dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0019-free-idmapped-SIDs-correctly.patch

2fc102
From 9fad27b40eff82bcdffa61cafcc54e2d7750faee Mon Sep 17 00:00:00 2001
2fc102
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
2fc102
Date: Fri, 1 Nov 2013 12:27:59 +0100
2fc102
Subject: [PATCH 19/31] free idmapped SIDs correctly
2fc102
2fc102
Resolves:
2fc102
https://fedorahosted.org/sssd/ticket/2133
2fc102
---
2fc102
 src/providers/ad/ad_id.c                      |  3 +--
2fc102
 src/providers/ad/ad_subdomains.c              |  2 ++
2fc102
 src/providers/ldap/ldap_id.c                  |  4 ++--
2fc102
 src/providers/ldap/sdap_async_initgroups_ad.c |  2 ++
2fc102
 src/responder/pac/pacsrv_cmd.c                |  2 ++
2fc102
 src/responder/pac/pacsrv_utils.c              |  4 ++--
2fc102
 src/tests/cmocka/test_sss_idmap.c             |  2 ++
2fc102
 src/tests/sss_idmap-tests.c                   | 14 +++++++-------
2fc102
 8 files changed, 20 insertions(+), 13 deletions(-)
2fc102
2fc102
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
2fc102
index dadb50da92cac87d3162bddb44395dad7d2abbc4..19bc65825be21c6419db1e92db642be0a14b97a8 100644
2fc102
--- a/src/providers/ad/ad_id.c
2fc102
+++ b/src/providers/ad/ad_id.c
2fc102
@@ -307,8 +307,7 @@ static errno_t ad_account_can_shortcut(struct be_ctx *be_ctx,
2fc102
 
2fc102
 done:
2fc102
     if (sid != NULL) {
2fc102
-        /* FIXME: use library function when #2133 is fixed */
2fc102
-        talloc_free(sid);
2fc102
+        sss_idmap_free_sid(idmap_ctx->map, sid);
2fc102
     }
2fc102
 
2fc102
     if (ret == EOK) {
2fc102
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
2fc102
index 28c5eafb395b70e8f3630a43b67c61810683fe7c..dd692fb699ddf14bcf8f9926383e82da77c494e0 100644
2fc102
--- a/src/providers/ad/ad_subdomains.c
2fc102
+++ b/src/providers/ad/ad_subdomains.c
2fc102
@@ -302,7 +302,9 @@ ad_subdom_store(struct ad_subdomains_ctx *ctx,
2fc102
 
2fc102
     ret = EOK;
2fc102
 done:
2fc102
+    sss_idmap_free_sid(ctx->sdap_id_ctx->opts->idmap_ctx->map, sid_str);
2fc102
     talloc_free(tmp_ctx);
2fc102
+
2fc102
     return ret;
2fc102
 }
2fc102
 
2fc102
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
2fc102
index fad1585331b7f0240770d2dc5a2e89788d2ad4da..793bc99ebcec883be7db3fc9dd56fa511d8ba3bb 100644
2fc102
--- a/src/providers/ldap/ldap_id.c
2fc102
+++ b/src/providers/ldap/ldap_id.c
2fc102
@@ -139,7 +139,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
2fc102
 
2fc102
             attr_name = ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
2fc102
             ret = sss_filter_sanitize(state, sid, &clean_name);
2fc102
-            talloc_zfree(sid);
2fc102
+            sss_idmap_free_sid(ctx->opts->idmap_ctx->map, sid);
2fc102
             if (ret != EOK) {
2fc102
                 goto fail;
2fc102
             }
2fc102
@@ -509,7 +509,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
2fc102
 
