summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWilco Baan Hofman <wilco@baanhofman.nl>2010-05-24 21:36:49 +0200
committerJelmer Vernooij <jelmer@samba.org>2010-06-20 17:19:13 +0200
commitb9b85d6b0e23e042d60c83fef477fd4006a20c14 (patch)
tree858858319e18999dccc6a5eee240dd429547345a
parent9b5e0fe6bb363aaaba513b0604476616d6cc9fd8 (diff)
downloadsamba-b9b85d6b0e23e042d60c83fef477fd4006a20c14.tar.gz
samba-b9b85d6b0e23e042d60c83fef477fd4006a20c14.tar.bz2
samba-b9b85d6b0e23e042d60c83fef477fd4006a20c14.zip
Fix memory allocation with error handling.
Also moved pypolicy.c headers around so as not to generate compile warnings Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
-rw-r--r--source4/lib/policy/gp_filesys.c21
-rw-r--r--source4/lib/policy/gp_ini.c6
-rw-r--r--source4/lib/policy/gp_ldap.c104
-rw-r--r--source4/lib/policy/gp_manage.c23
-rw-r--r--source4/lib/policy/pypolicy.c2
5 files changed, 135 insertions, 21 deletions
diff --git a/source4/lib/policy/gp_filesys.c b/source4/lib/policy/gp_filesys.c
index aab1d02c3b..64b64ea604 100644
--- a/source4/lib/policy/gp_filesys.c
+++ b/source4/lib/policy/gp_filesys.c
@@ -46,6 +46,8 @@ static const char *gp_tmpdir(TALLOC_CTX *mem_ctx)
const char *gp_dir = talloc_asprintf(mem_ctx, "%s/policy", tmpdir());
struct stat st;
+ if (gp_dir == NULL) return NULL;
+
if (stat(gp_dir, &st) != 0) {
mkdir(gp_dir, 0755);
}
@@ -67,12 +69,15 @@ static void gp_list_helper (struct clilist_file_info *info, const char *mask, vo
/* Get local path by replacing backslashes with slashes */
local_rel_path = talloc_strdup(state, state->cur_rel_path);
+ if (local_rel_path == NULL) return;
+
for (i = 0; local_rel_path[i] != '\0'; i++) {
if (local_rel_path[i] == '\\') {
local_rel_path[i] = '/';
}
}
full_local_path = talloc_asprintf(state, "%s%s/%s", state->local_path, local_rel_path, info->name);
+ if (full_local_path == NULL) return;
/* Directory */
if (info->attrib & FILE_ATTRIBUTE_DIRECTORY) {
@@ -84,6 +89,7 @@ static void gp_list_helper (struct clilist_file_info *info, const char *mask, vo
mkdir(full_local_path, 0755);
rel_path = talloc_asprintf(state, "%s\\%s", state->cur_rel_path, info->name);
+ if (rel_path == NULL) return;
/* Recurse into this directory */
gp_do_list(rel_path, state);
@@ -91,6 +97,7 @@ static void gp_list_helper (struct clilist_file_info *info, const char *mask, vo
}
full_remote_path = talloc_asprintf(state, "%s%s\\%s", state->share_path, state->cur_rel_path, info->name);
+ if (full_remote_path == NULL) return;
/* Open the remote file */
fh_remote = smbcli_open(state->gp_ctx->cli->tree, full_remote_path, O_RDONLY, DENY_NONE);
@@ -108,6 +115,7 @@ static void gp_list_helper (struct clilist_file_info *info, const char *mask, vo
/* Copy the contents of the file */
buf = talloc_zero_array(state, uint8_t, buf_size);
+ if (buf == NULL) return;
while (1) {
int n = smbcli_read(state->gp_ctx->cli->tree, fh_remote, buf, nread, buf_size);
if (n <= 0) {
@@ -142,6 +150,7 @@ static NTSTATUS gp_do_list (const char *rel_path, struct gp_list_state *state)
/* Get the current mask */
mask = talloc_asprintf(state, "%s%s\\*", state->share_path, rel_path);
+ NT_STATUS_HAVE_NO_MEMORY(mask);
success = smbcli_list(state->gp_ctx->cli->tree, mask, attributes, gp_list_helper, state);
talloc_free(mask);
