A farily large commit:

 - Move rpc_client/cli_trust.c to smbd/change_trust_pw.c
  - It hasn't been used by anything else since smbpasswd lost its -j

 - Add a TALLOC_CTX to the auth subsytem.  These are only valid for the length
   of the calls to the individual modules, if you want a longer context hide it
   in your private data.

   Similarly, all returns (like the server_info) should still be malloced.

 - Move the 'ntdomain' module (security=domain in oldspeak) over to use the new
   libsmb domain logon code.  Also rework much of the code to use some better
   helper functions for the connection - getting us much better error returns
   (the new code is NTSTATUS).

   The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for
   the LUID feilds is sufficient, or if we should do random LUIDs as per the old
   code.

   Similarly, I'll move winbind over to this when I get a chance.

This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in
rpc_client, at least as far as smbd is concerned.

While I've given this a basic rundown, any testing is as always appriciated.

Andrew Bartlett
(This used to be commit d870edce76ecca259230fbdbdacd0c86793b4837)

1 files changed, 11 insertions, 10 deletions

diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 7e43d529d2..7178e3147c 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -29,7 +29,7 @@ extern userdom_struct current_user_info;
  Support for server level security.
 ****************************************************************************/
 
-static struct cli_state *server_cryptkey(void)
+static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
 {
 	struct cli_state *cli = NULL;
 	fstring desthost;
@@ -43,7 +43,7 @@ static struct cli_state *server_cryptkey(void)
 	/* security = server just can't function with spnego */
 	cli->use_spnego = False;
 
-        pserver = strdup(lp_passwordserver());
+        pserver = talloc_strdup(mem_ctx, lp_passwordserver());
 	p = pserver;
 
         while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
@@ -67,8 +67,6 @@ static struct cli_state *server_cryptkey(void)
 		}
 	}
 
-	SAFE_FREE(pserver);
-
 	if (!connected_ok) {
 		DEBUG(0,("password server not available\n"));
 		cli_shutdown(cli);
@@ -136,9 +134,11 @@ static void send_server_keepalive(void **private_data_pointer)
  Get the challenge out of a password server.
 ****************************************************************************/
 
-static DATA_BLOB auth_get_challenge_server(void **my_private_data, const struct authsupplied_info *auth_info) 
+static DATA_BLOB auth_get_challenge_server(void **my_private_data, 
+					   TALLOC_CTX *mem_ctx,
+					   const struct authsupplied_info *auth_info) 
 {
-	struct cli_state *cli = server_cryptkey();
+	struct cli_state *cli = server_cryptkey(mem_ctx);
 	
 	if (cli) {
 		DEBUG(3,("using password server validation\n"));
@@ -175,9 +175,10 @@ static DATA_BLOB auth_get_challenge_server(void **my_private_data, const struct
 ****************************************************************************/
 
 static NTSTATUS check_smbserver_security(void *my_private_data, 
-				  const auth_usersupplied_info *user_info, 
-				  const auth_authsupplied_info *auth_info,
-				  auth_serversupplied_info **server_info)
+					 TALLOC_CTX *mem_ctx,
+					 const auth_usersupplied_info *user_info, 
+					 const auth_authsupplied_info *auth_info,
+					 auth_serversupplied_info **server_info)
 {
 	struct cli_state *cli;
 	static unsigned char badpass[24];
@@ -202,7 +203,7 @@ static NTSTATUS check_smbserver_security(void *my_private_data,
 	
 	if (cli) {
 	} else {
-		cli = server_cryptkey();
+		cli = server_cryptkey(mem_ctx);
 		locally_made_cli = True;
 	}