t->list->next;
                free(t->list->ptr);
@@ -109,6 +112,8 @@ void talloc_destroy_pool(TALLOC_CTX *t)
 /* destroy a whole pool including the context */
 void talloc_destroy(TALLOC_CTX *t)
 {
+       if (!t)
+               return;
        talloc_destroy_pool(t);
        free(t);
 }

diff --git a/source3/libsmb/cli_lsarpc.c b/source3/libsmb/cli_lsarpc.c
index 4199ab2648de58805f7f5c1dcc74c80e012ad67d..60fab75cca04eceb0ec4c2ce98ba190a02233bd9 100644 (file)
--- a/source3/libsmb/cli_lsarpc.c
+++ b/source3/libsmb/cli_lsarpc.c
@@ -109,12 +109,16 @@ uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos,
 
        if (!lsa_io_q_open_pol("", &q, &qbuf, 0) ||
            !rpc_api_pipe_req(cli, LSA_OPENPOLICY, &qbuf, &rbuf)) {
+               prs_mem_free(&qbuf);
+               prs_mem_free(&rbuf);
                return NT_STATUS_UNSUCCESSFUL;
        }
 
        /* Unmarshall response */
 
        if (!lsa_io_r_open_pol("", &r, &rbuf, 0)) {
+               prs_mem_free(&qbuf);
+               prs_mem_free(&rbuf);
                return NT_STATUS_UNSUCCESSFUL;
        }
 
@@ -126,6 +130,8 @@ uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos,
                *hnd = r.pol;
        }
 
+       prs_mem_free(&qbuf);
+       prs_mem_free(&rbuf);
        return result;
 }
 
@@ -152,12 +158,16 @@ uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *hnd)
 
        if (!lsa_io_q_close("", &q, &qbuf, 0) ||
            !rpc_api_pipe_req(cli, LSA_CLOSE, &qbuf, &rbuf)) {
+               prs_mem_free(&qbuf);
+               prs_mem_free(&rbuf);
                return NT_STATUS_UNSUCCESSFUL;
        }
 
        /* Unmarshall response */
 
        if (!lsa_io_r_close("", &r, &rbuf, 0)) {
+               prs_mem_free(&qbuf);
+               prs_mem_free(&rbuf);
                return NT_STATUS_UNSUCCESSFUL;
        }
 
@@ -169,6 +179,8 @@ uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *hnd)
                *hnd = r.pol;
        }
 
+       prs_mem_free(&qbuf);
+       prs_mem_free(&rbuf);
        return result;
 }
 
@@ -200,6 +212,8 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd,
 
        if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) ||
            !rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) {
+               prs_mem_free(&qbuf);
+               prs_mem_free(&rbuf);
                return NT_STATUS_UNSUCCESSFUL;
        }
 
@@ -212,6 +226,8 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd,
        r.names = &t_names;
 
        if (!lsa_io_r_lookup_sids("", &r, &rbuf, 0)) {
+               prs_mem_free(&qbuf);
+               prs_mem_free(&rbuf);
                return NT_STATUS_UNSUCCESSFUL;
        }
 
@@ -271,6 +287,9 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd,
        }
 
  done:
+       prs_mem_free(&qbuf);
+       prs_mem_free(&rbuf);
+
        return result;
 }
 
@@ -301,6 +320,8 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd,
 
        if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) ||
            !rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) {
+               prs_mem_free(&qbuf);
+               prs_mem_free(&rbuf);
                return NT_STATUS_UNSUCCESSFUL;
        }
        
@@ -309,7 +330,9 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd,
        ZERO_STRUCT(ref);
        r.dom_ref = &ref;
 
-       if (!lsa_io_r_lookup_names(cli->mem_ctx, "", &r, &rbuf, 0)) {
+       if (!lsa_io_r_lookup_names("", &r, &rbuf, 0)) {
+               prs_mem_free(&qbuf);
+               prs_mem_free(&rbuf);
                return NT_STATUS_UNSUCCESSFUL;
        }
 
