dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From 9fad27b40eff82bcdffa61cafcc54e2d7750faee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 1 Nov 2013 12:27:59 +0100
Subject: [PATCH 19/31] free idmapped SIDs correctly

Resolves:
https://fedorahosted.org/sssd/ticket/2133
---
 src/providers/ad/ad_id.c                      |  3 +--
 src/providers/ad/ad_subdomains.c              |  2 ++
 src/providers/ldap/ldap_id.c                  |  4 ++--
 src/providers/ldap/sdap_async_initgroups_ad.c |  2 ++
 src/responder/pac/pacsrv_cmd.c                |  2 ++
 src/responder/pac/pacsrv_utils.c              |  4 ++--
 src/tests/cmocka/test_sss_idmap.c             |  2 ++
 src/tests/sss_idmap-tests.c                   | 14 +++++++-------
 8 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
index dadb50da92cac87d3162bddb44395dad7d2abbc4..19bc65825be21c6419db1e92db642be0a14b97a8 100644
--- a/src/providers/ad/ad_id.c
+++ b/src/providers/ad/ad_id.c
@@ -307,8 +307,7 @@ static errno_t ad_account_can_shortcut(struct be_ctx *be_ctx,
 
 done:
     if (sid != NULL) {
-        /* FIXME: use library function when #2133 is fixed */
-        talloc_free(sid);
+        sss_idmap_free_sid(idmap_ctx->map, sid);
     }
 
     if (ret == EOK) {
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 28c5eafb395b70e8f3630a43b67c61810683fe7c..dd692fb699ddf14bcf8f9926383e82da77c494e0 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -302,7 +302,9 @@ ad_subdom_store(struct ad_subdomains_ctx *ctx,
 
     ret = EOK;
 done:
+    sss_idmap_free_sid(ctx->sdap_id_ctx->opts->idmap_ctx->map, sid_str);
     talloc_free(tmp_ctx);
+
     return ret;
 }
 
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index fad1585331b7f0240770d2dc5a2e89788d2ad4da..793bc99ebcec883be7db3fc9dd56fa511d8ba3bb 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -139,7 +139,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
 
             attr_name = ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
             ret = sss_filter_sanitize(state, sid, &clean_name);
-            talloc_zfree(sid);
+            sss_idmap_free_sid(ctx->opts->idmap_ctx->map, sid);
             if (ret != EOK) {
                 goto fail;
             }
@@ -509,7 +509,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
 
             attr_name = ctx->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name;
             ret = sss_filter_sanitize(state, sid, &clean_name);
-            talloc_zfree(sid);
+            sss_idmap_free_sid(ctx->opts->idmap_ctx->map, sid);
             if (ret != EOK) {
                 goto fail;
             }
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index a0841a799bdbb1ad4de856d1715c88588b3b4da9..aa72c8876ba93eefc6230537801c50ab04e591ce 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -594,6 +594,8 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
     in_transaction = false;
 
 done:
+    sss_idmap_free_sid(state->opts->idmap_ctx->map, sid_str);
+
     if (in_transaction) {
         sret = sysdb_transaction_cancel(state->sysdb);
         DEBUG(SSSDBG_FATAL_FAILURE,
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index f6e8abaf580a43417f3ea09929feccf19e5b0f29..144f5f5847e7ead490d59bae0e2fe49722eb9b69 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -161,6 +161,8 @@ static errno_t pac_add_pac_user(struct cli_ctx *cctx)
         goto done;
     }
 
+    talloc_steal(pr_ctx, pr_ctx->user_dom_sid_str);
+
     ret = responder_get_domain_by_id(cctx->rctx, pr_ctx->user_dom_sid_str,
                                      &pr_ctx->dom);
     if (ret == EAGAIN || ret == ENOENT) {
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
index 05b53edee2ada79abf8bd04a6032314b68541d8e..30055a1345b7d943e6adf822438263c92e53b51a 100644
--- a/src/responder/pac/pacsrv_utils.c
+++ b/src/responder/pac/pacsrv_utils.c
@@ -264,14 +264,14 @@ errno_t get_sids_from_pac(TALLOC_CTX *mem_ctx,
             goto done;
         }
 
