summaryrefslogtreecommitdiff
path: root/source3/libads
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libads')
-rw-r--r--source3/libads/kerberos_keytab.c4
-rw-r--r--source3/libads/krb5_setpw.c35
-rw-r--r--source3/libads/ldap.c34
3 files changed, 57 insertions, 16 deletions
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 410aad649c..cb0841f2e2 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -488,9 +488,13 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
break;
}
if (!strcmp(oldEntries[i], ktprinc)) {
+ krb5_free_unparsed_name(context, ktprinc);
break;
}
}
+ if (i == found) {
+ krb5_free_unparsed_name(context, ktprinc);
+ }
}
krb5_free_keytab_entry_contents(context, &kt_entry);
ZERO_STRUCT(kt_entry);
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 5c859f0e99..111834e886 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -56,7 +56,7 @@ static DATA_BLOB encode_krb5_setpw(const char *principal, const char *password)
princ = strdup(principal);
- if ((c = strchr(princ, '/')) == NULL) {
+ if ((c = strchr_m(princ, '/')) == NULL) {
c = princ;
} else {
*c = '\0';
@@ -66,7 +66,7 @@ static DATA_BLOB encode_krb5_setpw(const char *principal, const char *password)
princ_part2 = c;
- if ((c = strchr(c, '@')) != NULL) {
+ if ((c = strchr_m(c, '@')) != NULL) {
*c = '\0';
c++;
realm = c;
@@ -462,14 +462,16 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
{
ADS_STATUS aret;
- krb5_error_code ret;
+ krb5_error_code ret = 0;
krb5_context context = NULL;
- krb5_principal principal;
- char *princ_name;
- char *realm;
- krb5_creds creds, *credsp;
+ krb5_principal principal = NULL;
+ char *princ_name = NULL;
+ char *realm = NULL;
+ krb5_creds creds, *credsp = NULL;
krb5_ccache ccache = NULL;
+ ZERO_STRUCT(creds);
+
ret = krb5_init_context(&context);
if (ret) {
DEBUG(1,("Failed to init krb5 context (%s)\n", error_message(ret)));
@@ -487,14 +489,19 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
return ADS_ERROR_KRB5(ret);
}
- ZERO_STRUCT(creds);
-
- realm = strchr(princ, '@');
+ realm = strchr_m(princ, '@');
+ if (!realm) {
+ krb5_cc_close(context, ccache);
+ krb5_free_context(context);
+ DEBUG(1,("Failed to get realm\n"));
+ return ADS_ERROR_KRB5(-1);
+ }
realm++;
asprintf(&princ_name, "kadmin/changepw@%s", realm);
ret = krb5_parse_name(context, princ_name, &creds.server);
if (ret) {
+ krb5_cc_close(context, ccache);
krb5_free_context(context);
DEBUG(1,("Failed to parse kadmin/changepw (%s)\n", error_message(ret)));
return ADS_ERROR_KRB5(ret);
@@ -504,6 +511,8 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
/* parse the principal we got as a function argument */
ret = krb5_parse_name(context, princ, &principal);
if (ret) {
+ krb5_cc_close(context, ccache);
+ krb5_free_principal(context, creds.server);
krb5_free_context(context);
DEBUG(1,("Failed to parse %s (%s)\n", princ_name, error_message(ret)));
return ADS_ERROR_KRB5(ret);
@@ -514,6 +523,8 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
ret = krb5_cc_get_principal(context, ccache, &creds.client);
if (ret) {
+ krb5_cc_close(context, ccache);
+ krb5_free_principal(context, creds.server);
krb5_free_principal(context, principal);
krb5_free_context(context);
DEBUG(1,("Failed to get principal from ccache (%s)\n",
@@ -523,7 +534,9 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
if (ret) {
+ krb5_cc_close(context, ccache);
krb5_free_principal(context, creds.client);
+ krb5_free_principal(context, creds.server);
krb5_free_principal(context, principal);
krb5_free_context(context);
DEBUG(1,("krb5_get_credentials failed (%s)\n", error_message(ret)));
@@ -538,7 +551,9 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
krb5_free_creds(context, credsp);
krb5_free_principal(context, creds.client);
+ krb5_free_principal(context, creds.server);
krb5_free_principal(context, principal);
+ krb5_cc_close(context, ccache);
krb5_free_context(context);
return aret;
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 3a9c41f09d..985d3cb576 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1003,7 +1003,7 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name)
{
- LDAPMessage *res;
+ LDAPMessage *res = NULL;
uint32 kvno = (uint32)-1; /* -1 indicates a failure */
char *filter;
const char *attrs[] = {"msDS-KeyVersionNumber", NULL};
@@ -1018,12 +1018,14 @@ uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name)
SAFE_FREE(filter);
if (!ADS_ERR_OK(ret) && ads_count_replies(ads, res)) {
DEBUG(1,("ads_get_kvno: Computer Account For %s not found.\n", machine_name));
+ ads_msgfree(ads, res);
return kvno;
}
dn_string = ads_get_dn(ads, res);
if (!dn_string) {
DEBUG(0,("ads_get_kvno: out of memory.\n"));
+ ads_msgfree(ads, res);
return kvno;
}
DEBUG(5,("ads_get_kvno: Using: %s\n", dn_string));
@@ -1040,11 +1042,13 @@ uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name)
if (!ads_pull_uint32(ads, res, "msDS-KeyVersionNumber", &kvno)) {
DEBUG(3,("ads_get_kvno: Error Determining KVNO!\n"));
