r1222: Valgrind memory leak fixes. Still tracking down a strange one...

Can't fix the krb5 memory leaks inside that library :-(. Jeremy. (This used to be commit ad440213aaae58fb5bff6e8a6fcf811c5ba83669)
author: Jeremy Allison <jra@samba.org> 2004-06-23 00:20:31 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 10:52:00 -0500
commit: 7825677b862bb62b8350b6fee458fbbecc53893f (patch)
tree: 03f2792076cabcd54cfe552db3097a55f56810f1 /source3/libads
parent: 20551552913e6794556ed86b2e912b773a74bd45 (diff)
download: samba-7825677b862bb62b8350b6fee458fbbecc53893f.tar.gz
3 files changed, 57 insertions, 16 deletions
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 410aad649c4..cb0841f2e22 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -488,9 +488,13 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 						break;
 					}
 					if (!strcmp(oldEntries[i], ktprinc)) {
+						krb5_free_unparsed_name(context, ktprinc);
 						break;
 					}
 				}
+				if (i == found) {
+					krb5_free_unparsed_name(context, ktprinc);
+				}
 			}
 			krb5_free_keytab_entry_contents(context, &kt_entry);
 			ZERO_STRUCT(kt_entry);
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 5c859f0e995..111834e8866 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -56,7 +56,7 @@ static DATA_BLOB encode_krb5_setpw(const char *principal, const char *password)
 
 	princ = strdup(principal);
 
-	if ((c = strchr(princ, '/')) == NULL) {
+	if ((c = strchr_m(princ, '/')) == NULL) {
 	    c = princ; 
 	} else {
 	    *c = '\0';
@@ -66,7 +66,7 @@ static DATA_BLOB encode_krb5_setpw(const char *principal, const char *password)
 
 	princ_part2 = c;
 
-	if ((c = strchr(c, '@')) != NULL) {
+	if ((c = strchr_m(c, '@')) != NULL) {
 	    *c = '\0';
 	    c++;
 	    realm = c;
@@ -462,14 +462,16 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 {
 
 	ADS_STATUS aret;
-	krb5_error_code ret;
+	krb5_error_code ret = 0;
 	krb5_context context = NULL;
-	krb5_principal principal;
-	char *princ_name;
-	char *realm;
-	krb5_creds creds, *credsp;
+	krb5_principal principal = NULL;
+	char *princ_name = NULL;
+	char *realm = NULL;
+	krb5_creds creds, *credsp = NULL;
 	krb5_ccache ccache = NULL;
 
+	ZERO_STRUCT(creds);
+	
 	ret = krb5_init_context(&context);
 	if (ret) {
 		DEBUG(1,("Failed to init krb5 context (%s)\n", error_message(ret)));
@@ -487,14 +489,19 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 		return ADS_ERROR_KRB5(ret);
 	}
 
-	ZERO_STRUCT(creds);
-	
-	realm = strchr(princ, '@');
+	realm = strchr_m(princ, '@');
+	if (!realm) {
+		krb5_cc_close(context, ccache);
+	        krb5_free_context(context);
+		DEBUG(1,("Failed to get realm\n"));
+		return ADS_ERROR_KRB5(-1);
+	}
 	realm++;
 
 	asprintf(&princ_name, "kadmin/changepw@%s", realm);
 	ret = krb5_parse_name(context, princ_name, &creds.server);
 	if (ret) {
+		krb5_cc_close(context, ccache);
                 krb5_free_context(context);
 		DEBUG(1,("Failed to parse kadmin/changepw (%s)\n", error_message(ret)));
 		return ADS_ERROR_KRB5(ret);
@@ -504,6 +511,8 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 	/* parse the principal we got as a function argument */
 	ret = krb5_parse_name(context, princ, &principal);
 	if (ret) {
+		krb5_cc_close(context, ccache);
+	        krb5_free_principal(context, creds.server);
                 krb5_free_context(context);
 		DEBUG(1,("Failed to parse %s (%s)\n", princ_name, error_message(ret)));
 		return ADS_ERROR_KRB5(ret);
@@ -514,6 +523,8 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 	
 	ret = krb5_cc_get_principal(context, ccache, &creds.client);
 	if (ret) {
+		krb5_cc_close(context, ccache);
+	        krb5_free_principal(context, creds.server);
 	        krb5_free_principal(context, principal);
                 krb5_free_context(context);
 		DEBUG(1,("Failed to get principal from ccache (%s)\n", 
@@ -523,7 +534,9 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 	
 	ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp); 
 	if (ret) {
+		krb5_cc_close(context, ccache);
 	        krb5_free_principal(context, creds.client);
+	        krb5_free_principal(context, creds.server);
 	        krb5_free_principal(context, principal);
 	        krb5_free_context(context);
 		DEBUG(1,("krb5_get_credentials failed (%s)\n", error_message(ret)));
@@ -538,7 +551,9 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 
 	krb5_free_creds(context, credsp);
 	krb5_free_principal(context, creds.client);
+        krb5_free_principal(context, creds.server);
 	krb5_free_principal(context, principal);
+	krb5_cc_close(context, ccache);
 	krb5_free_context(context);
 