@@ -366,5 +389,8 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd,
        }
 
  done:
+       prs_mem_free(&qbuf);
+       prs_mem_free(&rbuf);
+
        return result;
 }

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 8d9e2f034f2d8bb50d336a6f86b074eb9f898142..19380498063c343b494c36bb6e05c11da59edee1 100644 (file)
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -209,13 +209,13 @@ struct cli_state *cli_initialise(struct cli_state *cli)
        cli->inbuf = (char *)malloc(cli->bufsize);
        if (!cli->outbuf || !cli->inbuf)
        {
-               return False;
+               return NULL;
        }
 
        if ((cli->mem_ctx = talloc_init()) == NULL) {
                free(cli->outbuf);
                free(cli->inbuf);
-               return False;
+               return NULL;
        }
 
        memset(cli->outbuf, '\0', cli->bufsize);

diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c
index b56e1ea68847cadaa4a4de4fa39b52bc3333c188..d53b3073b2986d03df7e44b4a3cef37cc9dadbe0 100644 (file)
--- a/source3/libsmb/clisecdesc.c
+++ b/source3/libsmb/clisecdesc.c
@@ -36,7 +36,6 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
        TALLOC_CTX *mem_ctx;
        prs_struct pd;
        SEC_DESC *psd = NULL;
-       SEC_DESC *ret;
 
        SIVAL(param, 0, fd);
        SSVAL(param, 4, 0x7);
@@ -48,7 +47,7 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
                               param, 8, 4,
                               NULL, 0, 0x10000)) {
                DEBUG(1,("Failed to send NT_TRANSACT_QUERY_SECURITY_DESC\n"));
-               return NULL;
+               goto cleanup;
        }
 
 
@@ -56,12 +55,12 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
                                  &rparam, &rparam_count,
                                  &rdata, &rdata_count)) {
                DEBUG(1,("Failed to recv NT_TRANSACT_QUERY_SECURITY_DESC\n"));
-               return NULL;
+               goto cleanup;
        }
 
        if ((mem_ctx = talloc_init()) == NULL) {
                DEBUG(0,("talloc_init failed.\n"));
-               return NULL;
+               goto cleanup;
        }
 
        prs_init(&pd, rdata_count, 4, mem_ctx, UNMARSHALL);
@@ -70,13 +69,17 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
 
        if (!sec_io_desc("sd data", &psd, &pd, 1)) {
                DEBUG(1,("Failed to parse secdesc\n"));
-               talloc_destroy(mem_ctx);
-               return NULL;
+               goto cleanup;
        }
 
-       ret = dup_sec_desc(psd);
+ cleanup:
+
        talloc_destroy(mem_ctx);
-       return ret;
+       safe_free(rparam);
+       safe_free(rdata);
+
+       prs_mem_free(&pd);
+       return psd;
 }
 
 
@@ -92,10 +95,11 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd)
        int rparam_count=0, rdata_count=0;
        TALLOC_CTX *mem_ctx;
        prs_struct pd;
+       BOOL ret = False;
 
        if ((mem_ctx = talloc_init()) == NULL) {
                DEBUG(0,("talloc_init failed.\n"));
-               return False;
+               goto cleanup;
        }
 
        prs_init(&pd, 0, 4, mem_ctx, MARSHALL);
@@ -103,7 +107,7 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd)
 
        if (!sec_io_desc("sd data", &sd, &pd, 1)) {
                DEBUG(1,("Failed to marshall secdesc\n"));
-               return False;
+               goto cleanup;
        }
 
        SIVAL(param, 0, fd);
@@ -116,7 +120,7 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd)
                               param, 8, 0,
                               pd.data_p, pd.data_offset, 0)) {
                DEBUG(1,("Failed to send NT_TRANSACT_SET_SECURITY_DESC\n"));
-               return False;
+               goto cleanup;
        }
 
