From f8c34c4df14cfb8509fe397d7d016f2468cfc026 Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
Date: Sun, 13 Dec 2009 16:13:34 +0100
Subject: s4:"samdb_set_password_sid" - clean up created objects correctly

- We should clean up such "helper" objects created in this function to don't
  have them around until "mem_ctx" is destroyed
- Remove a from my view pointless comment "This is a password set, not change"
  since an external argument "user_change" decides this ("modify" or "(re)set")
---
 source4/dsdb/common/util.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'source4')

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index bfb2f0caa5..3aa415ef23 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1934,12 +1934,15 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
 	msg = ldb_msg_new(mem_ctx);
 	if (msg == NULL) {
 		ldb_transaction_cancel(ldb);
+		talloc_free(user_dn);
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	msg->dn = ldb_dn_copy(msg, user_dn);
 	if (!msg->dn) {
 		ldb_transaction_cancel(ldb);
+		talloc_free(user_dn);
+		talloc_free(msg);
 		return NT_STATUS_NO_MEMORY;
 	}
 
@@ -1947,10 +1950,12 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
 				       user_dn, NULL,
 				       msg, new_password,
 				       lmNewHash, ntNewHash,
-				       user_change, /* This is a password set, not change */
+				       user_change,
 				       reject_reason, _dominfo);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		ldb_transaction_cancel(ldb);
+		talloc_free(user_dn);
+		talloc_free(msg);
 		return nt_status;
 	}
 
@@ -1958,16 +1963,23 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
 	ret = samdb_replace(ldb, mem_ctx, msg);
 	if (ret != LDB_SUCCESS) {
 		ldb_transaction_cancel(ldb);
+		talloc_free(user_dn);
+		talloc_free(msg);
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
+	talloc_free(msg);
+
 	ret = ldb_transaction_commit(ldb);
 	if (ret != LDB_SUCCESS) {
 		DEBUG(0,("Failed to commit transaction to change password on %s: %s\n",
-			 ldb_dn_get_linearized(msg->dn),
+			 ldb_dn_get_linearized(user_dn),
 			 ldb_errstring(ldb)));
+		talloc_free(user_dn);
 		return NT_STATUS_TRANSACTION_ABORTED;
 	}
+
+	talloc_free(user_dn);
 	return NT_STATUS_OK;
 }
 
-- 
cgit