 	return aret;
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 3a9c41f09d6..985d3cb576d 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1003,7 +1003,7 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
 
 uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name)
 {
-	LDAPMessage *res;
+	LDAPMessage *res = NULL;
 	uint32 kvno = (uint32)-1;      /* -1 indicates a failure */
 	char *filter;
 	const char *attrs[] = {"msDS-KeyVersionNumber", NULL};
@@ -1018,12 +1018,14 @@ uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name)
 	SAFE_FREE(filter);
 	if (!ADS_ERR_OK(ret) && ads_count_replies(ads, res)) {
 		DEBUG(1,("ads_get_kvno: Computer Account For %s not found.\n", machine_name));
+		ads_msgfree(ads, res);
 		return kvno;
 	}
 
 	dn_string = ads_get_dn(ads, res);
 	if (!dn_string) {
 		DEBUG(0,("ads_get_kvno: out of memory.\n"));
+		ads_msgfree(ads, res);
 		return kvno;
 	}
 	DEBUG(5,("ads_get_kvno: Using: %s\n", dn_string));
@@ -1040,11 +1042,13 @@ uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name)
 	if (!ads_pull_uint32(ads, res, "msDS-KeyVersionNumber", &kvno)) {
 		DEBUG(3,("ads_get_kvno: Error Determining KVNO!\n"));
 		DEBUG(3,("ads_get_kvno: Windows 2000 does not support KVNO's, so this may be normal.\n"));
+		ads_msgfree(ads, res);
 		return kvno;
 	}
 
 	/* Success */
 	DEBUG(5,("ads_get_kvno: Looked Up KVNO of: %d\n", kvno));
+	ads_msgfree(ads, res);
 	return kvno;
 }
 
@@ -1058,7 +1062,7 @@ uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name)
 ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name)
 {
 	TALLOC_CTX *ctx;
-	LDAPMessage *res;
+	LDAPMessage *res = NULL;
 	ADS_MODLIST mods;
 	const char *servicePrincipalName[1] = {NULL};
 	ADS_STATUS ret = ADS_ERROR(LDAP_SUCCESS);
@@ -1068,28 +1072,33 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machin
 	if (!ADS_ERR_OK(ret) || ads_count_replies(ads, res) != 1) {
 		DEBUG(5,("ads_clear_service_principal_names: WARNING: Host Account for %s not found... skipping operation.\n", machine_name));
 		DEBUG(5,("ads_clear_service_principal_names: WARNING: Service Principals for %s have NOT been cleared.\n", machine_name));
+		ads_msgfree(ads, res);
 		return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
 	}
 
 	DEBUG(5,("ads_clear_service_principal_names: Host account for %s found\n", machine_name));
 	ctx = talloc_init("ads_clear_service_principal_names");
 	if (!ctx) {
+		ads_msgfree(ads, res);
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
 
 	if (!(mods = ads_init_mods(ctx))) {
 		talloc_destroy(ctx);
+		ads_msgfree(ads, res);
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
 	ret = ads_mod_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName);
 	if (!ADS_ERR_OK(ret)) {
 		DEBUG(1,("ads_clear_service_principal_names: Error creating strlist.\n"));
+		ads_msgfree(ads, res);
 		talloc_destroy(ctx);
 		return ret;
 	}
 	dn_string = ads_get_dn(ads, res);
 	if (!dn_string) {
 		talloc_destroy(ctx);
+		ads_msgfree(ads, res);
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
 	ret = ads_gen_mod(ads, dn_string, mods);
@@ -1097,10 +1106,12 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machin
 	if (!ADS_ERR_OK(ret)) {
 		DEBUG(1,("ads_clear_service_principal_names: Error: Updating Service Principals for machine %s in LDAP\n",
 			machine_name));
+		ads_msgfree(ads, res);
 		talloc_destroy(ctx);
 		return ret;
 	}
 