 
@@ -124,14 +128,19 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd)
                                  &rparam, &rparam_count,
                                  &rdata, &rdata_count)) {
                DEBUG(1,("NT_TRANSACT_SET_SECURITY_DESC failed\n"));
-               return False;
+               goto cleanup;
        }
 
-       if (rparam) free(rparam);
-       if (rdata) free(rdata);
+       ret = True;
+
+  cleanup:
+
+       safe_free(rparam);
+       safe_free(rdata);
 
        talloc_destroy(mem_ctx);
 
-       return True;
+       prs_mem_free(&pd);
+       return ret;
 }
 

diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index 50ed68ee165c2368cf9a253dad3c6920cdb7c204..5cd6ae30ce0938d7e09b4fdc7fb608cf15da8aa4 100644 (file)
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -170,8 +170,13 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
 
        if (cli_error(cli, &eclass, &ecode, NULL))
        {
-        if(cli->nt_pipe_fnum == 0 || !(eclass == ERRDOS && ecode == ERRmoredata))
+        if(cli->nt_pipe_fnum == 0)
                        return(False);
+
+        if(!(eclass == ERRDOS && ecode == ERRmoredata)) {
+                       if (eclass != 0 && (ecode != (0x80000000 | STATUS_BUFFER_OVERFLOW)))
+                               return(False);
+               }
        }
 
        /* parse out the lengths */

diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index b670908049c41b2720a0af1deab86ae0334fc2d4..842b97f9c5bcfe0fa5eae3ebc7ae3c65ff63ffa3 100644 (file)
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -421,7 +421,7 @@ static void print_queue_update(int snum)
        if( qcount != get_queue_status(snum, &old_status)) {
                DEBUG(10,("print_queue_update: queue status change %d jobs -> %d jobs for printer %s\n",
                                old_status.qcount, qcount, printer_name ));
-               message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+               message_send_all(conn_tdb_ctx(), MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
        }
 
        /* store the new queue status structure */
@@ -592,7 +592,7 @@ BOOL print_job_delete(struct current_user *user, int jobid, int *errcode)
 
        printer_name = PRINTERNAME(snum);
 
-       message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+       message_send_all(conn_tdb_ctx(), MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
 
        return !print_job_exists(jobid);
 }
@@ -642,7 +642,7 @@ BOOL print_job_pause(struct current_user *user, int jobid, int *errcode)
 
        printer_name = PRINTERNAME(snum);
 
-       message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+       message_send_all(conn_tdb_ctx(), MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
 
        /* how do we tell if this succeeded? */
 
@@ -692,7 +692,7 @@ BOOL print_job_resume(struct current_user *user, int jobid, int *errcode)
 
        printer_name = PRINTERNAME(snum);
 
-       message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+       message_send_all(conn_tdb_ctx(),MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
 
        return True;
 }
@@ -965,7 +965,7 @@ BOOL print_job_end(int jobid)
 
        printer_name = PRINTERNAME(snum);
 
-       message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+       message_send_all(conn_tdb_ctx(),MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
 
        return True;
 }
@@ -1152,7 +1152,7 @@ BOOL print_queue_pause(struct current_user *user, int snum, int *errcode)
 
        printer_name = PRINTERNAME(snum);
 
-       message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+       message_send_all(conn_tdb_ctx(),MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
 
        return True;
 }
@@ -1185,7 +1185,7 @@ BOOL print_queue_resume(struct current_user *user, int snum, int *errcode)
 
        printer_name = PRINTERNAME(snum);
 
-       message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+       message_send_all(conn_tdb_ctx(),MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
 
        return True;
 }
@@ -1214,7 +1214,7 @@ BOOL print_queue_purge(struct current_user *user, int snum, int *errcode)
 
        printer_name = PRINTERNAME(snum);
 