2fc102
             attr_name = ctx->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name;
2fc102
             ret = sss_filter_sanitize(state, sid, &clean_name);
2fc102
-            talloc_zfree(sid);
2fc102
+            sss_idmap_free_sid(ctx->opts->idmap_ctx->map, sid);
2fc102
             if (ret != EOK) {
2fc102
                 goto fail;
2fc102
             }
2fc102
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
2fc102
index a0841a799bdbb1ad4de856d1715c88588b3b4da9..aa72c8876ba93eefc6230537801c50ab04e591ce 100644
2fc102
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
2fc102
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
2fc102
@@ -594,6 +594,8 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
2fc102
     in_transaction = false;
2fc102
 
2fc102
 done:
2fc102
+    sss_idmap_free_sid(state->opts->idmap_ctx->map, sid_str);
2fc102
+
2fc102
     if (in_transaction) {
2fc102
         sret = sysdb_transaction_cancel(state->sysdb);
2fc102
         DEBUG(SSSDBG_FATAL_FAILURE,
2fc102
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
2fc102
index f6e8abaf580a43417f3ea09929feccf19e5b0f29..144f5f5847e7ead490d59bae0e2fe49722eb9b69 100644
2fc102
--- a/src/responder/pac/pacsrv_cmd.c
2fc102
+++ b/src/responder/pac/pacsrv_cmd.c
2fc102
@@ -161,6 +161,8 @@ static errno_t pac_add_pac_user(struct cli_ctx *cctx)
2fc102
         goto done;
2fc102
     }
2fc102
 
2fc102
+    talloc_steal(pr_ctx, pr_ctx->user_dom_sid_str);
2fc102
+
2fc102
     ret = responder_get_domain_by_id(cctx->rctx, pr_ctx->user_dom_sid_str,
2fc102
                                      &pr_ctx->dom);
2fc102
     if (ret == EAGAIN || ret == ENOENT) {
2fc102
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
2fc102
index 05b53edee2ada79abf8bd04a6032314b68541d8e..30055a1345b7d943e6adf822438263c92e53b51a 100644
2fc102
--- a/src/responder/pac/pacsrv_utils.c
2fc102
+++ b/src/responder/pac/pacsrv_utils.c
2fc102
@@ -264,14 +264,14 @@ errno_t get_sids_from_pac(TALLOC_CTX *mem_ctx,
2fc102
             goto done;
2fc102
         }
2fc102
 
2fc102
-        talloc_zfree(sid_str);
2fc102
+        sss_idmap_free_sid(pac_ctx->idmap_ctx, sid_str);
2fc102
     }
2fc102
 
2fc102
     ret = EOK;
2fc102
 
2fc102
 done:
2fc102
     talloc_free(sid_str);
2fc102
-    talloc_free(user_dom_sid_str);
2fc102
+    sss_idmap_free_sid(pac_ctx->idmap_ctx, user_dom_sid_str);
2fc102
 
2fc102
     if (ret == EOK) {
2fc102
         *_sid_table = sid_table;
2fc102
diff --git a/src/tests/cmocka/test_sss_idmap.c b/src/tests/cmocka/test_sss_idmap.c
2fc102
index 53ed35a97863f8f52b82bec64d6dfb192891b0fe..019b4618ef0e14e87cb86d64989e8f5ca9dfdfd8 100644
2fc102
--- a/src/tests/cmocka/test_sss_idmap.c
2fc102
+++ b/src/tests/cmocka/test_sss_idmap.c
2fc102
@@ -251,6 +251,7 @@ void test_map_id(void **state)
2fc102
     err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, id, &sid;;
2fc102
     assert_int_equal(err, IDMAP_SUCCESS);
2fc102
     assert_string_equal(sid, TEST_DOM_SID"-0");
2fc102
+    sss_idmap_free_sid(test_ctx->idmap_ctx, sid);
2fc102
 
2fc102
     err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx,
2fc102
                                 TEST_DOM_SID"-"TEST_OFFSET_STR, &id;;
2fc102
@@ -260,6 +261,7 @@ void test_map_id(void **state)
2fc102
     err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, id, &sid;;
2fc102
     assert_int_equal(err, IDMAP_SUCCESS);
2fc102
     assert_string_equal(sid, TEST_DOM_SID"-"TEST_OFFSET_STR);
2fc102
+    sss_idmap_free_sid(test_ctx->idmap_ctx, sid);
2fc102
 }
2fc102
 
