r13247: Try to make better use of talloc in the auth/ and auth/gensec code.

We don't want temporary memory hanging around on the long-term
contexts.

Andrew Bartlett
(This used to be commit 85b3f6ebddfb655fdd08d1799752e562a6ff9cb1)

3 files changed, 35 insertions, 17 deletions

diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index c491088302..85506fb41b 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -616,14 +616,14 @@ NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx, const char *principa
 		return nt_status;
 	}
 
-	nt_status = authsam_make_server_info(mem_ctx, sam_ctx, msgs[0], msgs_domain_ref[0],
+	nt_status = authsam_make_server_info(tmp_ctx, sam_ctx, msgs[0], msgs_domain_ref[0],
 					     user_sess_key, lm_sess_key,
 					     server_info);
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		talloc_free(tmp_ctx);
-		return nt_status;
+	if (NT_STATUS_IS_OK(nt_status)) {
+		talloc_steal(mem_ctx, *server_info);
 	}
-	return NT_STATUS_OK;
+	talloc_free(tmp_ctx);
+	return nt_status;
 }
 
 static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx,
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index f9650ee6cc..c90faacf02 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -759,7 +759,7 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit
 }
 
 static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_security,
-					 struct auth_session_info **_session_info) 
+					   struct auth_session_info **_session_info) 
 {
 	NTSTATUS nt_status;
 	TALLOC_CTX *mem_ctx;
@@ -873,13 +873,17 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
 	}
 
 	/* references the server_info into the session_info */
-	nt_status = auth_generate_session_info(gensec_gssapi_state, server_info, &session_info);
-	talloc_free(mem_ctx);
-	talloc_free(server_info);
-	NT_STATUS_NOT_OK_RETURN(nt_status);
+	nt_status = auth_generate_session_info(mem_ctx, server_info, &session_info);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
 
 	nt_status = gensec_gssapi_session_key(gensec_security, &session_info->session_key);
-	NT_STATUS_NOT_OK_RETURN(nt_status);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
 
 	if (!(gensec_gssapi_state->got_flags & GSS_C_DELEG_FLAG)) {
 		DEBUG(10, ("gensec_gssapi: NO delegated credentials supplied by client\n"));
@@ -888,6 +892,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
 		DEBUG(10, ("gensec_gssapi: delegated credentials supplied by client\n"));
 		session_info->credentials = cli_credentials_init(session_info);
 		if (!session_info->credentials) {
+			talloc_free(mem_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 
@@ -897,11 +902,13 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
 							   gensec_gssapi_state->delegated_cred_handle,
 							   CRED_SPECIFIED);
 		if (ret) {
+			talloc_free(mem_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 		/* It has been taken from this place... */
 		gensec_gssapi_state->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
 	}
+	talloc_steal(gensec_gssapi_state, session_info);
 	*_session_info = session_info;
 
 	return NT_STATUS_OK;
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index de93c5bd0c..a52ea1b686 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -546,6 +546,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 	} else {
 		pac = data_blob_talloc(mem_ctx, pac_data.data, pac_data.length);
 		if (!pac.data) {
+			talloc_free(mem_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 
@@ -554,6 +555,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 			DEBUG(5, ("krb5_ticket_get_client failed to get cleint principal: %s\n", 
 				  smb_get_krb5_error_message(context, 
 							     ret, mem_ctx)));
+			talloc_free(mem_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 		
@@ -568,12 +570,11 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 		if (NT_STATUS_IS_OK(nt_status)) {
 			union netr_Validation validation;
 			validation.sam3 = &logon_info->info3;
-			nt_status = make_server_info_netlogon_validation(gensec_krb5_state, 
+			nt_status = make_server_info_netlogon_validation(mem_ctx, 
 									 NULL,
 									 3, &validation,
 									 &server_info); 
 		}
-		talloc_free(mem_ctx);
 	}
 
 		
@@ -590,6 +591,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 			DEBUG(5, ("krb5_ticket_get_client failed to get cleint principal: %s\n", 
 				  smb_get_krb5_error_message(context, 
 							     ret, mem_ctx)));
+			talloc_free(mem_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 		
@@ -597,6 +599,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 					client_principal, &principal_string);
 		krb5_free_principal(context, client_principal);
 		if (ret) {
+			talloc_free(mem_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 
@@ -611,16 +614,24 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 	}
 
 	/* references the server_info into the session_info */
-	nt_status = auth_generate_session_info(gensec_krb5_state, server_info, &session_info);
-	talloc_free(mem_ctx);
+	nt_status = auth_generate_session_info(mem_ctx, server_info, &session_info);
 
-	NT_STATUS_NOT_OK_RETURN(nt_status);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
 
 	nt_status = gensec_krb5_session_key(gensec_security, &session_info->session_key);
-	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
 
 	*_session_info = session_info;
 
+	talloc_steal(gensec_krb5_state, session_info);
+	talloc_free(mem_ctx);
 	return NT_STATUS_OK;
 }