-       message_send_all(MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
+       message_send_all(conn_tdb_ctx(),MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
 
        return True;
 }

diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index a3b0a516b0a758737ca7a0f4594c8822312d2154..03a5cad709331c91b3cbeb3817078292f7d1a762 100644 (file)
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -606,7 +606,7 @@ uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names,
                r_l.dom_ref = &ref;
                r_l.dom_rid = t_rids;
 
-               lsa_io_r_lookup_names(ctx, "", &r_l, &rbuf, 0);
+               lsa_io_r_lookup_names("", &r_l, &rbuf, 0);
                p = rbuf.data_offset != 0;
 
                if (p && r_l.status != 0) {

diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index 4b0e6e4106091dccc5fe44b662b5f40f1f3ce362..41219854d1dfeabb76f03ac8489c7c34fa3ef5ba 100644 (file)
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -710,14 +710,14 @@ static BOOL lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen,
        /* Mallocate memory if we're unpacking from the wire */
 
        if (UNMARSHALLING(ps)) {
-               if ((sen->ptr_sid = (uint32 *)malloc(
+               if ((sen->ptr_sid = (uint32 *)prs_alloc_mem( ps,
                        sen->num_entries * sizeof(uint32))) == NULL) {
                        DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
                                  "ptr_sid\n"));
                        return False;
                }
 
-               if ((sen->sid = (DOM_SID2 *)malloc(
+               if ((sen->sid = (DOM_SID2 *)prs_alloc_mem( ps,
                        sen->num_entries * sizeof(DOM_SID2))) == NULL) {
                        DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
                                  "sids\n"));
@@ -824,13 +824,13 @@ static BOOL lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn,
 
                if (UNMARSHALLING(ps)) {
                        if ((trn->name = (LSA_TRANS_NAME *)
-                            malloc(trn->num_entries * 
+                            prs_alloc_mem(ps, trn->num_entries * 
                                    sizeof(LSA_TRANS_NAME))) == NULL) {
                                return False;
                        }
 
                        if ((trn->uni_name = (UNISTR2 *)
-                            malloc(trn->num_entries *
+                            prs_alloc_mem(ps, trn->num_entries *
                                    sizeof(UNISTR2))) == NULL) {
                                return False;
                        }
@@ -964,23 +964,40 @@ BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps,
        if(!smb_io_pol_hnd("", &q_r->pol, ps, depth)) /* policy handle */
                return False;
 
+       if(!prs_align(ps))
+               return False;
        if(!prs_uint32("num_entries    ", ps, depth, &q_r->num_entries))
                return False;
        if(!prs_uint32("num_entries2   ", ps, depth, &q_r->num_entries2))
                return False;
 
+       if (UNMARSHALLING(ps)) {
+               if (q_r->num_entries) {
+                       if ((q_r->hdr_name = (UNIHDR *)prs_alloc_mem(ps,
+                                       q_r->num_entries * sizeof(UNIHDR))) == NULL)
+                               return False;
+                       if ((q_r->uni_name = (UNISTR2 *)prs_alloc_mem(ps,
+                                       q_r->num_entries * sizeof(UNISTR2))) == NULL)
+                               return False;
+               }
+       }
+
        for (i = 0; i < q_r->num_entries; i++) {
+               if(!prs_align(ps))
+                       return False;
                if(!smb_io_unihdr("hdr_name", &q_r->hdr_name[i], ps, depth)) /* pointer names */
                        return False;
        }
 
        for (i = 0; i < q_r->num_entries; i++) {
-               if(!smb_io_unistr2("dom_name", &q_r->uni_name[i], q_r->hdr_name[i].buffer, ps, depth)) /* names to be looked up */
-                       return False;
                if(!prs_align(ps))
                        return False;
+               if(!smb_io_unistr2("dom_name", &q_r->uni_name[i], q_r->hdr_name[i].buffer, ps, depth)) /* names to be looked up */
+                       return False;
        }
 
