mirror of
https://github.com/samba-team/samba.git
synced 2025-09-09 01:44:21 +03:00
s3:libads: Allocate ads->auth.password under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Samuel Cabrero
committed by
Jeremy Allison
Jeremy Allison
parent
c1ab39163b
commit
d64335eaef
@@ -230,13 +230,17 @@ static PyObject* py_ads_connect(ADS *self,
|
||||
return NULL;
|
||||
}
|
||||
SAFE_FREE(self->ads_ptr->auth.user_name);
|
||||
SAFE_FREE(self->ads_ptr->auth.password);
|
||||
TALLOC_FREE(self->ads_ptr->auth.password);
|
||||
TALLOC_FREE(self->ads_ptr->auth.realm);
|
||||
if (self->cli_creds) {
|
||||
self->ads_ptr->auth.user_name =
|
||||
SMB_STRDUP(cli_credentials_get_username(self->cli_creds));
|
||||
self->ads_ptr->auth.password =
|
||||
SMB_STRDUP(cli_credentials_get_password(self->cli_creds));
|
||||
self->ads_ptr->auth.password = talloc_strdup(self->ads_ptr,
|
||||
cli_credentials_get_password(self->cli_creds));
|
||||
if (self->ads_ptr->auth.password == NULL) {
|
||||
PyErr_NoMemory();
|
||||
goto err;
|
||||
}
|
||||
self->ads_ptr->auth.realm = talloc_strdup(self->ads_ptr,
|
||||
cli_credentials_get_realm(self->cli_creds));
|
||||
if (self->ads_ptr->auth.realm == NULL) {
|
||||
@@ -254,22 +258,29 @@ static PyObject* py_ads_connect(ADS *self,
|
||||
goto err;
|
||||
}
|
||||
|
||||
passwd = secrets_fetch_machine_password(self->ads_ptr->server.workgroup,
|
||||
NULL, NULL);
|
||||
ret = asprintf(&(self->ads_ptr->auth.user_name), "%s$",
|
||||
lp_netbios_name());
|
||||
if (ret == -1) {
|
||||
PyErr_NoMemory();
|
||||
goto err;
|
||||
}
|
||||
|
||||
passwd = secrets_fetch_machine_password(
|
||||
self->ads_ptr->server.workgroup, NULL, NULL);
|
||||
if (passwd == NULL) {
|
||||
PyErr_SetString(PyExc_RuntimeError,
|
||||
"Failed to fetch the machine account "
|
||||
"password");
|
||||
goto err;
|
||||
}
|
||||
ret = asprintf(&(self->ads_ptr->auth.user_name), "%s$",
|
||||
lp_netbios_name());
|
||||
if (ret == -1) {
|
||||
SAFE_FREE(passwd);
|
||||
|
||||
self->ads_ptr->auth.password = talloc_strdup(self->ads_ptr,
|
||||
passwd);
|
||||
SAFE_FREE(passwd);
|
||||
if (self->ads_ptr->auth.password == NULL) {
|
||||
PyErr_NoMemory();
|
||||
goto err;
|
||||
}
|
||||
self->ads_ptr->auth.password = passwd; /* take ownership of this data */
|
||||
self->ads_ptr->auth.realm = talloc_asprintf_strupper_m(
|
||||
self->ads_ptr, "%s", self->ads_ptr->server.realm);
|
||||
if (self->ads_ptr->auth.realm == NULL) {
|
||||
|
||||
@@ -446,15 +446,23 @@ WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx,
|
||||
}
|
||||
}
|
||||
|
||||
SAFE_FREE(ads->auth.password);
|
||||
TALLOC_FREE(ads->auth.password);
|
||||
if (r->in.password) {
|
||||
ads->auth.password = SMB_STRDUP(r->in.password);
|
||||
ads->auth.password = talloc_strdup(ads, r->in.password);
|
||||
if (ads->auth.password == NULL) {
|
||||
ret = WERR_NOT_ENOUGH_MEMORY;
|
||||
goto out;
|
||||
}
|
||||
} else {
|
||||
const char *password = NULL;
|
||||
|
||||
libnetapi_get_password(ctx, &password);
|
||||
if (password != NULL) {
|
||||
ads->auth.password = SMB_STRDUP(password);
|
||||
ads->auth.password = talloc_strdup(ads, password);
|
||||
if (ads->auth.password == NULL) {
|
||||
ret = WERR_NOT_ENOUGH_MEMORY;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -130,7 +130,6 @@ static void ads_destroy(ADS_STRUCT **ads)
