summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-07-20 16:17:58 -0700
committerJeremy Allison <jra@samba.org>2010-07-20 16:17:58 -0700
commit5002b3a90d6002ce51ad1d8a038ea4c7be98ab43 (patch)
tree82f2fd9e0ba9594d098449a1659904850c71b8c7 /source3/libsmb
parent8df0f0e49e1a91fa10edd65582aa43020e6bc101 (diff)
downloadsamba-5002b3a90d6002ce51ad1d8a038ea4c7be98ab43.tar.gz
samba-5002b3a90d6002ce51ad1d8a038ea4c7be98ab43.tar.bz2
samba-5002b3a90d6002ce51ad1d8a038ea4c7be98ab43.zip
Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL contexts.
Jeremy.
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/cliconnect.c6
-rw-r--r--source3/libsmb/clifsinfo.c2
-rw-r--r--source3/libsmb/clispnego.c36
3 files changed, 23 insertions, 21 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 86448ff6b3..2d3e5a56a7 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1098,11 +1098,11 @@ static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq)
&& NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
DATA_BLOB tmp_blob = data_blob_null;
/* the server might give us back two challenges */
- parse_ret = spnego_parse_challenge(blob_in, &msg_in,
+ parse_ret = spnego_parse_challenge(state, blob_in, &msg_in,
&tmp_blob);
data_blob_free(&tmp_blob);
} else {
- parse_ret = spnego_parse_auth_response(blob_in, status,
+ parse_ret = spnego_parse_auth_response(state, blob_in, status,
OID_NTLMSSP, &msg_in);
}
state->turn += 1;
@@ -1128,7 +1128,7 @@ static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq)
return;
}
- state->blob_out = spnego_gen_auth(blob_out);
+ state->blob_out = spnego_gen_auth(state, blob_out);
TALLOC_FREE(subreq);
if (tevent_req_nomem(state->blob_out.data, req)) {
return;
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index aa7d1fb9ad..9e4d9fa8ad 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -764,7 +764,7 @@ static NTSTATUS make_cli_gss_blob(TALLOC_CTX *ctx,
p_tok_in = GSS_C_NO_BUFFER;
} else {
/* Remove the SPNEGO wrapper */
- if (!spnego_parse_auth_response(spnego_blob_in, status_in, OID_KERBEROS5, &blob_in)) {
+ if (!spnego_parse_auth_response(ctx, spnego_blob_in, status_in, OID_KERBEROS5, &blob_in)) {
status = NT_STATUS_UNSUCCESSFUL;
goto fail;
}
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index d5867120ea..66e023a91d 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -216,7 +216,7 @@ bool spnego_parse_negTokenInit(TALLOC_CTX *ctx,
/*
generate a krb5 GSS-API wrapper packet given a ticket
*/
-DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2])
+DATA_BLOB spnego_gen_krb5_wrap(TALLOC_CTX *ctx, const DATA_BLOB ticket, const uint8 tok_id[2])
{
ASN1_DATA *data;
DATA_BLOB ret;
@@ -237,7 +237,7 @@ DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2])
DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs));
}
- ret = data_blob(data->data, data->length);
+ ret = data_blob_talloc(ctx, data->data, data->length);
asn1_free(data);
return ret;
@@ -246,7 +246,7 @@ DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2])
/*
parse a krb5 GSS-API wrapper packet giving a ticket
*/
-bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2])
+bool spnego_parse_krb5_wrap(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2])
{
bool ret;
ASN1_DATA *data;
@@ -268,7 +268,7 @@ bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2])
} else {
asn1_read(data, tok_id, 2);
data_remaining -= 2;
- *ticket = data_blob(NULL, data_remaining);
+ *ticket = data_blob_talloc(ctx, NULL, data_remaining);
asn1_read(data, ticket->data, ticket->length);
}
@@ -309,7 +309,7 @@ int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx,
return retval;
