From 4537e95f6741ae05ec620e5b46ca1d4a3a1ceae5 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Nov 07 2013 09:59:38 +0000 Subject: free idmapped SIDs correctly Resolves: https://fedorahosted.org/sssd/ticket/2133 --- diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index 87b69c6..736f9bb 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -291,8 +291,7 @@ static errno_t ad_account_can_shortcut(struct be_ctx *be_ctx, done: if (sid != NULL) { - /* FIXME: use library function when #2133 is fixed */ - talloc_free(sid); + sss_idmap_free_sid(idmap_ctx->map, sid); } if (ret == EOK) { diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 9911dfe..45e7cc6 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -172,7 +172,9 @@ ad_subdom_store(struct ad_subdomains_ctx *ctx, ret = EOK; done: + sss_idmap_free_sid(ctx->sdap_id_ctx->opts->idmap_ctx->map, sid_str); talloc_free(tmp_ctx); + return ret; } diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index fad1585..793bc99 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -139,7 +139,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, attr_name = ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name; ret = sss_filter_sanitize(state, sid, &clean_name); - talloc_zfree(sid); + sss_idmap_free_sid(ctx->opts->idmap_ctx->map, sid); if (ret != EOK) { goto fail; } @@ -509,7 +509,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, attr_name = ctx->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name; ret = sss_filter_sanitize(state, sid, &clean_name); - talloc_zfree(sid); + sss_idmap_free_sid(ctx->opts->idmap_ctx->map, sid); if (ret != EOK) { goto fail; } diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index a0841a7..aa72c88 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -594,6 +594,8 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) in_transaction = false; done: + sss_idmap_free_sid(state->opts->idmap_ctx->map, sid_str); + if (in_transaction) { sret = sysdb_transaction_cancel(state->sysdb); DEBUG(SSSDBG_FATAL_FAILURE, diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c index f6e8aba..144f5f5 100644 --- a/src/responder/pac/pacsrv_cmd.c +++ b/src/responder/pac/pacsrv_cmd.c @@ -161,6 +161,8 @@ static errno_t pac_add_pac_user(struct cli_ctx *cctx) goto done; } + talloc_steal(pr_ctx, pr_ctx->user_dom_sid_str); + ret = responder_get_domain_by_id(cctx->rctx, pr_ctx->user_dom_sid_str, &pr_ctx->dom); if (ret == EAGAIN || ret == ENOENT) { diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c index 05b53ed..30055a1 100644 --- a/src/responder/pac/pacsrv_utils.c +++ b/src/responder/pac/pacsrv_utils.c @@ -264,14 +264,14 @@ errno_t get_sids_from_pac(TALLOC_CTX *mem_ctx, goto done; } - talloc_zfree(sid_str); + sss_idmap_free_sid(pac_ctx->idmap_ctx, sid_str); } ret = EOK; done: talloc_free(sid_str); - talloc_free(user_dom_sid_str); + sss_idmap_free_sid(pac_ctx->idmap_ctx, user_dom_sid_str); if (ret == EOK) { *_sid_table = sid_table; diff --git a/src/tests/cmocka/test_sss_idmap.c b/src/tests/cmocka/test_sss_idmap.c index 53ed35a..019b461 100644 --- a/src/tests/cmocka/test_sss_idmap.c +++ b/src/tests/cmocka/test_sss_idmap.c @@ -251,6 +251,7 @@ void test_map_id(void **state) err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, id, &sid); assert_int_equal(err, IDMAP_SUCCESS); assert_string_equal(sid, TEST_DOM_SID"-0"); + sss_idmap_free_sid(test_ctx->idmap_ctx, sid); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-"TEST_OFFSET_STR, &id); @@ -260,6 +261,7 @@ void test_map_id(void **state) err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, id, &sid); assert_int_equal(err, IDMAP_SUCCESS); assert_string_equal(sid, TEST_DOM_SID"-"TEST_OFFSET_STR); + sss_idmap_free_sid(test_ctx->idmap_ctx, sid); } void test_map_id_external(void **state) diff --git a/src/tests/sss_idmap-tests.c b/src/tests/sss_idmap-tests.c index 65e6135..b2de0e7 100644 --- a/src/tests/sss_idmap-tests.c +++ b/src/tests/sss_idmap-tests.c @@ -280,7 +280,7 @@ START_TEST(idmap_test_uid2sid) "sss_idmap_unix_to_sid returned wrong SID, " "expected [%s], got [%s].", "S-1-5-21-1-2-3-1000", sid); - talloc_free(sid); + sss_idmap_free_sid(idmap_ctx, sid); } END_TEST @@ -304,7 +304,7 @@ START_TEST(idmap_test_uid2dom_sid) "sss_idmap_unix_to_dom_sid returned wrong SID, " "expected [%s], got [%s].", "S-1-5-21-1-2-3-1000", sid); - talloc_free(sid); + sss_idmap_free_sid(idmap_ctx, sid); talloc_free(dom_sid); } END_TEST @@ -330,7 +330,7 @@ START_TEST(idmap_test_uid2bin_sid) "sss_idmap_unix_to_bin_sid returned wrong SID, " "expected [%s], got [%s].", "S-1-5-21-1-2-3-1000", sid); - talloc_free(sid); + sss_idmap_free_sid(idmap_ctx, sid); talloc_free(bin_sid); } END_TEST @@ -385,7 +385,7 @@ START_TEST(idmap_test_sid2dom_sid) "SID strings do not match."); talloc_free(dom_sid); - talloc_free(new_sid); + sss_idmap_free_sid(idmap_ctx, new_sid); } END_TEST @@ -418,7 +418,7 @@ START_TEST(idmap_test_large_and_too_large_sid) "did not return IDMAP_SID_INVALID"); talloc_free(dom_sid); - talloc_free(new_sid); + sss_idmap_free_sid(idmap_ctx, new_sid); } END_TEST @@ -454,7 +454,7 @@ START_TEST(idmap_test_bin_sid2sid) "expected [%s], get [%s]", test_sid, sid); - talloc_free(sid); + sss_idmap_free_sid(idmap_ctx, sid); } END_TEST @@ -528,7 +528,7 @@ START_TEST(idmap_test_smb_sid2sid) "expected [%s], get [%s]", test_sid, sid); - talloc_free(sid); + sss_idmap_free_sid(idmap_ctx, sid); } END_TEST