+       if(!prs_align(ps))
+               return False;
        if(!prs_uint32("num_trans_entries ", ps, depth, &q_r->num_trans_entries))
                return False;
        if(!prs_uint32("ptr_trans_sids ", ps, depth, &q_r->ptr_trans_sids))
@@ -997,8 +1014,7 @@ BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps,
 reads or writes a structure.
 ********************************************************************/
 
-BOOL lsa_io_r_lookup_names(TALLOC_CTX *mem_ctx, char *desc, 
-                          LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth)
+BOOL lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth)
 {
        int i;
 
@@ -1032,11 +1048,12 @@ BOOL lsa_io_r_lookup_names(TALLOC_CTX *mem_ctx, char *desc,
                        return False;
                }
 
-               if ((r_r->dom_rid = (DOM_RID2 *)
-                    talloc(mem_ctx, r_r->num_entries2 * sizeof(DOM_RID2)))
-                   == NULL) {
-                       DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n"));
-                       return False;
+               if (UNMARSHALLING(ps)) {
+                       if ((r_r->dom_rid = (DOM_RID2 *)prs_alloc_mem(ps, r_r->num_entries2 * sizeof(DOM_RID2)))
+                           == NULL) {
+                               DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n"));
+                               return False;
+                       }
                }
 
                for (i = 0; i < r_r->num_entries2; i++)

diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index dd6784a8e78dd3f1fd15a368308df02c8a6d3f75..859a8007719c83becca84a1a5f36ffd9774aca70 100644 (file)
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -321,7 +321,7 @@ void init_uni_hdr(UNIHDR *hdr, int len)
 {
        hdr->uni_str_len = 2 * len;
        hdr->uni_max_len = 2 * len;
-       hdr->buffer = len != 0;
+       hdr->buffer      = len != 0 ? 1 : 0;
 }
 
 /*******************************************************************
@@ -867,8 +867,7 @@ void init_unistr2(UNISTR2 *str, const char *buf, size_t len)
 {
        ZERO_STRUCTP(str);
 
-       /* Set up string lengths. */
-
+       /* set up string lengths. */
        str->uni_max_len = (uint32)len;
        str->undoc       = 0;
        str->uni_str_len = (uint32)len;
@@ -881,7 +880,8 @@ void init_unistr2(UNISTR2 *str, const char *buf, size_t len)
        len *= sizeof(uint16);
 
        str->buffer = (uint16 *)talloc(parse_misc_talloc, len);
-       if ((str->buffer == NULL) && (len > 0)) {
+       if ((str->buffer == NULL) && (len > 0))
+       {
                smb_panic("init_unistr2: malloc fail\n");
                return;
        }

diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 5bc780860fb6869263f811f723ec38e24e4cc456..aea7294ffe08c80acf934d2d2b00888043aed1b2 100644 (file)
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -390,11 +390,6 @@ static BOOL lsa_reply_lookup_sids(prs_struct *rdata, DOM_SID2 *sid, int num_entr
                return False;
        }
 
-       /* Free memory - perhaps this should be done using talloc()? */
-
-       safe_free(names.name);
-       safe_free(names.uni_name);
-
        return True;
 }
 
@@ -409,11 +404,8 @@ static BOOL lsa_reply_lookup_names(prs_struct *rdata, UNISTR2 *names,
        DOM_R_REF ref;
        DOM_RID2 rids[MAX_LOOKUP_SIDS];
        uint32 mapped_count = 0;
-       TALLOC_CTX *mem_ctx = talloc_init();
        BOOL result = True;
 
-       if (!mem_ctx) return False;
-
        ZERO_STRUCT(r_l);
        ZERO_STRUCT(ref);
        ZERO_ARRAY(rids);
@@ -423,12 +415,11 @@ static BOOL lsa_reply_lookup_names(prs_struct *rdata, UNISTR2 *names,
        init_reply_lookup_names(&r_l, &ref, num_entries, rids, mapped_count);
 
