1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s3-net_rpc: Make the struct user_token array the parent talloc context

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2023-09-27 09:35:19 +13:00
parent a8210ab1ae
commit 934b033550

View File

@ -4806,6 +4806,11 @@ static NTSTATUS rpc_aliaslist_internals(struct net_context *c,
return status;
}
struct user_token {
fstring name;
struct security_token *token;
};
static void add_sid_to_token(struct security_token *token, const struct dom_sid *sid)
{
NTSTATUS status = add_sid_to_array_unique(token, sid,
@ -4817,14 +4822,16 @@ static void add_sid_to_token(struct security_token *token, const struct dom_sid
SMB_ASSERT(NT_STATUS_IS_OK(status));
}
static void init_user_token(struct security_token **token, struct dom_sid *user_sid)
static void init_user_token(struct user_token *token_list,
struct security_token **token,
struct dom_sid *user_sid)
{
/*
* This token is not from the auth stack, only has user SIDs
* and must fail if conditional ACEs are found in the security
* descriptor
*/
*token = security_token_initialise(NULL, CLAIMS_EVALUATION_INVALID_STATE);
*token = security_token_initialise(token_list, CLAIMS_EVALUATION_INVALID_STATE);
SMB_ASSERT(*token);
add_sid_to_token(*token,
@ -4840,11 +4847,6 @@ static void init_user_token(struct security_token **token, struct dom_sid *user_
&global_sid_Authenticated_Users);
}
struct user_token {
fstring name;
struct security_token *token;
};
static void dump_user_token(struct user_token *token)
{
uint32_t i;
@ -4898,7 +4900,9 @@ static void collect_alias_memberships(struct security_token *token)
}
}
static bool get_user_sids(const char *domain, const char *user, struct security_token **token)
static bool get_user_sids(const char *domain, const char *user,
struct user_token *token_list,
struct security_token **token)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
enum wbcSidType type;
@ -4935,7 +4939,7 @@ static bool get_user_sids(const char *domain, const char *user, struct security_
return false;
}
init_user_token(token, &user_sid);
init_user_token(token_list, token, &user_sid);
/* And now the groups winbind knows about */
@ -5005,10 +5009,10 @@ static bool get_user_tokens(struct net_context *c, int *num_tokens,
return false;
}
result = SMB_MALLOC_ARRAY(struct user_token, num_users);
result = talloc_zero_array(NULL, struct user_token, num_users);
if (result == NULL) {
DEBUG(1, ("Could not malloc sid array\n"));
DBG_ERR("Could not talloc token array\n");
wbcFreeMemory(users);
return false;
}
@ -5038,7 +5042,7 @@ static bool get_user_tokens(struct net_context *c, int *num_tokens,
fstrcpy(user, p);
}
get_user_sids(domain, user, &(result[i].token));
get_user_sids(domain, user, result, &(result[i].token));
}
TALLOC_FREE(frame);
wbcFreeMemory(users);
@ -5088,9 +5092,12 @@ static bool get_user_tokens_from_file(FILE *f,
/* And a new user... */
*num_tokens += 1;
*tokens = SMB_REALLOC_ARRAY(*tokens, struct user_token, *num_tokens);
*tokens = talloc_realloc(NULL,
*tokens,
struct user_token,
*num_tokens);
if (*tokens == NULL) {
DEBUG(0, ("Could not realloc tokens\n"));
DBG_ERR("Could not talloc_realloc tokens\n");
return false;
}
@ -5100,7 +5107,7 @@ static bool get_user_tokens_from_file(FILE *f,
return false;
}
token->token
= security_token_initialise(NULL,
= security_token_initialise(*tokens,
CLAIMS_EVALUATION_INVALID_STATE);
if (token->token == NULL) {
DBG_ERR("security_token_initialise() failed: "
@ -5338,10 +5345,7 @@ static NTSTATUS rpc_share_allowedusers_internals(struct net_context *c,
num_tokens, tokens);
}
done:
for (i=0; i<num_tokens; i++) {
TALLOC_FREE(tokens[i].token);
}
SAFE_FREE(tokens);
TALLOC_FREE(tokens);
TALLOC_FREE(server_aliases);
return nt_status;
@ -5396,10 +5400,9 @@ int net_usersidlist(struct net_context *c, int argc, const char **argv)
for (i=0; i<num_tokens; i++) {
dump_user_token(&tokens[i]);
TALLOC_FREE(tokens[i].token);
}
SAFE_FREE(tokens);
TALLOC_FREE(tokens);
return 0;
}