diff options
| author | Günther Deschner <gd@samba.org> | 2006-05-16 14:29:39 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:17:04 -0500 |
| commit | ae0939ee66602f8667aab2b069768ef17102d851 (patch) | |
| tree | a4405efc8a6009df00b20ba94f0da301f54e3b5b /source3/nsswitch/winbindd_cred_cache.c | |
| parent | 22bed618b6aacd2986592c388ae3360f3df02d02 (diff) | |
| download | samba-ae0939ee66602f8667aab2b069768ef17102d851.tar.gz samba-ae0939ee66602f8667aab2b069768ef17102d851.tar.bz2 samba-ae0939ee66602f8667aab2b069768ef17102d851.zip | |
r15634: Prevent passwords of winbindd's list of credential caches from beeing
swapped to disc using mlock(). (patch was reviewed by Jeremy).
Guenther
(This used to be commit 206cdbb8e9a4a0900060d56510e58b85a2b8aec5)
Diffstat (limited to 'source3/nsswitch/winbindd_cred_cache.c')
| -rw-r--r-- | source3/nsswitch/winbindd_cred_cache.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/source3/nsswitch/winbindd_cred_cache.c b/source3/nsswitch/winbindd_cred_cache.c index 8fc8058441..5fdb79c107 100644 --- a/source3/nsswitch/winbindd_cred_cache.c +++ b/source3/nsswitch/winbindd_cred_cache.c @@ -74,6 +74,23 @@ NTSTATUS remove_ccache_by_ccname(const char *ccname) if (strequal(entry->ccname, ccname)) { DLIST_REMOVE(ccache_list, entry); TALLOC_FREE(entry->event); /* unregisters events */ +#ifdef HAVE_MUNLOCK + if (entry->pass) { + size_t len = strlen(entry->pass)+1; +#ifdef DEBUG_PASSWORD + DEBUG(10,("unlocking memory: %p\n", entry->pass)); +#endif + memset(&(entry->pass), 0, len); + if ((munlock(&entry->pass, len)) == -1) { + DEBUG(0,("failed to munlock memory: %s (%d)\n", + strerror(errno), errno)); + return map_nt_error_from_unix(errno); + } +#ifdef DEBUG_PASSWORD + DEBUG(10,("munlocked memory: %p\n", entry->pass)); +#endif + } +#endif /* HAVE_MUNLOCK */ TALLOC_FREE(entry); DEBUG(10,("remove_ccache_by_ccname: removed ccache %s\n", ccname)); return NT_STATUS_OK; @@ -227,9 +244,31 @@ NTSTATUS add_ccache_to_list(const char *princ_name, new_entry->service = talloc_strdup(mem_ctx, service); NT_STATUS_HAVE_NO_MEMORY(new_entry->service); } + if (schedule_refresh_event && pass) { +#ifdef HAVE_MLOCK + size_t len = strlen(pass)+1; + + new_entry->pass = TALLOC_ZERO(mem_ctx, len); + NT_STATUS_HAVE_NO_MEMORY(new_entry->pass); + +#ifdef DEBUG_PASSWORD + DEBUG(10,("mlocking memory: %p\n", new_entry->pass)); +#endif + if ((mlock(new_entry->pass, len)) == -1) { + DEBUG(0,("failed to mlock memory: %s (%d)\n", + strerror(errno), errno)); + return map_nt_error_from_unix(errno); + } + +#ifdef DEBUG_PASSWORD + DEBUG(10,("mlocked memory: %p\n", new_entry->pass)); +#endif + memcpy(new_entry->pass, pass, len); +#else new_entry->pass = talloc_strdup(mem_ctx, pass); NT_STATUS_HAVE_NO_MEMORY(new_entry->pass); +#endif /* HAVE_MLOCK */ } new_entry->create_time = create_time; @@ -261,6 +300,13 @@ NTSTATUS add_ccache_to_list(const char *princ_name, NTSTATUS destroy_ccache_list(void) { +#ifdef HAVE_MUNLOCKALL + if ((munlockall()) == -1) { + DEBUG(0,("failed to unlock memory: %s (%d)\n", + strerror(errno), errno)); + return map_nt_error_from_unix(errno); + } +#endif /* HAVE_MUNLOCKALL */ return talloc_destroy(mem_ctx) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } |