summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_util.c3
-rw-r--r--source3/auth/auth_winbind.c5
-rw-r--r--source3/libsmb/trustdom_cache.c37
-rw-r--r--source3/param/loadparm.c3
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c1
-rw-r--r--source3/smbd/posix_acls.c4
-rw-r--r--source3/smbd/sesssetup.c8
7 files changed, 46 insertions, 15 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index e6ed83a79a..9a03e7fe13 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1236,6 +1236,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
info3->gids[i].g_rid));
SAFE_FREE(lgroupSIDs);
+ SAFE_FREE(all_group_SIDs);
free_server_info(server_info);
return nt_status;
@@ -1264,6 +1265,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
if ( !NT_STATUS_IS_OK(nt_status) ) {
DEBUG(4,("create_nt_user_token failed\n"));
+ SAFE_FREE(lgroupSIDs);
SAFE_FREE(all_group_SIDs);
free_server_info(server_info);
return nt_status;
@@ -1271,6 +1273,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
(*server_info)->ptok = token;
+ SAFE_FREE(lgroupSIDs);
SAFE_FREE(all_group_SIDs);
/* ensure we are never given NULL session keys */
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index 0e2820313e..4260a0e80b 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -127,9 +127,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
if (result == NSS_STATUS_SUCCESS && response.extra_data) {
if (NT_STATUS_IS_OK(nt_status)) {
-
- if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3)))
- {
+ if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) {
nt_status = make_server_info_info3(mem_ctx,
user_info->internal_username.str,
user_info->smb_name.str, user_info->domain.str,
@@ -141,6 +139,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
nt_status = NT_STATUS_NO_LOGON_SERVERS;
}
+ SAFE_FREE(response.extra_data);
return nt_status;
}
diff --git a/source3/libsmb/trustdom_cache.c b/source3/libsmb/trustdom_cache.c
index 0128d08006..e63acd18c4 100644
--- a/source3/libsmb/trustdom_cache.c
+++ b/source3/libsmb/trustdom_cache.c
@@ -114,12 +114,14 @@ BOOL trustdom_cache_store(char* name, char* alt_name, const DOM_SID *sid,
{
char *key, *alt_key;
fstring sid_string;
+ BOOL ret;
/*
* we use gecache call to avoid annoying debug messages
* about initialised trustdom
*/
- if (!gencache_init()) return False;
+ if (!gencache_init())
+ return False;
DEBUG(5, ("trustdom_store: storing SID %s of domain %s\n",
sid_string_static(sid), name));
@@ -134,11 +136,18 @@ BOOL trustdom_cache_store(char* name, char* alt_name, const DOM_SID *sid,
* try to put the names in the cache
*/
if (alt_key) {
- return (gencache_set(alt_key, sid_string, timeout)
- && gencache_set(key, sid_string, timeout));
+ ret = gencache_set(alt_key, sid_string, timeout);
+ if ( ret ) {
+ ret = gencache_set(key, sid_string, timeout);
+ }
+ SAFE_FREE(alt_key);
+ SAFE_FREE(key);
+ return ret;
}
-
- return gencache_set(key, sid_string, timeout);
+
+ ret = gencache_set(key, sid_string, timeout);
+ SAFE_FREE(key);
+ return ret;
}
@@ -155,22 +164,26 @@ BOOL trustdom_cache_store(char* name, char* alt_name, const DOM_SID *sid,
BOOL trustdom_cache_fetch(const char* name, DOM_SID* sid)
{
- char *key, *value;
+ char *key = NULL, *value = NULL;
time_t timeout;
/* init the cache */
- if (!gencache_init()) return False;
+ if (!gencache_init())
+ return False;
/* exit now if null pointers were passed as they're required further */
- if (!sid) return False;
+ if (!sid)
+ return False;
/* prepare a key and get the value */
key = trustdom_cache_key(name);
- if (!key) return False;
+ if (!key)
+ return False;
if (!gencache_get(key, &value, &timeout)) {
DEBUG(5, ("no entry for trusted domain %s found.\n", name));
SAFE_FREE(key);
+ SAFE_FREE(value);
return False;
} else {
SAFE_FREE(key);
@@ -180,9 +193,11 @@ BOOL trustdom_cache_fetch(const char* name, DOM_SID* sid)
/* convert ip string representation into in_addr structure */
if(! string_to_sid(sid, value)) {
sid = NULL;
+ SAFE_FREE(value);
return False;
}
+ SAFE_FREE(value);
return True;
}
@@ -193,7 +208,7 @@ BOOL trustdom_cache_fetch(const char* name, DOM_SID* sid)