@@ -227,9 +236,12 @@ NTSTATUS gp_fetch_gpt (struct gp_context *gp_ctx, struct gp_object *gpo, const c
/* Prepare the state structure */
state = talloc_zero(mem_ctx, struct gp_list_state);
+ NT_STATUS_HAVE_NO_MEMORY(state);
state->gp_ctx = gp_ctx;
state->local_path = talloc_asprintf(mem_ctx, "%s/%s", gp_tmpdir(mem_ctx), gpo->name);
+ NT_STATUS_HAVE_NO_MEMORY(state->local_path);
state->share_path = gp_get_share_path(mem_ctx, gpo->file_sys_path);
+ NT_STATUS_HAVE_NO_MEMORY(state->share_path);
/* Create the GPO dir if it does not exist */
@@ -274,7 +286,9 @@ static NTSTATUS push_recursive (struct gp_context *gp_ctx, const char *local_pat
}
entry_local_path = talloc_asprintf(gp_ctx, "%s/%s", local_path, dirent->d_name);
+ NT_STATUS_HAVE_NO_MEMORY(entry_local_path);
entry_remote_path = talloc_asprintf(gp_ctx, "%s\\%s", remote_path, dirent->d_name);
+ NT_STATUS_HAVE_NO_MEMORY(entry_remote_path);
if (dirent->d_type == DT_DIR) {
DEBUG(6, ("Pushing directory %s to %s on sysvol\n", entry_local_path, entry_remote_path));
smbcli_mkdir(gp_ctx->cli->tree, entry_remote_path);
@@ -350,9 +364,12 @@ NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const char *name, const char *
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
tmp_dir = gp_tmpdir(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(tmp_dir);
policy_dir = talloc_asprintf(mem_ctx, "%s/%s", tmp_dir, name);
+ NT_STATUS_HAVE_NO_MEMORY(policy_dir);
/* Create the directories */
@@ -364,6 +381,7 @@ NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const char *name, const char *
}
tmp_str = talloc_asprintf(mem_ctx, "%s/User", policy_dir);
+ NT_STATUS_HAVE_NO_MEMORY(tmp_str);
rv = mkdir(tmp_str, 0755);
if (rv < 0) {
DEBUG(0, ("Could not create the User dir: %s\n", tmp_str));
@@ -372,6 +390,7 @@ NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const char *name, const char *
}
tmp_str = talloc_asprintf(mem_ctx, "%s/Machine", policy_dir);
+ NT_STATUS_HAVE_NO_MEMORY(tmp_str);
rv = mkdir(tmp_str, 0755);
if (rv < 0) {
DEBUG(0, ("Could not create the Machine dir: %s\n", tmp_str));
@@ -382,6 +401,7 @@ NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const char *name, const char *
/* Create a GPT.INI with version 0 */
tmp_str = talloc_asprintf(mem_ctx, "%s/GPT.INI", policy_dir);
+ NT_STATUS_HAVE_NO_MEMORY(tmp_str);
fd = open(tmp_str, O_CREAT | O_WRONLY, 0644);
if (fd < 0) {
DEBUG(0, ("Could not create the GPT.INI: %s\n", tmp_str));
@@ -428,6 +448,7 @@ NTSTATUS gp_set_gpt_security_descriptor(struct gp_context *gp_ctx, struct gp_obj
/* Create a forked memory context which can be freed easily */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
/* Open the directory with NTCreate AndX call */
io.generic.level = RAW_OPEN_NTCREATEX;
diff --git a/source4/lib/policy/gp_ini.c b/source4/lib/policy/gp_ini.c
index e76e7c0f08..d16011c722 100644
--- a/source4/lib/policy/gp_ini.c
+++ b/source4/lib/policy/gp_ini.c
@@ -33,7 +33,9 @@ static bool gp_add_ini_section(const char *name, void *callback_data)
struct gp_ini_context *ini = parse->ini;
ini->sections = talloc_realloc(ini, ini->sections, struct gp_ini_section, ini->num_sections+1);
+ if (ini->sections == NULL) return false;
ini->sections[ini->num_sections].name = talloc_strdup(ini, name);
+ if (ini->sections[ini->num_sections].name == NULL) return false;