|
||||
#ifdef HAVE_LDAP
|
||||
ads_disconnect(*ads);
|
||||
#endif
|
||||
SAFE_FREE((*ads)->auth.password);
|
||||
SAFE_FREE((*ads)->auth.user_name);
|
||||
SAFE_FREE((*ads)->auth.kdc_server);
|
||||
SAFE_FREE((*ads)->auth.ccache_name);
|
||||
|
||||
@@ -185,8 +185,12 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name,
|
||||
}
|
||||
|
||||
if (password) {
|
||||
SAFE_FREE(my_ads->auth.password);
|
||||
my_ads->auth.password = SMB_STRDUP(password);
|
||||
TALLOC_FREE(my_ads->auth.password);
|
||||
my_ads->auth.password = talloc_strdup(my_ads, password);
|
||||
if (my_ads->auth.password == NULL) {
|
||||
status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
if (ccname != NULL) {
|
||||
|
||||
@@ -220,12 +220,8 @@ WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer,
|
||||
char *printer_dn;
|
||||
WERROR result;
|
||||
ADS_STATUS ads_status;
|
||||
TALLOC_CTX *tmp_ctx;
|
||||
|
||||
tmp_ctx = talloc_new(mem_ctx);
|
||||
if (tmp_ctx == NULL) {
|
||||
return WERR_NOT_ENOUGH_MEMORY;
|
||||
}
|
||||
TALLOC_CTX *tmp_ctx = talloc_stackframe();
|
||||
char *machine_password = NULL;
|
||||
|
||||
ads = ads_init(tmp_ctx,
|
||||
lp_realm(),
|
||||
@@ -239,9 +235,17 @@ WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer,
|
||||
|
||||
old_krb5ccname = getenv(KRB5_ENV_CCNAME);
|
||||
setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
|
||||
SAFE_FREE(ads->auth.password);
|
||||
ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
|
||||
TALLOC_FREE(ads->auth.password);
|
||||
machine_password = secrets_fetch_machine_password(lp_workgroup(),
|
||||
NULL, NULL);
|
||||
if (machine_password != NULL) {
|
||||
ads->auth.password = talloc_strdup(ads, machine_password);
|
||||
SAFE_FREE(machine_password);
|
||||
if (ads->auth.password == NULL) {
|
||||
result = WERR_NOT_ENOUGH_MEMORY;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
ads_status = ads_connect(ads);
|
||||
if (!ADS_ERR_OK(ads_status)) {
|
||||
@@ -647,6 +651,7 @@ WERROR nt_printer_publish(TALLOC_CTX *mem_ctx,
|
||||
ADS_STRUCT *ads = NULL;
|
||||
WERROR win_rc;
|
||||
char *old_krb5ccname = NULL;
|
||||
char *machine_password = NULL;
|
||||
|
||||
sinfo2 = talloc_zero(tmp_ctx, struct spoolss_SetPrinterInfo2);
|
||||
if (!sinfo2) {
|
||||
@@ -693,9 +698,17 @@ WERROR nt_printer_publish(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
old_krb5ccname = getenv(KRB5_ENV_CCNAME);
|
||||
setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
|
||||
SAFE_FREE(ads->auth.password);
|
||||
ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
|
||||
TALLOC_FREE(ads->auth.password);
|
||||
machine_password = secrets_fetch_machine_password(lp_workgroup(),
|
||||
NULL, NULL);
|
||||
if (machine_password != NULL) {
|
||||
ads->auth.password = talloc_strdup(ads, machine_password);
|
||||
SAFE_FREE(machine_password);
|
||||
if (ads->auth.password == NULL) {
|
||||
win_rc = WERR_NOT_ENOUGH_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
/* ads_connect() will find the DC for us */
|
||||
ads_rc = ads_connect(ads);
|
||||
@@ -741,6 +754,7 @@ WERROR check_published_printers(struct messaging_context *msg_ctx)
|
||||
NTSTATUS status;
|
||||
WERROR result;
|
||||
char *old_krb5ccname = NULL;
|
