From a0e4bdcb5b374a4259164aed8fdbcc7b1761f09b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 29 Aug 2012 09:21:52 +1000
Subject: auth/credentials: Improve memory handling in
 cli_credentials_set_machine_account

By using a tempoary talloc context this is much tidier and more reliable code.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 03:11:10 CEST 2012 on sn-devel-104
---
 auth/credentials/credentials_secrets.c | 52 +++++++++++++++++-----------------
 1 file changed, 26 insertions(+), 26 deletions(-)

(limited to 'auth')

diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
index 37e825bee9..8c8c56701d 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -73,7 +73,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
 	/* some other parts of the system will key off this */
 	cred->machine_account = true;
 
-	mem_ctx = talloc_named(cred, 0, "cli_credentials fetch machine password");
+	mem_ctx = talloc_named(cred, 0, "cli_credentials_set_secrets from ldb");
 
 	if (!ldb) {
 		/* Local secrets are stored in secrets.ldb */
@@ -209,10 +209,21 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
 	char *secrets_tdb_password = NULL;
 	char *keystr;
 	char *keystr_upper = NULL;
-	char *secrets_tdb = lpcfg_private_path(cred, lp_ctx, "secrets.tdb");
-	struct db_context *db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb, 0,
-						      TDB_DEFAULT, O_RDWR, 0600,
-						      DBWRAP_LOCK_ORDER_1);
+	char *secrets_tdb;
+	struct db_context *db_ctx;
+	TALLOC_CTX *tmp_ctx = talloc_named(cred, 0, "cli_credentials_set_secrets from ldb");
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	secrets_tdb = lpcfg_private_path(cred, lp_ctx, "secrets.tdb");
+	if (!secrets_tdb) {
+		TALLOC_FREE(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+		
+	db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb, 0,
+				   TDB_DEFAULT, O_RDWR, 0600,
+				   DBWRAP_LOCK_ORDER_1);
 	/* Bleh, nasty recursion issues: We are setting a machine
 	 * account here, so we don't want the 'pending' flag around
 	 * any more */
@@ -225,25 +236,21 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
 
 	if (db_ctx) {
 		TDB_DATA dbuf;
-		keystr = talloc_asprintf(cred, "%s/%s",
+		keystr = talloc_asprintf(tmp_ctx, "%s/%s",
 					 SECRETS_MACHINE_LAST_CHANGE_TIME,
 					 domain);
-		keystr_upper = strupper_talloc(cred, keystr);
-		TALLOC_FREE(keystr);
-		status = dbwrap_fetch(db_ctx, cred, string_tdb_data(keystr_upper),
+		keystr_upper = strupper_talloc(tmp_ctx, keystr);
+		status = dbwrap_fetch(db_ctx, tmp_ctx, string_tdb_data(keystr_upper),
 				      &dbuf);
-		TALLOC_FREE(keystr_upper);
 		if (NT_STATUS_IS_OK(status) && dbuf.dsize == 4) {
 			secrets_tdb_lct = IVAL(dbuf.dptr,0);
-			TALLOC_FREE(dbuf.dptr);
 		}
 
-		keystr = talloc_asprintf(cred, "%s/%s",
+		keystr = talloc_asprintf(tmp_ctx, "%s/%s",
 					 SECRETS_MACHINE_PASSWORD,
 					 domain);
-		keystr_upper = strupper_talloc(cred, keystr);
-		TALLOC_FREE(keystr);
-		status = dbwrap_fetch(db_ctx, cred, string_tdb_data(keystr_upper),
+		keystr_upper = strupper_talloc(tmp_ctx, keystr);
+		status = dbwrap_fetch(db_ctx, tmp_ctx, string_tdb_data(keystr_upper),
 				      &dbuf);
 		if (NT_STATUS_IS_OK(status)) {
 			secrets_tdb_password = (char *)dbuf.dptr;
@@ -269,15 +276,13 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
 	}
 
 	if (secrets_tdb_password_more_recent) {
-		char *machine_account = talloc_asprintf(cred, "%s$", lpcfg_netbios_name(lp_ctx));
+		char *machine_account = talloc_asprintf(tmp_ctx, "%s$", lpcfg_netbios_name(lp_ctx));
 		cli_credentials_set_password(cred, secrets_tdb_password, CRED_SPECIFIED);
 		cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
 		cli_credentials_set_realm(cred, realm, CRED_SPECIFIED);
 		cli_credentials_set_workstation(cred, lpcfg_netbios_name(lp_ctx), CRED_SPECIFIED);
 		cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
-		TALLOC_FREE(machine_account);
-	} else if (NT_STATUS_EQUAL(NT_STATUS_CANT_ACCESS_DOMAIN_INFO, status)
-		   || NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, status)) {
+	} else if (!NT_STATUS_IS_OK(status)) {
 		if (db_ctx) {
 			error_string = talloc_asprintf(cred,
 						       "Failed to fetch machine account password from "
@@ -289,16 +294,11 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
 						       "secrets.ldb: %s and failed to open %s",
 						       error_string, secrets_tdb);
 		}
-	}
-	
-	TALLOC_FREE(secrets_tdb_password);
-	TALLOC_FREE(secrets_tdb);
-	TALLOC_FREE(db_ctx);
-	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Could not find machine account in secrets database: %s: %s\n", 
 			  error_string, nt_errstr(status)));
-		talloc_free(error_string);
 	}
+	
+	TALLOC_FREE(tmp_ctx);
 	return status;
 }
 
-- 
cgit