parse->cur_section = ini->num_sections;
ini->num_sections++;
@@ -53,8 +55,11 @@ static bool gp_add_ini_param(const char *name, const char *value, void *callback
section = &ini->sections[parse->cur_section];
section->params = talloc_realloc(ini, ini->sections[parse->cur_section].params, struct gp_ini_param, section->num_params+1);
+ if (section->params == NULL) return false;
section->params[section->num_params].name = talloc_strdup(ini, name);
+ if (section->params[section->num_params].name == NULL) return false;
section->params[section->num_params].value = talloc_strdup(ini, value);
+ if (section->params[section->num_params].value == NULL) return false;
section->num_params++;
return true;
@@ -66,6 +71,7 @@ NTSTATUS gp_parse_ini(TALLOC_CTX *mem_ctx, struct gp_context *gp_ctx, const char
bool rv;
parse.ini = talloc_zero(mem_ctx, struct gp_ini_context);
+ NT_STATUS_HAVE_NO_MEMORY(parse.ini);
parse.cur_section = -1;
rv = pm_process(filename, gp_add_ini_section, gp_add_ini_param, &parse);
diff --git a/source4/lib/policy/gp_ldap.c b/source4/lib/policy/gp_ldap.c
index f2183b3439..95d9808243 100644
--- a/source4/lib/policy/gp_ldap.c
+++ b/source4/lib/policy/gp_ldap.c
@@ -58,26 +58,30 @@ static NTSTATUS parse_gpo(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct g
enum ndr_err_code ndr_err;
const DATA_BLOB *data;
+ NT_STATUS_HAVE_NO_MEMORY(gpo);
+
gpo->dn = talloc_strdup(mem_ctx, ldb_dn_get_linearized(msg->dn));
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gpo->dn, gpo);
DEBUG(9, ("Parsing GPO LDAP data for %s\n", gpo->dn));
- gpo->display_name = ldb_msg_find_attr_as_string(msg, "displayName", "");
- gpo->name = ldb_msg_find_attr_as_string(msg, "name", "");
- gpo->flags = ldb_msg_find_attr_as_uint(msg, "name", 0);
- gpo->version = ldb_msg_find_attr_as_uint(msg, "version", 0);
- gpo->file_sys_path = ldb_msg_find_attr_as_string(msg, "gPCFileSysPath", "");
+ gpo->display_name = talloc_strdup(gpo, ldb_msg_find_attr_as_string(msg, "displayName", ""));
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gpo->display_name, gpo);
+
+ gpo->name = talloc_strdup(gpo, ldb_msg_find_attr_as_string(msg, "name", ""));
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gpo->name, gpo);
+
+ gpo->flags = ldb_msg_find_attr_as_uint(msg, "flags", 0);
+ gpo->version = ldb_msg_find_attr_as_uint(msg, "versionNumber", 0);
- if (gpo->display_name[0] != '\0')
- gpo->display_name = talloc_strdup(mem_ctx, gpo->display_name);
- if (gpo->name[0] != '\0')
- gpo->name = talloc_strdup(mem_ctx, gpo->name);
- if (gpo->file_sys_path[0] != '\0')
- gpo->file_sys_path = talloc_strdup(mem_ctx, gpo->file_sys_path);
+ gpo->file_sys_path = talloc_strdup(gpo, ldb_msg_find_attr_as_string(msg, "gPCFileSysPath", ""));
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gpo->file_sys_path, gpo);
/* Pull the security descriptor through the NDR library */
data = ldb_msg_find_ldb_val(msg, "nTSecurityDescriptor");
- gpo->security_descriptor = talloc(mem_ctx, struct security_descriptor);
+ gpo->security_descriptor = talloc(gpo, struct security_descriptor);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gpo->security_descriptor, gpo);
+
ndr_err = ndr_pull_struct_blob(data,
mem_ctx,
gpo->security_descriptor,
@@ -95,11 +99,14 @@ NTSTATUS gp_get_gpo_flags(TALLOC_CTX *mem_ctx, uint32_t flags, const char ***ret
