summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2001-10-29 04:50:17 +0000
committerTim Potter <tpot@samba.org>2001-10-29 04:50:17 +0000
commitb8b04c4d5ee8c3a7f1f55fdd809dcda638a16efe (patch)
tree45343755266b5642699b6b675637b474481887e7
parent67dae09cc6b124662aa514df06dd89492382e15f (diff)
downloadsamba-b8b04c4d5ee8c3a7f1f55fdd809dcda638a16efe.tar.gz
samba-b8b04c4d5ee8c3a7f1f55fdd809dcda638a16efe.tar.bz2
samba-b8b04c4d5ee8c3a7f1f55fdd809dcda638a16efe.zip
Don't reference tallocated memory that has already been disposed of. The
cli_samr_query_userinfo function used to do this. (This used to be commit da2c167660ec12360354f96dc672d935f58dd9c0)
-rw-r--r--source3/nsswitch/winbindd_proto.h3
-rw-r--r--source3/nsswitch/winbindd_user.c25
-rw-r--r--source3/nsswitch/winbindd_util.c9
3 files changed, 26 insertions, 11 deletions
diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h
index f3ba2063ee..8e80b1da71 100644
--- a/source3/nsswitch/winbindd_proto.h
+++ b/source3/nsswitch/winbindd_proto.h
@@ -123,7 +123,8 @@ BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid,
enum SID_NAME_USE *type);
BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, fstring name,
enum SID_NAME_USE *type);
-BOOL winbindd_lookup_userinfo(struct winbindd_domain *domain, uint32 user_rid,
+BOOL winbindd_lookup_userinfo(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx, uint32 user_rid,
SAM_USERINFO_CTR **user_info);
BOOL winbindd_lookup_usergroups(struct winbindd_domain *domain,
uint32 user_rid, uint32 *num_groups,
diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c
index 6e64922cc0..21ca577b24 100644
--- a/source3/nsswitch/winbindd_user.c
+++ b/source3/nsswitch/winbindd_user.c
@@ -59,7 +59,7 @@ static BOOL winbindd_fill_pwent(char *domain_name, char *name,
/* Full name (gecos) */
safe_strcpy(pw->pw_gecos, full_name, sizeof(pw->pw_gecos) - 1);
-
+
/* Home directory and shell - use template config parameters. The
defaults are /tmp for the home directory and /bin/false for
shell. */
@@ -99,6 +99,7 @@ enum winbindd_result winbindd_getpwnam_from_user(struct winbindd_cli_state
fstring name_domain, name_user, name, gecos_name;
enum SID_NAME_USE name_type;
struct winbindd_domain *domain;
+ TALLOC_CTX *mem_ctx;
DEBUG(3, ("[%5d]: getpwnam %s\n", state->pid,
state->request.data.username));
@@ -144,18 +145,27 @@ enum winbindd_result winbindd_getpwnam_from_user(struct winbindd_cli_state
from the winbind_lookup_by_name() call and use it in a
winbind_lookup_userinfo() */
+ if (!(mem_ctx = talloc_init())) {
+ DEBUG(1, ("out of memory\n"));
+ return WINBINDD_ERROR;
+ }
+
sid_split_rid(&user_sid, &user_rid);
- if (!winbindd_lookup_userinfo(domain, user_rid, &user_info)) {
+ if (!winbindd_lookup_userinfo(domain, mem_ctx, user_rid, &user_info)) {
DEBUG(1, ("pwnam_from_user(): error getting user info for "
"user '%s'\n", name_user));
return WINBINDD_ERROR;
}
group_rid = user_info->info.id21->group_rid;
+
unistr2_to_ascii(gecos_name, &user_info->info.id21->uni_full_name,
sizeof(gecos_name) - 1);
+ talloc_destroy(mem_ctx);
+ user_info = NULL;
+
/* Now take all this information and fill in a passwd structure */
if (!winbindd_fill_pwent(name_domain, state->request.data.username,
@@ -182,6 +192,7 @@ enum winbindd_result winbindd_getpwnam_from_uid(struct winbindd_cli_state
enum SID_NAME_USE name_type;
SAM_USERINFO_CTR *user_info;
gid_t gid;
+ TALLOC_CTX *mem_ctx;
/* Bug out if the uid isn't in the winbind range */
@@ -228,7 +239,12 @@ enum winbindd_result winbindd_getpwnam_from_uid(struct winbindd_cli_state
/* Get some user info */
- if (!winbindd_lookup_userinfo(domain, user_rid, &user_info)) {
+ if (!(mem_ctx = talloc_init())) {
+ DEBUG(1, ("out of memory\n"));
+ return WINBINDD_ERROR;
+ }
+
+ if (!winbindd_lookup_userinfo(domain, mem_ctx, user_rid, &user_info)) {
DEBUG(1, ("pwnam_from_uid(): error getting user info for "
"user '%s'\n", user_name));
return WINBINDD_ERROR;
@@ -238,6 +254,9 @@ enum winbindd_result winbindd_getpwnam_from_uid(struct winbindd_cli_state
unistr2_to_ascii(gecos_name, &user_info->info.id21->uni_full_name,
sizeof(gecos_name) - 1);
+ talloc_destroy(mem_ctx);
+ user_info = NULL;
+
/* Resolve gid number */
if (!winbindd_idmap_get_gid_from_rid(domain->name, group_rid, &gid)) {
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index cf0e6b8e93..614198673b 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -287,17 +287,14 @@ BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, fstring name,
/* Lookup user information from a rid */
-BOOL winbindd_lookup_userinfo(struct winbindd_domain *domain, uint32 user_rid,
+BOOL winbindd_lookup_userinfo(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx, uint32 user_rid,
SAM_USERINFO_CTR **user_info)
{
- TALLOC_CTX *mem_ctx;
CLI_POLICY_HND *hnd;
uint16 info_level = 0x15;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- if (!(mem_ctx = talloc_init()))
- return False;
-
if (!(hnd = cm_get_sam_user_handle(domain->name, &domain->sid,
user_rid)))
goto done;
@@ -306,8 +303,6 @@ BOOL winbindd_lookup_userinfo(struct winbindd_domain *domain, uint32 user_rid,
info_level, user_info);
done:
- talloc_destroy(mem_ctx);
-
return NT_STATUS_IS_OK(result);
}