Description: pam_smbpass: Wrap calls in talloc_stackframe() [PATCH 1/3] pam_smbpass: Wrap calls in talloc_stackframe() to avoid warnings about leaking memory Author: Andrew Bartlett Origin: https://git.samba.org/?p=samba.git;a=commitdiff;h=8f3a516ac Bug: https://bugzilla.samba.org/show_bug.cgi?id=8449 Bug-Debian: http://bugs.debian.org/728666 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1257186 Last-Update: 2015-06-23 --- a/source3/pam_smbpass/pam_smb_acct.c +++ b/source3/pam_smbpass/pam_smb_acct.c @@ -55,6 +55,7 @@ const char *name; struct samu *sampass = NULL; void (*oldsig_handler)(int); + TALLOC_CTX *frame = talloc_stackframe(); /* Samba initialization. */ load_case_tables_library(); @@ -68,6 +69,7 @@ if (on( SMB_DEBUG, ctrl )) { _log_err(pamh, LOG_DEBUG, "acct: could not identify user" ); } + TALLOC_FREE(frame); return retval; } if (on( SMB_DEBUG, ctrl )) { @@ -76,6 +78,7 @@ if (geteuid() != 0) { _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root."); + TALLOC_FREE(frame); return PAM_AUTHINFO_UNAVAIL; } @@ -85,6 +88,7 @@ if (!initialize_password_db(True, NULL)) { _log_err(pamh, LOG_ALERT, "Cannot access samba password database" ); CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return PAM_AUTHINFO_UNAVAIL; } @@ -93,18 +97,21 @@ if (!(sampass = samu_new( NULL ))) { CatchSignal(SIGPIPE, oldsig_handler); /* malloc fail. */ + TALLOC_FREE(frame); return nt_status_to_pam(NT_STATUS_NO_MEMORY); } if (!pdb_getsampwnam(sampass, name )) { _log_err(pamh, LOG_DEBUG, "acct: could not identify user"); CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return PAM_USER_UNKNOWN; } /* check for lookup failure */ if (!strlen(pdb_get_username(sampass)) ) { CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return PAM_USER_UNKNOWN; } @@ -118,12 +125,14 @@ "please see your system administrator." ); CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return PAM_ACCT_EXPIRED; } /* TODO: support for expired passwords. */ CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return PAM_SUCCESS; } --- a/source3/pam_smbpass/pam_smb_auth.c +++ b/source3/pam_smbpass/pam_smb_auth.c @@ -50,6 +50,7 @@ pam_set_data( pamh, "smb_setcred_return" \ , (void *) ret_data, NULL ); \ } \ + TALLOC_FREE(frame); \ return retval; \ } while (0) @@ -75,6 +76,7 @@ const char *name; void (*oldsig_handler)(int) = NULL; bool found; + TALLOC_CTX *frame = talloc_stackframe(); /* Points to memory managed by the PAM library. Do not free. */ char *p = NULL; @@ -195,6 +197,7 @@ char *msg_str = NULL; const char *pass = NULL; int retval; + TALLOC_CTX *frame = talloc_stackframe(); /* Get the authtok; if we don't have one, silently fail. */ retval = _pam_get_item( pamh, PAM_AUTHTOK, &pass ); @@ -202,8 +205,10 @@ if (retval != PAM_SUCCESS) { _log_err(pamh, LOG_ALERT , "pam_get_item returned error to pam_sm_authenticate" ); + TALLOC_FREE(frame); return PAM_AUTHTOK_RECOVER_ERR; } else if (pass == NULL) { + TALLOC_FREE(frame); return PAM_AUTHTOK_RECOVER_ERR; } @@ -220,6 +225,7 @@ SAFE_FREE(err_str); SAFE_FREE(msg_str); + TALLOC_FREE(frame); return PAM_IGNORE; } else { /* mimick 'update encrypted' as long as the 'no pw req' flag is not set */ @@ -237,6 +243,7 @@ SAFE_FREE(err_str); SAFE_FREE(msg_str); pass = NULL; + TALLOC_FREE(frame); return PAM_IGNORE; } --- a/source3/pam_smbpass/pam_smb_passwd.c +++ b/source3/pam_smbpass/pam_smb_passwd.c @@ -103,6 +103,7 @@ const char *user; char *pass_old; char *pass_new; + TALLOC_CTX *frame = talloc_stackframe(); /* Samba initialization. */ load_case_tables_library(); @@ -119,6 +120,7 @@ if (on( SMB_DEBUG, ctrl )) { _log_err(pamh, LOG_DEBUG, "password: could not identify user"); } + TALLOC_FREE(frame); return retval; } if (on( SMB_DEBUG, ctrl )) { @@ -127,6 +129,7 @@ if (geteuid() != 0) { _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root."); + TALLOC_FREE(frame); return PAM_AUTHINFO_UNAVAIL; } @@ -137,19 +140,22 @@ if (!initialize_password_db(False, NULL)) { _log_err(pamh, LOG_ALERT, "Cannot access samba password database" ); CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return PAM_AUTHINFO_UNAVAIL; } /* obtain user record */ if ( !