2fc102
 void test_map_id_external(void **state)
2fc102
diff --git a/src/tests/sss_idmap-tests.c b/src/tests/sss_idmap-tests.c
2fc102
index 65e61351ddcf52deffe9c8abf38497cd9183c448..b2de0e70f794414587080587af1fd4a06d5ae854 100644
2fc102
--- a/src/tests/sss_idmap-tests.c
2fc102
+++ b/src/tests/sss_idmap-tests.c
2fc102
@@ -280,7 +280,7 @@ START_TEST(idmap_test_uid2sid)
2fc102
                 "sss_idmap_unix_to_sid returned wrong SID, "
2fc102
                 "expected [%s], got [%s].", "S-1-5-21-1-2-3-1000", sid);
2fc102
 
2fc102
-    talloc_free(sid);
2fc102
+    sss_idmap_free_sid(idmap_ctx, sid);
2fc102
 }
2fc102
 END_TEST
2fc102
 
2fc102
@@ -304,7 +304,7 @@ START_TEST(idmap_test_uid2dom_sid)
2fc102
                 "sss_idmap_unix_to_dom_sid returned wrong SID, "
2fc102
                 "expected [%s], got [%s].", "S-1-5-21-1-2-3-1000", sid);
2fc102
 
2fc102
-    talloc_free(sid);
2fc102
+    sss_idmap_free_sid(idmap_ctx, sid);
2fc102
     talloc_free(dom_sid);
2fc102
 }
2fc102
 END_TEST
2fc102
@@ -330,7 +330,7 @@ START_TEST(idmap_test_uid2bin_sid)
2fc102
                 "sss_idmap_unix_to_bin_sid returned wrong SID, "
2fc102
                 "expected [%s], got [%s].", "S-1-5-21-1-2-3-1000", sid);
2fc102
 
2fc102
-    talloc_free(sid);
2fc102
+    sss_idmap_free_sid(idmap_ctx, sid);
2fc102
     talloc_free(bin_sid);
2fc102
 }
2fc102
 END_TEST
2fc102
@@ -385,7 +385,7 @@ START_TEST(idmap_test_sid2dom_sid)
2fc102
                 "SID strings do not match.");
2fc102
 
2fc102
     talloc_free(dom_sid);
2fc102
-    talloc_free(new_sid);
2fc102
+    sss_idmap_free_sid(idmap_ctx, new_sid);
2fc102
 }
2fc102
 END_TEST
2fc102
 
2fc102
@@ -418,7 +418,7 @@ START_TEST(idmap_test_large_and_too_large_sid)
2fc102
                 "did not return IDMAP_SID_INVALID");
2fc102
 
2fc102
     talloc_free(dom_sid);
2fc102
-    talloc_free(new_sid);
2fc102
+    sss_idmap_free_sid(idmap_ctx, new_sid);
2fc102
 }
2fc102
 END_TEST
2fc102
 
2fc102
@@ -454,7 +454,7 @@ START_TEST(idmap_test_bin_sid2sid)
2fc102
                                             "expected [%s], get [%s]",
2fc102
                                             test_sid, sid);
2fc102
 
2fc102
-    talloc_free(sid);
2fc102
+    sss_idmap_free_sid(idmap_ctx, sid);
2fc102
 }
2fc102
 END_TEST
2fc102
 
2fc102
@@ -528,7 +528,7 @@ START_TEST(idmap_test_smb_sid2sid)
2fc102
                                             "expected [%s], get [%s]",
2fc102
                                             test_sid, sid);
2fc102
 
2fc102
-    talloc_free(sid);
2fc102
+    sss_idmap_free_sid(idmap_ctx, sid);
2fc102
 }
2fc102
 END_TEST
2fc102
 
2fc102
-- 
2fc102
1.8.4.2
2fc102