DEBUG(3,("ads_get_kvno: Windows 2000 does not support KVNO's, so this may be normal.\n"));
+ ads_msgfree(ads, res);
return kvno;
}
/* Success */
DEBUG(5,("ads_get_kvno: Looked Up KVNO of: %d\n", kvno));
+ ads_msgfree(ads, res);
return kvno;
}
@@ -1058,7 +1062,7 @@ uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name)
ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name)
{
TALLOC_CTX *ctx;
- LDAPMessage *res;
+ LDAPMessage *res = NULL;
ADS_MODLIST mods;
const char *servicePrincipalName[1] = {NULL};
ADS_STATUS ret = ADS_ERROR(LDAP_SUCCESS);
@@ -1068,28 +1072,33 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machin
if (!ADS_ERR_OK(ret) || ads_count_replies(ads, res) != 1) {
DEBUG(5,("ads_clear_service_principal_names: WARNING: Host Account for %s not found... skipping operation.\n", machine_name));
DEBUG(5,("ads_clear_service_principal_names: WARNING: Service Principals for %s have NOT been cleared.\n", machine_name));
+ ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
}
DEBUG(5,("ads_clear_service_principal_names: Host account for %s found\n", machine_name));
ctx = talloc_init("ads_clear_service_principal_names");
if (!ctx) {
+ ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_MEMORY);
}
if (!(mods = ads_init_mods(ctx))) {
talloc_destroy(ctx);
+ ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_MEMORY);
}
ret = ads_mod_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName);
if (!ADS_ERR_OK(ret)) {
DEBUG(1,("ads_clear_service_principal_names: Error creating strlist.\n"));
+ ads_msgfree(ads, res);
talloc_destroy(ctx);
return ret;
}
dn_string = ads_get_dn(ads, res);
if (!dn_string) {
talloc_destroy(ctx);
+ ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_MEMORY);
}
ret = ads_gen_mod(ads, dn_string, mods);
@@ -1097,10 +1106,12 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machin
if (!ADS_ERR_OK(ret)) {
DEBUG(1,("ads_clear_service_principal_names: Error: Updating Service Principals for machine %s in LDAP\n",
machine_name));
+ ads_msgfree(ads, res);
talloc_destroy(ctx);
return ret;
}
+ ads_msgfree(ads, res);
talloc_destroy(ctx);
return ret;
}
@@ -1118,7 +1129,7 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n
{
ADS_STATUS ret;
TALLOC_CTX *ctx;
- LDAPMessage *res;
+ LDAPMessage *res = NULL;
char *host_spn, *host_upn, *psp1, *psp2;
ADS_MODLIST mods;
fstring my_fqdn;
@@ -1131,21 +1142,25 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n
machine_name));
DEBUG(1,("ads_add_service_principal_name: WARNING: Service Principal '%s/%s@%s' has NOT been added.\n",
spn, machine_name, ads->config.realm));
+ ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
}
DEBUG(1,("ads_add_service_principal_name: Host account for %s found\n", machine_name));
if (!(ctx = talloc_init("ads_add_service_principal_name"))) {
+ ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_MEMORY);
}
name_to_fqdn(my_fqdn, machine_name);
if (!(host_spn = talloc_asprintf(ctx, "HOST/%s", my_fqdn))) {
talloc_destroy(ctx);
+ ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
}
if (!(host_upn = talloc_asprintf(ctx, "%s@%s", host_spn, ads->config.realm))) {
talloc_destroy(ctx);
+ ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
}
@@ -1163,28 +1178,33 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n
if (!(mods = ads_init_mods(ctx))) {
talloc_destroy(ctx);
+ ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_MEMORY);
}
ret = ads_add_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName);
if (!ADS_ERR_OK(ret)) {
DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n"));
talloc_destroy(ctx);
+ ads_msgfree(ads, res);
return ret;
}
dn_string = ads_get_dn(ads, res);
if (!dn_string) {
talloc_destroy(ctx);
+ ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_MEMORY);
}
- ret = ads_gen_mod(ads, ads_get_dn(ads, res), mods);
+ ret = ads_gen_mod(ads, dn_string, mods);
ads_memfree(ads,dn_string);
if (!ADS_ERR_OK(ret)) {
DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n"));
talloc_destroy(ctx);
+ ads_msgfree(ads, res);
return ret;
}
talloc_destroy(ctx);
+ ads_msgfree(ads, res);
return ret;
}
@@ -1212,7 +1232,7 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *machine_name
unsigned acct_control;
unsigned exists=0;
fstring my_fqdn;
- LDAPMessage *res;
+ LDAPMessage *res = NULL;
if (!(ctx = talloc_init("ads_add_machine_acct")))
return ADS_ERROR(LDAP_NO_MEMORY);
@@ -1318,6 +1338,7 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *machine_name
}
}
done:
+ ads_msgfree(ads, res);
talloc_destroy(ctx);
return ret;
}
@@ -1542,7 +1563,7 @@ ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name,
uint32 account_type, const char *org_unit)
{
ADS_STATUS status;
- LDAPMessage *res;
+ LDAPMessage *res = NULL;
char *machine;
/* machine name must be lowercase */
@@ -1577,6 +1598,7 @@ ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name,
}
SAFE_FREE(machine);
+ ads_msgfree(ads, res);
return status;
}