unsigned int i, count=0;
const char **flag_strs = talloc_array(mem_ctx, const char *, 1);
+ NT_STATUS_HAVE_NO_MEMORY(flag_strs);
+
flag_strs[0] = NULL;
for (i = 0; gpo_flags[i].str != NULL; i++) {
if (flags & gpo_flags[i].flags) {
flag_strs = talloc_realloc(mem_ctx, flag_strs, const char *, count+2);
+ NT_STATUS_HAVE_NO_MEMORY(flag_strs);
flag_strs[count] = gpo_flags[i].str;
flag_strs[count+1] = NULL;
count++;
@@ -114,11 +121,13 @@ NTSTATUS gp_get_gplink_options(TALLOC_CTX *mem_ctx, uint32_t options, const char
unsigned int i, count=0;
const char **flag_strs = talloc_array(mem_ctx, const char *, 1);
+ NT_STATUS_HAVE_NO_MEMORY(flag_strs);
flag_strs[0] = NULL;
for (i = 0; gplink_options[i].str != NULL; i++) {
if (options & gplink_options[i].flags) {
flag_strs = talloc_realloc(mem_ctx, flag_strs, const char *, count+2);
+ NT_STATUS_HAVE_NO_MEMORY(flag_strs);
flag_strs[count] = gplink_options[i].str;
flag_strs[count+1] = NULL;
count++;
@@ -147,6 +156,7 @@ NTSTATUS gp_init(TALLOC_CTX *mem_ctx,
/* Prepare libnet lookup structure for looking a DC (PDC is correct). */
io = talloc_zero(mem_ctx, struct libnet_LookupDCs);
+ NT_STATUS_HAVE_NO_MEMORY(io);
io->in.name_type = NBT_NAME_PDC;
io->in.domain_name = lp_workgroup(lp_ctx);
@@ -159,6 +169,7 @@ NTSTATUS gp_init(TALLOC_CTX *mem_ctx,
/* Connect to ldap://DC_NAME with all relevant contexts*/
url = talloc_asprintf(mem_ctx, "ldap://%s", io->out.dcs[0].name);
+ NT_STATUS_HAVE_NO_MEMORY(url);
ldb_ctx = ldb_wrap_connect(mem_ctx, net_ctx->event_ctx, lp_ctx,
url, NULL, net_ctx->cred, 0);
if (ldb_ctx == NULL) {
@@ -168,6 +179,8 @@ NTSTATUS gp_init(TALLOC_CTX *mem_ctx,
*gp_ctx = talloc_zero(mem_ctx, struct gp_context);
+ NT_STATUS_HAVE_NO_MEMORY(gp_ctx);
+
(*gp_ctx)->lp_ctx = lp_ctx;
(*gp_ctx)->credentials = credentials;
(*gp_ctx)->ev_ctx = ev_ctx;
@@ -192,6 +205,7 @@ NTSTATUS gp_list_all_gpos(struct gp_context *gp_ctx, struct gp_object ***ret)
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
/* Create full ldb dn of the policies base object */
dn = ldb_get_default_basedn(gp_ctx->ldb_ctx);
@@ -205,6 +219,8 @@ NTSTATUS gp_list_all_gpos(struct gp_context *gp_ctx, struct gp_object ***ret)
DEBUG(10, ("Searching for policies in DN: %s\n", ldb_dn_get_linearized(dn)));
attrs = talloc_array(mem_ctx, const char *, 7);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(attrs, mem_ctx);
+
attrs[0] = "nTSecurityDescriptor";
attrs[1] = "versionNumber";
attrs[2] = "flags";
@@ -221,6 +237,8 @@ NTSTATUS gp_list_all_gpos(struct gp_context *gp_ctx, struct gp_object ***ret)
}
gpo = talloc_array(gp_ctx, struct gp_object *, result->count+1);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gpo, mem_ctx);
+
gpo[result->count] = NULL;
for (i = 0; i < result->count; i++) {
@@ -250,11 +268,14 @@ NTSTATUS gp_get_gpo_info(struct gp_context *gp_ctx, const char *dn_str, struct g
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
/* Create an ldb dn struct for the dn string */
dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
attrs = talloc_array(mem_ctx, const char *, 7);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(attrs, mem_ctx);
+
attrs[0] = "nTSecurityDescriptor";
attrs[1] = "versionNumber";
attrs[2] = "flags";
@@ -305,6 +326,8 @@ static NTSTATUS parse_gplink (TALLOC_CTX *mem_ctx, const char *gplink_str, struc
