From 3fea9df85a7d489b81e21a7a63f9e115de712d4c Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 22 Sep 2010 15:35:36 -0700 Subject: s4-param: Check type when converting python object to lp_ctx, fix some memory leaks. --- source4/auth/credentials/pycredentials.c | 9 +++++++-- source4/auth/gensec/pygensec.c | 18 ++++++++++++++++++ source4/auth/pyauth.c | 8 ++++++-- source4/param/provision.c | 9 +++++++-- source4/param/pyparam_util.c | 24 +++++++++++++++++++++++- source4/scripting/python/pyglue.c | 3 +-- source4/scripting/python/samba/tests/gensec.py | 7 +++---- 7 files changed, 65 insertions(+), 13 deletions(-) diff --git a/source4/auth/credentials/pycredentials.c b/source4/auth/credentials/pycredentials.c index 7c860b041d..e1a74037ec 100644 --- a/source4/auth/credentials/pycredentials.c +++ b/source4/auth/credentials/pycredentials.c @@ -214,12 +214,14 @@ static PyObject *py_creds_guess(py_talloc_Object *self, PyObject *args) if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx)) return NULL; - lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */ + lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); if (lp_ctx == NULL) return NULL; cli_credentials_guess(creds, lp_ctx); + talloc_free(lp_ctx); + Py_RETURN_NONE; } @@ -235,11 +237,13 @@ static PyObject *py_creds_set_machine_account(py_talloc_Object *self, PyObject * if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx)) return NULL; - lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */ + lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); if (lp_ctx == NULL) return NULL; status = cli_credentials_set_machine_account(creds, lp_ctx); + talloc_free(lp_ctx); + PyErr_NTSTATUS_IS_ERR_RAISE(status); Py_RETURN_NONE; @@ -288,6 +292,7 @@ static PyObject *py_creds_get_named_ccache(py_talloc_Object *self, PyObject *arg ret = cli_credentials_get_named_ccache(creds, event_ctx, lp_ctx, ccache_name, &ccc, &error_string); + talloc_free(lp_ctx); if (ret == 0) { talloc_steal(ccc, event_ctx); return PyCredentialCacheContainer_from_ccache_container(ccc); diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c index 28441cc9ca..f8825b87d9 100644 --- a/source4/auth/gensec/pygensec.c +++ b/source4/auth/gensec/pygensec.c @@ -166,6 +166,23 @@ static PyObject *py_gensec_start_mech_by_name(PyObject *self, PyObject *args) Py_RETURN_NONE; } +static PyObject *py_gensec_start_mech_by_authtype(PyObject *self, PyObject *args) +{ + int authtype, level; + struct gensec_security *security = (struct gensec_security *)py_talloc_get_ptr(self); + NTSTATUS status; + if (!PyArg_ParseTuple(args, "ii", &authtype, &level)) + return NULL; + + status = gensec_start_mech_by_authtype(security, authtype, level); + if (!NT_STATUS_IS_OK(status)) { + PyErr_SetNTSTATUS(status); + return NULL; + } + + Py_RETURN_NONE; +} + static PyMethodDef py_gensec_security_methods[] = { { "start_client", (PyCFunction)py_gensec_start_client, METH_VARARGS|METH_KEYWORDS|METH_CLASS, "S.start_client(settings) -> gensec" }, @@ -175,6 +192,7 @@ static PyMethodDef py_gensec_security_methods[] = { "S.session_info() -> info" }, { "start_mech_by_name", (PyCFunction)py_gensec_start_mech_by_name, METH_VARARGS, "S.start_mech_by_name(name)" }, + { "start_mech_by_authtype", (PyCFunction)py_gensec_start_mech_by_authtype, METH_VARARGS, "S.start_mech_by_authtype(authtype, level)" }, { "get_name_by_authtype", (PyCFunction)py_get_name_by_authtype, METH_VARARGS, "S.get_name_by_authtype(authtype) -> name\nLookup an auth type." }, { NULL } diff --git a/source4/auth/pyauth.c b/source4/auth/pyauth.c index dff696334c..a66411bb4a 100644 --- a/source4/auth/pyauth.c +++ b/source4/auth/pyauth.c @@ -46,12 +46,14 @@ static PyObject *py_system_session(PyObject *module, PyObject *args) if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx)) return NULL; - lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: Leaks memory */ + lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); if (lp_ctx == NULL) return NULL; session = system_session(lp_ctx); + talloc_free(lp_ctx); + return PyAuthSession_FromSession(session); } @@ -66,13 +68,15 @@ static PyObject *py_admin_session(PyObject *module, PyObject *args) if (!PyArg_ParseTuple(args, "OO", &py_lp_ctx, &py_sid)) return NULL; - lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */ + lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); if (lp_ctx == NULL) return NULL; domain_sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid)); session = admin_session(NULL, lp_ctx, domain_sid); + talloc_free(lp_ctx); + return PyAuthSession_FromSession(session); } diff --git a/source4/param/provision.c b/source4/param/provision.c index b0387869b5..593f9ff168 100644 --- a/source4/param/provision.c +++ b/source4/param/provision.c @@ -85,7 +85,7 @@ NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, struct provision_result *result) { const char *configfile; - PyObject *provision_mod, *provision_dict, *provision_fn, *py_result, *parameters; + PyObject *provision_mod, *provision_dict, *provision_fn, *py_result, *parameters, *py_lp_ctx; DEBUG(0,("Provision for Become-DC test using python\n")); @@ -193,7 +193,12 @@ NTSTATUS provision_bare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, result->domaindn = talloc_strdup(mem_ctx, PyString_AsString(PyObject_GetAttrString(py_result, "domaindn"))); /* FIXME paths */ - result->lp_ctx = lpcfg_from_py_object(result, PyObject_GetAttrString(py_result, "lp")); + py_lp_ctx = PyObject_GetAttrString(py_result, "lp"); + if (py_lp_ctx == NULL) { + DEBUG(0, ("Missing 'lp' attribute")); + return NT_STATUS_UNSUCCESSFUL; + } + result->lp_ctx = lpcfg_from_py_object(result, py_lp_ctx); result->samdb = PyLdb_AsLdbContext(PyObject_GetAttrString(py_result, "samdb")); return NT_STATUS_OK; diff --git a/source4/param/pyparam_util.c b/source4/param/pyparam_util.c index 8c98cbcbfe..474dd31504 100644 --- a/source4/param/pyparam_util.c +++ b/source4/param/pyparam_util.c @@ -28,6 +28,9 @@ _PUBLIC_ struct loadparm_context *lpcfg_from_py_object(TALLOC_CTX *mem_ctx, PyObject *py_obj) { struct loadparm_context *lp_ctx; + PyObject *param_mod; + PyTypeObject *lp_type; + bool is_lpobj; if (PyString_Check(py_obj)) { lp_ctx = loadparm_init(mem_ctx); @@ -47,7 +50,26 @@ _PUBLIC_ struct loadparm_context *lpcfg_from_py_object(TALLOC_CTX *mem_ctx, PyOb return lp_ctx; } - return PyLoadparmContext_AsLoadparmContext(py_obj); + param_mod = PyImport_ImportModule("samba.param"); + if (param_mod == NULL) { + return NULL; + } + + lp_type = (PyTypeObject *)PyObject_GetAttrString(param_mod, "LoadParm"); + Py_DECREF(param_mod); + if (lp_type == NULL) { + PyErr_SetString(PyExc_RuntimeError, "Unable to import LoadParm"); + return NULL; + } + + is_lpobj = PyObject_TypeCheck(py_obj, lp_type); + Py_DECREF(lp_type); + if (is_lpobj) { + return talloc_reference(mem_ctx, PyLoadparmContext_AsLoadparmContext(py_obj)); + } + + PyErr_SetNone(PyExc_TypeError); + return NULL; } struct loadparm_context *py_default_loadparm_context(TALLOC_CTX *mem_ctx) diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c index 1f968e16f9..2afd1fa010 100644 --- a/source4/scripting/python/pyglue.c +++ b/source4/scripting/python/pyglue.c @@ -132,9 +132,8 @@ static PyObject *py_interface_ips(PyObject *self, PyObject *args) tmp_ctx = talloc_new(NULL); - lp_ctx = lpcfg_from_py_object(NULL, py_lp_ctx); /* FIXME: leaky */ + lp_ctx = lpcfg_from_py_object(tmp_ctx, py_lp_ctx); if (lp_ctx == NULL) { - PyErr_SetString(PyExc_TypeError, "Expected loadparm object"); talloc_free(tmp_ctx); return NULL; } diff --git a/source4/scripting/python/samba/tests/gensec.py b/source4/scripting/python/samba/tests/gensec.py index 05b9a5946f..3e71610591 100644 --- a/source4/scripting/python/samba/tests/gensec.py +++ b/source4/scripting/python/samba/tests/gensec.py @@ -38,9 +38,8 @@ class CredentialsTests(samba.tests.TestCase): def test_start_mech_by_unknown_name(self): self.assertRaises(RuntimeError, self.gensec.start_mech_by_name, "foo") + def test_start_mech_by_name(self): + self.gensec.start_mech_by_name("spnego") + def test_info_uninitialized(self): self.assertRaises(RuntimeError, self.gensec.session_info) - - def test_info(self): - self.gensec.start_mech_by_name("spnego") - self.assertEquals(None, self.gensec.session_info()) -- cgit