-        talloc_zfree(sid_str);
+        sss_idmap_free_sid(pac_ctx->idmap_ctx, sid_str);
     }
 
     ret = EOK;
 
 done:
     talloc_free(sid_str);
-    talloc_free(user_dom_sid_str);
+    sss_idmap_free_sid(pac_ctx->idmap_ctx, user_dom_sid_str);
 
     if (ret == EOK) {
         *_sid_table = sid_table;
diff --git a/src/tests/cmocka/test_sss_idmap.c b/src/tests/cmocka/test_sss_idmap.c
index 53ed35a97863f8f52b82bec64d6dfb192891b0fe..019b4618ef0e14e87cb86d64989e8f5ca9dfdfd8 100644
--- a/src/tests/cmocka/test_sss_idmap.c
+++ b/src/tests/cmocka/test_sss_idmap.c
@@ -251,6 +251,7 @@ void test_map_id(void **state)
     err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, id, &sid);
     assert_int_equal(err, IDMAP_SUCCESS);
     assert_string_equal(sid, TEST_DOM_SID"-0");
+    sss_idmap_free_sid(test_ctx->idmap_ctx, sid);
 
     err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx,
                                 TEST_DOM_SID"-"TEST_OFFSET_STR, &id);
@@ -260,6 +261,7 @@ void test_map_id(void **state)
     err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, id, &sid);
     assert_int_equal(err, IDMAP_SUCCESS);
     assert_string_equal(sid, TEST_DOM_SID"-"TEST_OFFSET_STR);
+    sss_idmap_free_sid(test_ctx->idmap_ctx, sid);
 }
 
 void test_map_id_external(void **state)
diff --git a/src/tests/sss_idmap-tests.c b/src/tests/sss_idmap-tests.c
index 65e61351ddcf52deffe9c8abf38497cd9183c448..b2de0e70f794414587080587af1fd4a06d5ae854 100644
--- a/src/tests/sss_idmap-tests.c
+++ b/src/tests/sss_idmap-tests.c
@@ -280,7 +280,7 @@ START_TEST(idmap_test_uid2sid)
                 "sss_idmap_unix_to_sid returned wrong SID, "
                 "expected [%s], got [%s].", "S-1-5-21-1-2-3-1000", sid);
 
-    talloc_free(sid);
+    sss_idmap_free_sid(idmap_ctx, sid);
 }
 END_TEST
 
@@ -304,7 +304,7 @@ START_TEST(idmap_test_uid2dom_sid)
                 "sss_idmap_unix_to_dom_sid returned wrong SID, "
                 "expected [%s], got [%s].", "S-1-5-21-1-2-3-1000", sid);
 
-    talloc_free(sid);
+    sss_idmap_free_sid(idmap_ctx, sid);
     talloc_free(dom_sid);
 }
 END_TEST
@@ -330,7 +330,7 @@ START_TEST(idmap_test_uid2bin_sid)
                 "sss_idmap_unix_to_bin_sid returned wrong SID, "
                 "expected [%s], got [%s].", "S-1-5-21-1-2-3-1000", sid);
 
-    talloc_free(sid);
+    sss_idmap_free_sid(idmap_ctx, sid);
     talloc_free(bin_sid);
 }
 END_TEST
@@ -385,7 +385,7 @@ START_TEST(idmap_test_sid2dom_sid)
                 "SID strings do not match.");
 
     talloc_free(dom_sid);
-    talloc_free(new_sid);
+    sss_idmap_free_sid(idmap_ctx, new_sid);
 }
 END_TEST
 
@@ -418,7 +418,7 @@ START_TEST(idmap_test_large_and_too_large_sid)
                 "did not return IDMAP_SID_INVALID");
 
     talloc_free(dom_sid);
-    talloc_free(new_sid);
+    sss_idmap_free_sid(idmap_ctx, new_sid);
 }
 END_TEST
 
@@ -454,7 +454,7 @@ START_TEST(idmap_test_bin_sid2sid)
                                             "expected [%s], get [%s]",
                                             test_sid, sid);
 
-    talloc_free(sid);
+    sss_idmap_free_sid(idmap_ctx, sid);
 }
 END_TEST
 
@@ -528,7 +528,7 @@ START_TEST(idmap_test_smb_sid2sid)
                                             "expected [%s], get [%s]",
                                             test_sid, sid);
 
-    talloc_free(sid);
+    sss_idmap_free_sid(idmap_ctx, sid);
 }
 END_TEST
 
-- 
1.8.4.2