const char *gplink_start = "[LDAP://";
gplinks = talloc_array(mem_ctx, struct gp_link *, 1);
+ NT_STATUS_HAVE_NO_MEMORY(gplinks);
+
gplinks[0] = NULL;
/* Assuming every gPLink starts with "[LDAP://" */
@@ -313,14 +336,18 @@ static NTSTATUS parse_gplink (TALLOC_CTX *mem_ctx, const char *gplink_str, struc
for (pos = start; pos < strlen(gplink_str); pos++) {
if (gplink_str[pos] == ';') {
gplinks = talloc_realloc(mem_ctx, gplinks, struct gp_link *, idx+2);
+ NT_STATUS_HAVE_NO_MEMORY(gplinks);
gplinks[idx] = talloc(mem_ctx, struct gp_link);
+ NT_STATUS_HAVE_NO_MEMORY(gplinks[idx]);
gplinks[idx]->dn = talloc_strndup(mem_ctx,
gplink_str + start,
pos - start);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gplinks[idx]->dn, gplinks);
for (start = pos + 1; gplink_str[pos] != ']'; pos++);
buf = talloc_strndup(gplinks, gplink_str + start, pos - start);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(buf, gplinks);
gplinks[idx]->options = (uint32_t) strtoll(buf, &end, 0);
talloc_free(buf);
@@ -353,6 +380,7 @@ NTSTATUS gp_get_gplinks(struct gp_context *gp_ctx, const char *dn_str, struct gp
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
@@ -370,11 +398,13 @@ NTSTATUS gp_get_gplinks(struct gp_context *gp_ctx, const char *dn_str, struct gp
if (strcmp(element->name, "gPLink") == 0) {
SMB_ASSERT(element->num_values > 0);
gplink_str = talloc_strdup(mem_ctx, (char *) element->values[0].data);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gplink_str, mem_ctx);
goto found;
}
}
}
gplink_str = talloc_strdup(mem_ctx, "");
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gplink_str, mem_ctx);
found:
@@ -411,6 +441,7 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
sid = dom_sid_string(mem_ctx, token->user_sid);
@@ -447,6 +478,7 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c
}
gpos = talloc_array(gp_ctx, const char *, 1);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gpos, mem_ctx);
gpos[0] = NULL;
/* Walk through the containers until we hit the root */
@@ -526,7 +558,9 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c
/* Add the GPO to the list */
gpos = talloc_realloc(gp_ctx, gpos, const char *, count+2);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gpos, mem_ctx);
gpos[count] = talloc_strdup(gp_ctx, gplinks[i]->dn);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gpos[count], mem_ctx);
gpos[count+1] = NULL;
count++;
@@ -562,6 +596,7 @@ NTSTATUS gp_set_gplink(struct gp_context *gp_ctx, const char *dn_str, struct gp_
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
@@ -588,15 +623,19 @@ NTSTATUS gp_set_gplink(struct gp_context *gp_ctx, const char *dn_str, struct gp_
start++;
}
gplink_str = talloc_asprintf(mem_ctx, "%s;%d%s", gplink_str, gplink->options, start);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gplink_str, mem_ctx);
} else {
/* Prepend the new GPO link to the string. This list is backwards in priority. */
gplink_str = talloc_asprintf(mem_ctx, "[LDAP://%s;%d]%s", gplink->dn, gplink->options, gplink_str);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gplink_str, mem_ctx);
}
msg = ldb_msg_new(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg, mem_ctx);
+
msg->dn = dn;
rv = ldb_msg_add_string(msg, "gPLink", gplink_str);