uint32 trustdom_cache_fetch_timestamp( void )
{
- char *value;
+ char *value = NULL;
time_t timeout;
uint32 timestamp;
@@ -203,11 +218,13 @@ uint32 trustdom_cache_fetch_timestamp( void )
if (!gencache_get(TDOMTSKEY, &value, &timeout)) {
DEBUG(5, ("no timestamp for trusted domain cache located.\n"));
+ SAFE_FREE(value);
return 0;
}
timestamp = atoi(value);
+ SAFE_FREE(value);
return timestamp;
}
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 30fbc9713e..b5bd14cdde 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1447,6 +1447,7 @@ static void init_globals(void)
a large number of sites (tridge) */
Globals.bHostnameLookups = False;
+ str_list_free(&Globals.szPassdbBackend);
#ifdef WITH_LDAP_SAMCONFIG
string_set(&Globals.szLdapServer, "localhost");
Globals.ldap_port = 636;
@@ -2517,6 +2518,7 @@ static void copy_service(service * pserviceDest, service * pserviceSource, BOOL
strupper_m(*(char **)dest_ptr);
break;
case P_LIST:
+ str_list_free((char ***)dest_ptr);
str_list_copy((char ***)dest_ptr, *(const char ***)src_ptr);
break;
default:
@@ -2748,6 +2750,7 @@ static BOOL handle_netbios_scope(int snum, const char *pszParmValue, char **ptr)
static BOOL handle_netbios_aliases(int snum, const char *pszParmValue, char **ptr)
{
+ str_list_free(&Globals.szNetbiosAliases);
Globals.szNetbiosAliases = str_list_make(pszParmValue, NULL);
return set_netbios_aliases((const char **)Globals.szNetbiosAliases);
}
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 44fec78c50..ccf571a0e2 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -1118,6 +1118,7 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn)
data_blob_free(&p->session_key);
delete_nt_token(&p->pipe_user.nt_user_token);
+ data_blob_free(&p->session_key);
SAFE_FREE(p->pipe_user.groups);
DLIST_REMOVE(InternalPipes, p);
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 158f1a0ede..584164e930 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -2110,8 +2110,10 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
* entries out of the blue when setting ACLs, so a get/set
* cycle will drop them.
*/
- if (the_acl_type == SMB_ACL_TYPE_ACCESS && *puid == psbuf->st_uid)
+ if (the_acl_type == SMB_ACL_TYPE_ACCESS && *puid == psbuf->st_uid) {
+ SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)puid,tagtype);
continue;
+ }
uid_to_sid( &sid, *puid);
unix_ug.uid = *puid;
owner_type = UID_ACE;
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 902db2d288..8a56478929 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -150,7 +150,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
DATA_BLOB auth_data;
DATA_BLOB ap_rep, ap_rep_wrapped, response;
auth_serversupplied_info *server_info = NULL;
- DATA_BLOB session_key;
+ DATA_BLOB session_key = data_blob(NULL, 0);
uint8 tok_id[2];
BOOL foreign = False;
DATA_BLOB nullblob = data_blob(NULL, 0);
@@ -183,6 +183,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
if (!p) {
DEBUG(3,("Doesn't look like a valid principal\n"));
data_blob_free(&ap_rep);
+ data_blob_free(&session_key);
SAFE_FREE(client);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
@@ -192,6 +193,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1));
if (!lp_allow_trusted_domains()) {
data_blob_free(&ap_rep);
+ data_blob_free(&session_key);
SAFE_FREE(client);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
@@ -249,6 +251,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
SAFE_FREE(user);
SAFE_FREE(client);
data_blob_free(&ap_rep);
+ data_blob_free(&session_key);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
@@ -263,6 +266,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
SAFE_FREE(user);
SAFE_FREE(client);
data_blob_free(&ap_rep);
+ data_blob_free(&session_key);
return ERROR_NT(ret);
}
@@ -274,6 +278,8 @@ static int reply_spnego_kerberos(connection_struct *conn,
}
/* register_vuid keeps the server info */
+ /* register_vuid takes ownership of session_key, no need to free after this.
+ A better interface would copy it.... */
sess_vuid = register_vuid(server_info, session_key, nullblob, client);
SAFE_FREE(user);