        /* store the response in the SMB stream */
-       if(!lsa_io_r_lookup_names(mem_ctx, "", &r_l, rdata, 0)) {
+       if(!lsa_io_r_lookup_names("", &r_l, rdata, 0)) {
                DEBUG(0,("lsa_reply_lookup_names: Failed to marshall LSA_R_LOOKUP_NAMES.\n"));
                result = False;
        }
 
-       talloc_destroy(mem_ctx);
        return result;
 }
 
@@ -583,20 +574,13 @@ static BOOL api_lsa_lookup_sids(pipes_struct *p)
        if(!lsa_io_q_lookup_sids("", &q_l, data, 0)) {
                DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n"));
                result = False;
-               goto done;
        }
 
        /* construct reply.  return status is always 0x0 */
        if(!lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries)) {
                result = False;
-               goto done;
        }
 
-
- done:
-       safe_free(q_l.sids.ptr_sid);
-       safe_free(q_l.sids.sid);
-
        return result;
 }
 
@@ -618,8 +602,6 @@ static BOOL api_lsa_lookup_names(pipes_struct *p)
                return False;
        }
 
-       SMB_ASSERT_ARRAY(q_l.uni_name, q_l.num_entries);
-
        return lsa_reply_lookup_names(rdata, q_l.uni_name, q_l.num_entries);
 }
 

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index a7614ff640f8845afe96bfab9aea1794d8a56760..b43501a56b0cf72bc91cfa263b82a25c2adb42e3 100644 (file)
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -640,7 +640,7 @@ static BOOL srv_spoolss_sendnotify(POLICY_HND *handle)
        /*srv_spoolss_receive_message(printer);*/
        DEBUG(10,("srv_spoolss_sendnotify: Sending message about printer %s\n", printer ));
 
-       message_send_all(MSG_PRINTER_NOTIFY, printer, strlen(printer) + 1, False); /* Null terminate... */
+       message_send_all(conn_tdb_ctx(), MSG_PRINTER_NOTIFY, printer, strlen(printer) + 1, False); /* Null terminate... */
 
        return True;
 }      

diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c
index cf455c0a8b807aea99f4556344ebaf4cbc0f58ee..d150508cefb20a85702e4b8faca09a23e9294840 100644 (file)
--- a/source3/smbd/connection.c
+++ b/source3/smbd/connection.c
@@ -32,6 +32,15 @@ static void utmp_yield(pid_t pid, const connection_struct *conn);
 static void utmp_claim(const struct connections_data *crec, const connection_struct *conn);
 #endif
 
+/****************************************************************************
+ Return the connection tdb context (used for message send all).
+****************************************************************************/
+
+TDB_CONTEXT *conn_tdb_ctx(void)
+{
+       return tdb;
+}
+
 /****************************************************************************
 delete a connection record
 ****************************************************************************/

diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index c017c16bdfa07ac2623e9a1c7b08bffc9b7cb161..3240438a7aef6c9bae1fe9e1e96542439a9f1e80 100644 (file)
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -120,12 +120,12 @@ static void SidToString(fstring str, DOM_SID *sid)
 }
 
 /* convert a string to a SID, either numeric or username/group */
-static BOOL StringToSid(DOM_SID *sid, fstring str)
+static BOOL StringToSid(DOM_SID *sid, char *str)
 {
        uint32 *types = NULL;
        DOM_SID *sids = NULL;
        int num_sids;
-       BOOL result = False;
+       BOOL result = True;
        