@@ -625,12 +664,13 @@ NTSTATUS gp_del_gplink(struct gp_context *gp_ctx, const char *dn_str, const char
struct ldb_dn *dn;
struct ldb_message *msg;
const char *attrs[] = { "gPLink", NULL };
- const char *gplink_str;
+ const char *gplink_str, *search_string;
int rv;
char *p;
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
@@ -649,7 +689,10 @@ NTSTATUS gp_del_gplink(struct gp_context *gp_ctx, const char *dn_str, const char
gplink_str = ldb_msg_find_attr_as_string(result->msgs[0], "gPLink", "");
/* If this GPO link already exists, alter the options, else add it */
- p = strcasestr(gplink_str, talloc_asprintf(mem_ctx, "[LDAP://%s", gplink_dn));
+ search_string = talloc_asprintf(mem_ctx, "[LDAP://%s]", gplink_dn);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(search_string, mem_ctx);
+
+ p = strcasestr(gplink_str, search_string);
if (p == NULL) {
talloc_free(mem_ctx);
return NT_STATUS_NOT_FOUND;
@@ -662,9 +705,12 @@ NTSTATUS gp_del_gplink(struct gp_context *gp_ctx, const char *dn_str, const char
}
p++;
gplink_str = talloc_asprintf(mem_ctx, "%s%s", gplink_str, p);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gplink_str, mem_ctx);
msg = ldb_msg_new(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg, mem_ctx);
+
msg->dn = dn;
if (strcmp(gplink_str, "") == 0) {
@@ -704,6 +750,7 @@ NTSTATUS gp_get_inheritance(struct gp_context *gp_ctx, const char *dn_str, enum
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
@@ -732,9 +779,12 @@ NTSTATUS gp_set_inheritance(struct gp_context *gp_ctx, const char *dn_str, enum
int rv;
msg = ldb_msg_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(msg);
+
msg->dn = ldb_dn_new(msg, gp_ctx->ldb_ctx, dn_str);
inheritance_string = talloc_asprintf(msg, "%d", inheritance);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(inheritance_string, msg);
rv = ldb_msg_add_string(msg, "gPOptions", inheritance_string);
if (rv != 0) {
@@ -760,20 +810,30 @@ NTSTATUS gp_create_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo)
struct ldb_message *msg;
TALLOC_CTX *mem_ctx;
int rv;
- char *dn_str;
+ char *dn_str, *flags_str, *version_str;
struct ldb_dn *child_dn, *gpo_dn;
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
/* CN={GUID} */
msg = ldb_msg_new(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg, mem_ctx);
msg->dn = ldb_get_default_basedn(gp_ctx->ldb_ctx);
dn_str = talloc_asprintf(mem_ctx, "CN=%s,CN=Policies,CN=System", gpo->name);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(dn_str, mem_ctx);
+
child_dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
rv = ldb_dn_add_child(msg->dn, child_dn);
if (!rv) goto ldb_msg_add_error;
+ flags_str = talloc_asprintf(mem_ctx, "%d", gpo->flags);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(flags_str, mem_ctx);
+
+ version_str = talloc_asprintf(mem_ctx, "%d", gpo->version);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(version_str, mem_ctx);
+
rv = ldb_msg_add_string(msg, "objectClass", "top");
if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
rv = ldb_msg_add_string(msg, "objectClass", "container");
@@ -788,11 +848,9 @@ NTSTATUS gp_create_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo)
if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
rv = ldb_msg_add_string(msg, "gPCFileSysPath", gpo->file_sys_path);