(sampass = samu_new( NULL )) ) { CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return nt_status_to_pam(NT_STATUS_NO_MEMORY); } if (!pdb_getsampwnam(sampass,user)) { _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", user); CatchSignal(SIGPIPE, oldsig_handler); - return PAM_USER_UNKNOWN; + TALLOC_FREE(frame); + return PAM_USER_UNKNOWN; } if (on( SMB_DEBUG, ctrl )) { _log_err(pamh, LOG_DEBUG, "Located account for %s", user); @@ -167,6 +173,7 @@ TALLOC_FREE(sampass); CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return PAM_SUCCESS; } @@ -179,6 +186,7 @@ _log_err(pamh, LOG_CRIT, "password: out of memory"); TALLOC_FREE(sampass); CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return PAM_BUF_ERR; } @@ -192,6 +200,7 @@ "password - (old) token not obtained"); TALLOC_FREE(sampass); CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return retval; } @@ -207,6 +216,7 @@ pass_old = NULL; TALLOC_FREE(sampass); CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return retval; } else if (flags & PAM_UPDATE_AUTHTOK) { @@ -237,6 +247,7 @@ _log_err(pamh, LOG_NOTICE, "password: user not authenticated"); TALLOC_FREE(sampass); CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return retval; } @@ -265,6 +276,7 @@ pass_old = NULL; /* tidy up */ TALLOC_FREE(sampass); CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return retval; } @@ -285,6 +297,7 @@ pass_new = pass_old = NULL; /* tidy up */ TALLOC_FREE(sampass); CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return retval; } @@ -334,6 +347,7 @@ TALLOC_FREE(sampass); CatchSignal(SIGPIPE, oldsig_handler); + TALLOC_FREE(frame); return retval; } --- a/source3/libsmb/libsmb_context.c +++ b/source3/libsmb/libsmb_context.c @@ -560,6 +560,7 @@ smbc_init_context(SMBCCTX *context) { int pid; + TALLOC_CTX *frame; if (!context) { errno = EBADF; @@ -571,11 +572,14 @@ return NULL; } + frame = talloc_stackframe(); + if ((!smbc_getFunctionAuthData(context) && !smbc_getFunctionAuthDataWithContext(context)) || smbc_getDebug(context) < 0 || smbc_getDebug(context) > 100) { + TALLOC_FREE(frame); errno = EINVAL; return NULL; @@ -594,6 +598,7 @@ } if (!user) { + TALLOC_FREE(frame); errno = ENOMEM; return NULL; } @@ -602,6 +607,7 @@ SAFE_FREE(user); if (!smbc_getUser(context)) { + TALLOC_FREE(frame); errno = ENOMEM; return NULL; } @@ -624,6 +630,7 @@ pid = getpid(); netbios_name = (char *)SMB_MALLOC(17); if (!netbios_name) { + TALLOC_FREE(frame); errno = ENOMEM; return NULL; } @@ -632,6 +639,7 @@ } if (!netbios_name) { + TALLOC_FREE(frame); errno = ENOMEM; return NULL; } @@ -640,6 +648,7 @@ SAFE_FREE(netbios_name); if (!smbc_getNetbiosName(context)) { + TALLOC_FREE(frame); errno = ENOMEM; return NULL; } @@ -659,6 +668,7 @@ } if (!workgroup) { + TALLOC_FREE(frame); errno = ENOMEM; return NULL; } @@ -667,6 +677,7 @@ SAFE_FREE(workgroup); if (!smbc_getWorkgroup(context)) { + TALLOC_FREE(frame); errno = ENOMEM; return NULL; } @@ -692,6 +703,7 @@ smb_panic("error unlocking 'initialized_ctx_count'"); } + TALLOC_FREE(frame); return context; } @@ -727,12 +739,15 @@ smbc_bool use_kerberos = false; const char *signing_state = "off"; struct user_auth_info *auth_info = NULL; + TALLOC_CTX *frame; if (! context) { return; } + frame = talloc_stackframe(); + if (! workgroup || ! *workgroup) { workgroup = smbc_getWorkgroup(context); } @@ -749,6 +764,7 @@ if (! auth_info) { DEBUG(0, ("smbc_set_credentials_with_fallback: allocation fail\n")); + TALLOC_FREE(frame); return; } @@ -777,4 +793,5 @@ TALLOC_FREE(context->internal->auth_info); context->internal->auth_info = auth_info; + TALLOC_FREE(frame); } --- a/source3/libsmb/libsmb_setget.c +++ b/source3/libsmb/libsmb_setget.c @@ -91,9 +91,11 @@ smbc_setDebug(SMBCCTX *c, int debug) { char buf[32]; + TALLOC_CTX *frame = talloc_stackframe(); snprintf(buf, sizeof(buf), "%d", debug); c->debug = debug; lp_set_cmdline("log level", buf); + TALLOC_FREE(frame); } /** @@ -139,10 +141,16 @@ smbc_bool smbc_getOptionDebugToStderr(SMBCCTX *c) { + smbc_bool ret; + TALLOC_CTX *frame = talloc_stackframe(); + /* Because this is a global concept, it is better to check * what is really set, rather than what we wanted set * (particularly as you cannot go back to stdout). */ return debug_get_output_is_stderr(); + ret = debug_get_output_is_stderr(); + TALLOC_FREE(frame); + return ret; } /** Set whether to log to standard error instead of standard output. @@ -154,6 +162,7 @@ void smbc_setOptionDebugToStderr(SMBCCTX *c, smbc_bool b) { + TALLOC_CTX *frame = talloc_stackframe(); if (b) { /* * We do not have a unique per-thread debug state? For @@ -164,6 +173,7 @@ */ setup_logging("libsmbclient", DEBUG_STDERR); } + TALLOC_FREE(frame); } /** @@ -498,7 +508,11 @@ smbc_get_auth_data_fn smbc_getFunctionAuthData(SMBCCTX *c) { - return c->callbacks.auth_fn; + smbc_get_auth_data_fn ret; + TALLOC_CTX *frame = talloc_stackframe(); + ret = c->callbacks.auth_fn; + TALLOC_FREE(frame); + return ret; } /** Set the function for obtaining authentication data */