||||
char *machine_password = NULL;
|
||||
|
||||
ads = ads_init(tmp_ctx,
|
||||
lp_realm(),
|
||||
@@ -754,10 +768,17 @@ WERROR check_published_printers(struct messaging_context *msg_ctx)
|
||||
}
|
||||
old_krb5ccname = getenv(KRB5_ENV_CCNAME);
|
||||
setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
|
||||
SAFE_FREE(ads->auth.password);
|
||||
ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
|
||||
TALLOC_FREE(ads->auth.password);
|
||||
machine_password = secrets_fetch_machine_password(lp_workgroup(),
|
||||
NULL, NULL);
|
||||
|
||||
if (machine_password != NULL) {
|
||||
ads->auth.password = talloc_strdup(ads, machine_password);
|
||||
SAFE_FREE(machine_password);
|
||||
if (ads->auth.password == NULL) {
|
||||
result = WERR_NOT_ENOUGH_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
/* ads_connect() will find the DC for us */
|
||||
ads_rc = ads_connect(ads);
|
||||
if (!ADS_ERR_OK(ads_rc)) {
|
||||
|
||||
@@ -659,8 +659,12 @@ retry:
|
||||
|
||||
if (c->opt_password) {
|
||||
use_in_memory_ccache();
|
||||
SAFE_FREE(ads->auth.password);
|
||||
ads->auth.password = smb_xstrdup(c->opt_password);
|
||||
TALLOC_FREE(ads->auth.password);
|
||||
ads->auth.password = talloc_strdup(ads, c->opt_password);
|
||||
if (ads->auth.password == NULL) {
|
||||
TALLOC_FREE(ads);
|
||||
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
|
||||
}
|
||||
}
|
||||
|
||||
SAFE_FREE(ads->auth.user_name);
|
||||
|
||||
@@ -244,6 +244,7 @@ void net_ads_join_dns_updates(struct net_context *c, TALLOC_CTX *ctx, struct lib
|
||||
ADS_STRUCT *ads_dns = NULL;
|
||||
int ret;
|
||||
NTSTATUS status;
|
||||
char *machine_password = NULL;
|
||||
|
||||
/*
|
||||
* In a clustered environment, don't do dynamic dns updates:
|
||||
@@ -289,11 +290,17 @@ void net_ads_join_dns_updates(struct net_context *c, TALLOC_CTX *ctx, struct lib
|
||||
goto done;
|
||||
}
|
||||
|
||||
ads_dns->auth.password = secrets_fetch_machine_password(
|
||||
machine_password = secrets_fetch_machine_password(
|
||||
r->out.netbios_domain_name, NULL, NULL);
|
||||
if (ads_dns->auth.password == NULL) {
|
||||
d_fprintf(stderr, _("DNS update failed: out of memory\n"));
|
||||
goto done;
|
||||
if (machine_password != NULL) {
|
||||
ads_dns->auth.password = talloc_strdup(ads_dns,
|
||||
machine_password);
|
||||
SAFE_FREE(machine_password);
|
||||
if (ads_dns->auth.password == NULL) {
|
||||
d_fprintf(stderr,
|
||||
_("DNS update failed: out of memory\n"));
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
ads_dns->auth.realm = talloc_asprintf_strupper_m(ads_dns, "%s", r->out.dns_domain_name);
|
||||
|
||||
@@ -125,11 +125,15 @@ static ADS_STATUS ads_cached_connection_connect(const char *target_realm,
|
||||
goto out;
|
||||
}
|
||||
|
||||
SAFE_FREE(ads->auth.password);
|
||||
TALLOC_FREE(ads->auth.password);
|
||||
TALLOC_FREE(ads->auth.realm);
|
||||
|
||||
ads->auth.renewable = renewable;
|
||||
ads->auth.password = password;
|
||||
ads->auth.password = talloc_strdup(ads, password);
|
||||
if (ads->auth.password == NULL) {
|
||||
status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* In FIPS mode, client use kerberos is forced to required. */
|
||||
krb5_state = lp_client_use_kerberos();
|
||||
|
||||
Reference in New Issue
Block a user