if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
- rv = ldb_msg_add_string(msg, "flags",
- talloc_asprintf(mem_ctx, "%d", gpo->flags));
+ rv = ldb_msg_add_string(msg, "flags", flags_str);
if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
- rv = ldb_msg_add_string(msg, "versionNumber",
- talloc_asprintf(mem_ctx, "%d", gpo->version));
+ rv = ldb_msg_add_string(msg, "versionNumber", version_str);
if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
rv = ldb_msg_add_string(msg, "showInAdvancedViewOnly", "TRUE");
if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
@@ -810,6 +868,8 @@ NTSTATUS gp_create_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo)
/* CN=User */
msg = ldb_msg_new(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg, mem_ctx);
+
msg->dn = ldb_dn_copy(mem_ctx, gpo_dn);
child_dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, "CN=User");
rv = ldb_dn_add_child(msg->dn, child_dn);
@@ -835,6 +895,8 @@ NTSTATUS gp_create_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo)
/* CN=Machine */
msg = ldb_msg_new(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg, mem_ctx);
+
msg->dn = ldb_dn_copy(mem_ctx, gpo_dn);
child_dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, "CN=Machine");
rv = ldb_dn_add_child(msg->dn, child_dn);
@@ -859,6 +921,7 @@ NTSTATUS gp_create_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo)
}
gpo->dn = talloc_strdup(gpo, ldb_dn_get_linearized(gpo_dn));
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gpo->dn, mem_ctx);
talloc_free(mem_ctx);
return NT_STATUS_OK;
@@ -879,6 +942,7 @@ NTSTATUS gp_set_ads_acl (struct gp_context *gp_ctx, const char *dn_str, const st
/* Create a forked memory context to clean up easily */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
/* Push the security descriptor through the NDR library */
ndr_err = ndr_push_struct_blob(&data,
@@ -892,6 +956,8 @@ NTSTATUS gp_set_ads_acl (struct gp_context *gp_ctx, const char *dn_str, const st
/* Create a LDB message */
msg = ldb_msg_new(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg, mem_ctx);
+
msg->dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
rv = ldb_msg_add_value(msg, "nTSecurityDescriptor", &data, NULL);
diff --git a/source4/lib/policy/gp_manage.c b/source4/lib/policy/gp_manage.c
index 31a3a1cb5f..476cef5af0 100644
--- a/source4/lib/policy/gp_manage.c
+++ b/source4/lib/policy/gp_manage.c
@@ -58,22 +58,30 @@ static uint32_t gp_ads_to_dir_access_mask(uint32_t access_mask)
NTSTATUS gp_create_gpt_security_descriptor (TALLOC_CTX *mem_ctx, struct security_descriptor *ds_sd, struct security_descriptor **ret)
{
struct security_descriptor *fs_sd;
+ NTSTATUS status;
uint32_t i;
/* Allocate the file system security descriptor */
fs_sd = talloc(mem_ctx, struct security_descriptor);
+ NT_STATUS_HAVE_NO_MEMORY(fs_sd);
/* Copy the basic information from the directory server security descriptor */
fs_sd->owner_sid = talloc_memdup(fs_sd, ds_sd->owner_sid, sizeof(struct dom_sid));
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(fs_sd->owner_sid, fs_sd);
+
fs_sd->group_sid = talloc_memdup(fs_sd, ds_sd->group_sid, sizeof(struct dom_sid));
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(fs_sd->group_sid, fs_sd);
+
fs_sd->type = ds_sd->type;
