diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index 80a3c066158..3e2cf16b9e4 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -787,6 +787,7 @@ static NTSTATUS authsam_authenticate(struct auth4_context *auth_context, nt_status = authsam_logon_success_accounting(auth_context->sam_ctx, msg, domain_dn, interactive, + tmp_ctx, &send_to_sam); if (send_to_sam != NULL) { diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c index 6381f866667..719d877a170 100644 --- a/source4/auth/ntlm/auth_winbind.c +++ b/source4/auth/ntlm/auth_winbind.c @@ -256,7 +256,7 @@ static void winbind_check_password_done(struct tevent_req *subreq) ctx->auth_ctx->sam_ctx, msg, domain_dn, user_info->flags & USER_INFO_INTERACTIVE_LOGON, - NULL); + NULL, NULL); if (tevent_req_nterror(req, status)) { return; } diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 219ee10d5bd..f2e5ced6caf 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -1396,6 +1396,7 @@ NTSTATUS authsam_logon_success_accounting(struct ldb_context *sam_ctx, const struct ldb_message *msg, struct ldb_dn *domain_dn, bool interactive_or_kerberos, + TALLOC_CTX *send_to_sam_mem_ctx, struct netr_SendToSamBase **send_to_sam) { int ret; @@ -1612,7 +1613,13 @@ get_transaction: if (dbBadPwdCount != 0 && send_to_sam != NULL) { struct netr_SendToSamBase *base_msg; struct GUID guid = samdb_result_guid(msg, "objectGUID"); - base_msg = talloc_zero(msg, struct netr_SendToSamBase); + + base_msg = talloc_zero(send_to_sam_mem_ctx, + struct netr_SendToSamBase); + if (base_msg == NULL) { + status = NT_STATUS_NO_MEMORY; + goto error; + } base_msg->message_type = SendToSamResetBadPasswordCount; base_msg->message_size = 16; diff --git a/source4/auth/tests/sam.c b/source4/auth/tests/sam.c index b39408c3699..e1e2c69b863 100644 --- a/source4/auth/tests/sam.c +++ b/source4/auth/tests/sam.c @@ -1446,7 +1446,7 @@ static void test_success_accounting_start_txn_failed(void **state) { ldb_transaction_start_ret = LDB_ERR_OPERATIONS_ERROR; status = authsam_logon_success_accounting( - ldb, msg, domain_dn, true, NULL); + ldb, msg, domain_dn, true, NULL, NULL); assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR)); /* @@ -1502,7 +1502,7 @@ static void test_success_accounting_reread_failed(void **state) { will_return(__wrap_dsdb_search_dn, LDB_ERR_NO_SUCH_OBJECT); status = authsam_logon_success_accounting( - ldb, msg, domain_dn, true, NULL); + ldb, msg, domain_dn, true, NULL, NULL); assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR)); assert_true(transaction_cancelled); @@ -1561,7 +1561,7 @@ static void test_success_accounting_ldb_msg_new_failed(void **state) { ldb_msg_new_fail = true; status = authsam_logon_success_accounting( - ldb, msg, domain_dn, true, NULL); + ldb, msg, domain_dn, true, NULL, NULL); assert_true(NT_STATUS_EQUAL(status, NT_STATUS_NO_MEMORY)); assert_true(transaction_cancelled); @@ -1612,7 +1612,7 @@ static void test_success_accounting_samdb_rodc_failed(void **state) { samdb_rodc_ret = LDB_ERR_OPERATIONS_ERROR; status = authsam_logon_success_accounting( - ldb, msg, domain_dn, true, NULL); + ldb, msg, domain_dn, true, NULL, NULL); assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR)); assert_false(in_transaction); assert_false(transaction_cancelled); @@ -1675,7 +1675,7 @@ static void test_success_accounting_update_lastlogon_failed(void **state) { will_return(__wrap_samdb_msg_add_int64, LDB_ERR_OPERATIONS_ERROR); status = authsam_logon_success_accounting( - ldb, msg, domain_dn, true, NULL); + ldb, msg, domain_dn, true, NULL, NULL); assert_true(NT_STATUS_EQUAL(status, NT_STATUS_NO_MEMORY)); assert_true(transaction_cancelled); @@ -1737,7 +1737,7 @@ static void test_success_accounting_build_mod_req_failed(void **state) { will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS); status = authsam_logon_success_accounting( - ldb, msg, domain_dn, true, NULL); + ldb, msg, domain_dn, true, NULL, NULL); assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR)); assert_true(transaction_cancelled); @@ -1800,7 +1800,7 @@ static void test_success_accounting_add_control_failed(void **state) { will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS); status = authsam_logon_success_accounting( - ldb, msg, domain_dn, true, NULL); + ldb, msg, domain_dn, true, NULL, NULL); assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR)); assert_true(transaction_cancelled); @@ -1863,7 +1863,7 @@ static void test_success_accounting_ldb_request_failed(void **state) { will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS); status = authsam_logon_success_accounting( - ldb, msg, domain_dn, true, NULL); + ldb, msg, domain_dn, true, NULL, NULL); assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR)); assert_true(transaction_cancelled); @@ -1926,7 +1926,7 @@ static void test_success_accounting_ldb_wait_failed(void **state) { will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS); status = authsam_logon_success_accounting( - ldb, msg, domain_dn, true, NULL); + ldb, msg, domain_dn, true, NULL, NULL); assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR)); assert_true(transaction_cancelled); @@ -1989,7 +1989,7 @@ static void test_success_accounting_commit_failed(void **state) { will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS); status = authsam_logon_success_accounting( - ldb, msg, domain_dn, true, NULL); + ldb, msg, domain_dn, true, NULL, NULL); assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR)); assert_true(in_transaction); assert_false(transaction_cancelled); @@ -2055,7 +2055,7 @@ static void test_success_accounting_rollback_failed(void **state) { will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS); status = authsam_logon_success_accounting( - ldb, msg, domain_dn, true, NULL); + ldb, msg, domain_dn, true, NULL, NULL); assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR)); assert_true(in_transaction); assert_false(transaction_cancelled); @@ -2124,7 +2124,7 @@ static void test_success_accounting_spurious_bad_pwd_indicator(void **state) { ldb_build_mod_req_res = talloc_zero(ctx, struct ldb_request); status = authsam_logon_success_accounting( - ldb, msg, domain_dn, true, NULL); + ldb, msg, domain_dn, true, NULL, NULL); assert_true(NT_STATUS_EQUAL(status, NT_STATUS_OK)); assert_false(in_transaction); assert_false(transaction_cancelled); diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 699ef9a577c..527fa6b627b 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -653,7 +653,7 @@ static krb5_error_code hdb_samba4_audit(krb5_context context, * in the PAC here or re-calculate it. */ status = authsam_logon_success_accounting(kdc_db_ctx->samdb, p->msg, - domain_dn, true, &send_to_sam); + domain_dn, true, frame, &send_to_sam); if (NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_LOCKED_OUT)) { final_ret = KRB5KDC_ERR_CLIENT_REVOKED; r->error_code = final_ret; diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c index cd4a107154b..54d308d35e8 100644 --- a/source4/kdc/mit_samba.c +++ b/source4/kdc/mit_samba.c @@ -1035,7 +1035,7 @@ out: void mit_samba_zero_bad_password_count(krb5_db_entry *db_entry) { - struct netr_SendToSamBase *send_to_sam = NULL; + /* struct netr_SendToSamBase *send_to_sam = NULL; */ struct samba_kdc_entry *p = talloc_get_type_abort(db_entry->e_data, struct samba_kdc_entry); struct ldb_dn *domain_dn; @@ -1046,7 +1046,7 @@ void mit_samba_zero_bad_password_count(krb5_db_entry *db_entry) p->msg, domain_dn, true, - &send_to_sam); + NULL, NULL); /* TODO: RODC support */ }