diff options
author | Stefan Metzmacher <metze@samba.org> | 2013-05-31 16:04:26 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2013-06-04 11:05:09 +0200 |
commit | 097a8c723925d3e35606215cb16be28a37b0112e (patch) | |
tree | 416fbc24d1146cf005044b44506a56d8a1464d98 | |
parent | b2380081e23c68d515bd0c257d56ba4a593f991b (diff) | |
download | samba-097a8c723925d3e35606215cb16be28a37b0112e.tar.gz samba-097a8c723925d3e35606215cb16be28a37b0112e.tar.bz2 samba-097a8c723925d3e35606215cb16be28a37b0112e.zip |
s4:winbind: don't leak libnet_context into the main event context
This needs to be a talloc child of struct wbsrv_domain
otherwise the cleanup of a broken connection doesn't work.
The following command can trigger the leak on a domain controller.
root@dc:~/samba# ls -l /var/lib/samba/sysvol/samba.private/
total 16
drwxrwx---+ 5 root 3000000 4096 May 14 14:46 Policies
drwxrwx---+ 2 root 3000000 4096 May 14 11:45 scripts
gid 3000000 belongs to Builtin\Administrators.
The code triggers a ncacn_np: connection to the local smbd
and complains that domain BUILTIN is not available:
[2013/05/29 17:28:03, 2] ../source4/winbind/wb_init_domain.c:376(init_domain_recv_queryinfo)
Expected domain name BUILTIN, DC dc.samba.private said SAMBA
In that case the connection was not closed, which is fixed by this commit.
Using ncalrpc: for all local SIDs and serving the BUILTIN domain is
a project for another day...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun 4 11:05:09 CEST 2013 on sn-devel-104
-rw-r--r-- | source4/winbind/wb_init_domain.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index 5e2aa47005..70dbaa9ce8 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -144,6 +144,8 @@ struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx, state->domain->libnet_ctx = libnet_context_init(service->task->event_ctx, service->task->lp_ctx); + if (state->domain->libnet_ctx == NULL) goto failed; + talloc_steal(state->domain, state->domain->libnet_ctx); /* Create a credentials structure */ state->domain->libnet_ctx->cred = cli_credentials_init(state->domain); |