fs_sd->revision = ds_sd->revision;
/* Copy the sacl */
fs_sd->sacl = security_acl_dup(fs_sd, ds_sd->sacl);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(fs_sd->sacl, fs_sd);
/* Copy the dacl */
fs_sd->dacl = talloc_zero(fs_sd, struct security_acl);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(fs_sd->dacl, fs_sd);
for (i = 0; i < ds_sd->dacl->num_aces; i++) {
char *trustee = dom_sid_string(fs_sd, &ds_sd->dacl->aces[i].trustee);
@@ -88,6 +96,7 @@ NTSTATUS gp_create_gpt_security_descriptor (TALLOC_CTX *mem_ctx, struct security
/* Copy the ace from the directory server security descriptor */
ace = talloc_memdup(fs_sd, &ds_sd->dacl->aces[i], sizeof(struct security_ace));
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(ace, fs_sd);
/* Set specific inheritance flags for within the GPO */
ace->flags |= SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_CONTAINER_INHERIT;
@@ -99,7 +108,11 @@ NTSTATUS gp_create_gpt_security_descriptor (TALLOC_CTX *mem_ctx, struct security
ace->access_mask = gp_ads_to_dir_access_mask(ace->access_mask);
/* Add the ace to the security descriptor DACL */
- security_descriptor_dacl_add(fs_sd, ace);
+ status = security_descriptor_dacl_add(fs_sd, ace);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to add a dacl to file system security descriptor\n"));
+ return status;
+ }
/* Clean up the allocated data in this iteration */
talloc_free(trustee);
@@ -122,14 +135,18 @@ NTSTATUS gp_create_gpo (struct gp_context *gp_ctx, const char *display_name, str
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
/* Create the gpo struct to return later */
gpo = talloc(gp_ctx, struct gp_object);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gpo, mem_ctx);
/* Generate a GUID */
guid_struct = GUID_random();
guid_str = GUID_string2(mem_ctx, &guid_struct);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(guid_str, mem_ctx);
name = strupper_talloc(mem_ctx, guid_str);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(name, mem_ctx);
/* Prepare the GPO struct */
gpo->dn = NULL;
@@ -137,7 +154,10 @@ NTSTATUS gp_create_gpo (struct gp_context *gp_ctx, const char *display_name, str
gpo->flags = 0;
gpo->version = 0;
gpo->display_name = talloc_strdup(gpo, display_name);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gpo->display_name, mem_ctx);
+
gpo->file_sys_path = talloc_asprintf(gpo, "\\\\%s\\sysvol\\%s\\Policies\\%s", lp_dnsdomain(gp_ctx->lp_ctx), lp_dnsdomain(gp_ctx->lp_ctx), name);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(gpo->file_sys_path, mem_ctx);
/* Create the GPT */
status = gp_create_gpt(gp_ctx, name, gpo->file_sys_path);
@@ -195,6 +215,7 @@ NTSTATUS gp_set_acl (struct gp_context *gp_ctx, const char *dn_str, const struct
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
/* Set the ACL on LDAP database */
status = gp_set_ads_acl(gp_ctx, dn_str, sd);
diff --git a/source4/lib/policy/pypolicy.c b/source4/lib/policy/pypolicy.c
index 9ace387a80..7df5081d66 100644
--- a/source4/lib/policy/pypolicy.c
+++ b/source4/lib/policy/pypolicy.c
@@ -17,9 +17,9 @@
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
+#include <Python.h>
#include "includes.h"
#include "policy.h"
-#include <Python.h>
#include "libcli/util/pyerrors.h"
static PyObject *py_get_gpo_flags(PyObject *self, PyObject *args)