+	ads_msgfree(ads, res);
 	talloc_destroy(ctx);
 	return ret;
 }
@@ -1118,7 +1129,7 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n
 {
 	ADS_STATUS ret;
 	TALLOC_CTX *ctx;
-	LDAPMessage *res;
+	LDAPMessage *res = NULL;
 	char *host_spn, *host_upn, *psp1, *psp2;
 	ADS_MODLIST mods;
 	fstring my_fqdn;
@@ -1131,21 +1142,25 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n
 			machine_name));
 		DEBUG(1,("ads_add_service_principal_name: WARNING: Service Principal '%s/%s@%s' has NOT been added.\n",
 			spn, machine_name, ads->config.realm));
+		ads_msgfree(ads, res);
 		return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
 	}
 
 	DEBUG(1,("ads_add_service_principal_name: Host account for %s found\n", machine_name));
 	if (!(ctx = talloc_init("ads_add_service_principal_name"))) {
+		ads_msgfree(ads, res);
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
 
 	name_to_fqdn(my_fqdn, machine_name);
 	if (!(host_spn = talloc_asprintf(ctx, "HOST/%s", my_fqdn))) {
 		talloc_destroy(ctx);
+		ads_msgfree(ads, res);
 		return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
 	}
 	if (!(host_upn = talloc_asprintf(ctx, "%s@%s", host_spn, ads->config.realm))) {
 		talloc_destroy(ctx);
+		ads_msgfree(ads, res);
 		return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
 	}
 
@@ -1163,28 +1178,33 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n
 
 	if (!(mods = ads_init_mods(ctx))) {
 		talloc_destroy(ctx);
+		ads_msgfree(ads, res);
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
 	ret = ads_add_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName);
 	if (!ADS_ERR_OK(ret)) {
 		DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n"));
 		talloc_destroy(ctx);
+		ads_msgfree(ads, res);
 		return ret;
 	}
 	dn_string = ads_get_dn(ads, res);
 	if (!dn_string) {
 		talloc_destroy(ctx);
+		ads_msgfree(ads, res);
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
-	ret = ads_gen_mod(ads, ads_get_dn(ads, res), mods);
+	ret = ads_gen_mod(ads, dn_string, mods);
 	ads_memfree(ads,dn_string);
 	if (!ADS_ERR_OK(ret)) {
 		DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n"));
 		talloc_destroy(ctx);
+		ads_msgfree(ads, res);
 		return ret;
 	}
 
 	talloc_destroy(ctx);
+	ads_msgfree(ads, res);
 	return ret;
 }
 
@@ -1212,7 +1232,7 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *machine_name
 	unsigned acct_control;
 	unsigned exists=0;
 	fstring my_fqdn;
-	LDAPMessage *res;
+	LDAPMessage *res = NULL;
 
 	if (!(ctx = talloc_init("ads_add_machine_acct")))
 		return ADS_ERROR(LDAP_NO_MEMORY);
@@ -1318,6 +1338,7 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *machine_name
 		}
 	}
 done:
+	ads_msgfree(ads, res);
 	talloc_destroy(ctx);
 	return ret;
 }
@@ -1542,7 +1563,7 @@ ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name,
 			  uint32 account_type, const char *org_unit)
 {
 	ADS_STATUS status;
-	LDAPMessage *res;
+	LDAPMessage *res = NULL;
 	char *machine;
 
 	/* machine name must be lowercase */
@@ -1577,6 +1598,7 @@ ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name,
 	}
 
 	SAFE_FREE(machine);
+	ads_msgfree(ads, res);
 
 	return status;
 }
author	Jeremy Allison <jra@samba.org>	2004-06-23 00:20:31 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 10:52:00 -0500
commit	7825677b862bb62b8350b6fee458fbbecc53893f (patch)
tree	03f2792076cabcd54cfe552db3097a55f56810f1 /source3/libads
parent	20551552913e6794556ed86b2e912b773a74bd45 (diff)
download	samba-7825677b862bb62b8350b6fee458fbbecc53893f.tar.gz