        /* Short cut */
 
@@ -136,7 +136,7 @@ static BOOL StringToSid(DOM_SID *sid, fstring str)
 
        if (open_policy_hnd() &&
            cli_lsa_lookup_names(&lsa_cli, &pol, 1, &str, &sids, &types, 
-                                &num_sids) == NT_STATUS_NOPROBLEMO) {
+                                &num_sids) != NT_STATUS_NOPROBLEMO) {
                result = string_to_sid(sid, str);
                goto done;
        }
@@ -147,6 +147,7 @@ static BOOL StringToSid(DOM_SID *sid, fstring str)
        safe_free(types);
 
  done:
+
        return result;
 }
 
@@ -372,9 +373,12 @@ static SEC_DESC *sec_desc_parse(char *str)
 
                if (strncmp(tok,"ACL:", 4) == 0) {
                        SEC_ACE ace;
-                       if (!parse_ace(&ace, tok+4) || 
-                           !add_ace(&dacl, &ace)) {
-                               printf("Failed to parse ACL\n");
+                       if (!parse_ace(&ace, tok+4)) {
+                               printf("Failed to parse ACL %s\n", tok);
+                               return NULL;
+                       }
+                       if(!add_ace(&dacl, &ace)) {
+                               printf("Failed to add ACL %s\n", tok);
                                return NULL;
                        }
                        continue;
@@ -565,7 +569,6 @@ static void cacl_set(struct cli_state *cli, char *filename,
 
        if (!cli_set_secdesc(cli, fnum, sd)) {
                printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli));
-               return;
        }
 
        free_sec_desc(&sd);
@@ -607,12 +610,15 @@ struct cli_state *connect_one(char *share)
        if (!(c=cli_initialise(NULL)) || (cli_set_port(c, 139) == 0) ||
            !cli_connect(c, server_n, &ip)) {
                DEBUG(0,("Connection to %s failed\n", server_n));
+               cli_shutdown(c);
+               safe_free(c);
                return NULL;
        }
 
        if (!cli_session_request(c, &calling, &called)) {
                DEBUG(0,("session request to %s failed\n", called.name));
                cli_shutdown(c);
+               safe_free(c);
                if (strcmp(called.name, "*SMBSERVER")) {
                        make_nmb_name(&called , "*SMBSERVER", 0x20);
                        goto again;
@@ -625,6 +631,7 @@ struct cli_state *connect_one(char *share)
        if (!cli_negprot(c)) {
                DEBUG(0,("protocol negotiation failed\n"));
                cli_shutdown(c);
+               safe_free(c);
                return NULL;
        }
 
@@ -640,6 +647,8 @@ struct cli_state *connect_one(char *share)
                               password, strlen(password),
                               lp_workgroup())) {
                DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
+               cli_shutdown(c);
+               safe_free(c);
                return NULL;
        }
 
@@ -649,6 +658,7 @@ struct cli_state *connect_one(char *share)
                            password, strlen(password)+1)) {
                DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
                cli_shutdown(c);
+               safe_free(c);
                return NULL;
        }
 

diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
index 991d1d77d2178b68a8baa8a06fbc8fdd0fdc2df4..87d00eecbd031c12e1dc84862a519a188097cd30 100644 (file)
--- a/source3/utils/smbcontrol.c
+++ b/source3/utils/smbcontrol.c
@@ -118,10 +118,17 @@ send a message to a named destination
 static BOOL send_message(char *dest, int msg_type, void *buf, int len, BOOL duplicates)
 {
        pid_t pid;
+       TDB_CONTEXT *the_tdb;
+
+       the_tdb = tdb_open(lock_path("connections.tdb"), 0, 0, O_RDONLY, 0);
+       if (!the_tdb) {
+               fprintf(stderr,"Failed to open connections database in send_message.\n");
+               return False;
+       }
 
        /* "smbd" is the only broadcast operation */
        if (strequal(dest,"smbd")) {
-               return message_send_all(msg_type, buf, len, duplicates);
+               return message_send_all(the_tdb,msg_type, buf, len, duplicates);
        } else if (strequal(dest,"nmbd")) {
                pid = pidfile_pid(dest);
                if (pid == 0) {