/* wrap that up in a nice GSS-API wrapping */
- tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
+ tkt_wrapped = spnego_gen_krb5_wrap(ctx, tkt, TOK_ID_KRB_AP_REQ);
/* and wrap that in a shiny SPNEGO wrapper */
*targ = spnego_gen_negTokenInit(ctx, krb_mechs, &tkt_wrapped, NULL);
@@ -324,7 +324,7 @@ int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx,
/*
parse a spnego NTLMSSP challenge packet giving two security blobs
*/
-bool spnego_parse_challenge(const DATA_BLOB blob,
+bool spnego_parse_challenge(TALLOC_CTX *ctx, const DATA_BLOB blob,
DATA_BLOB *chal1, DATA_BLOB *chal2)
{
bool ret;
@@ -351,13 +351,13 @@ bool spnego_parse_challenge(const DATA_BLOB blob,
asn1_end_tag(data);
asn1_start_tag(data,ASN1_CONTEXT(2));
- asn1_read_OctetString(data, talloc_autofree_context(), chal1);
+ asn1_read_OctetString(data, ctx, chal1);
asn1_end_tag(data);
/* the second challenge is optional (XP doesn't send it) */
if (asn1_tag_remaining(data)) {
asn1_start_tag(data,ASN1_CONTEXT(3));
- asn1_read_OctetString(data, talloc_autofree_context(), chal2);
+ asn1_read_OctetString(data, ctx, chal2);
asn1_end_tag(data);
}
@@ -379,7 +379,7 @@ bool spnego_parse_challenge(const DATA_BLOB blob,
/*
generate a SPNEGO auth packet. This will contain the encrypted passwords
*/
-DATA_BLOB spnego_gen_auth(DATA_BLOB blob)
+DATA_BLOB spnego_gen_auth(TALLOC_CTX *ctx, DATA_BLOB blob)
{
ASN1_DATA *data;
DATA_BLOB ret;
@@ -397,7 +397,7 @@ DATA_BLOB spnego_gen_auth(DATA_BLOB blob)
asn1_pop_tag(data);
asn1_pop_tag(data);
- ret = data_blob(data->data, data->length);
+ ret = data_blob_talloc(ctx, data->data, data->length);
asn1_free(data);
@@ -407,7 +407,7 @@ DATA_BLOB spnego_gen_auth(DATA_BLOB blob)
/*
parse a SPNEGO auth packet. This contains the encrypted passwords
*/
-bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth)
+bool spnego_parse_auth(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *auth)
{
ssize_t len;
struct spnego_data token;
@@ -425,7 +425,7 @@ bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth)
return false;
}
- *auth = data_blob_talloc(talloc_tos(),
+ *auth = data_blob_talloc(ctx,
token.negTokenTarg.responseToken.data,
token.negTokenTarg.responseToken.length);
spnego_free_data(&token);
@@ -436,7 +436,8 @@ bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth)
/*
generate a minimal SPNEGO response packet. Doesn't contain much.
*/
-DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status,
+DATA_BLOB spnego_gen_auth_response(TALLOC_CTX *ctx,
+ DATA_BLOB *reply, NTSTATUS nt_status,
const char *mechOID)
{
ASN1_DATA *data;
@@ -477,7 +478,7 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status,
asn1_pop_tag(data);
asn1_pop_tag(data);
- ret = data_blob(data->data, data->length);
+ ret = data_blob_talloc(ctx, data->data, data->length);
asn1_free(data);
return ret;
}
@@ -485,7 +486,8 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status,
/*
parse a SPNEGO auth packet. This contains the encrypted passwords
*/
-bool spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status,
+bool spnego_parse_auth_response(TALLOC_CTX *ctx,
+ DATA_BLOB blob, NTSTATUS nt_status,
const char *mechOID,
DATA_BLOB *auth)
{
@@ -521,7 +523,7 @@ bool spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status,
if (asn1_tag_remaining(data)) {
asn1_start_tag(data,ASN1_CONTEXT(2));
- asn1_read_OctetString(data, talloc_autofree_context(), auth);
+ asn1_read_OctetString(data, ctx, auth);
asn1_end_tag(data);
}
} else if (negResult == SPNEGO_ACCEPT_INCOMPLETE) {
@@ -535,7 +537,7 @@ bool spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status,
if (asn1_tag_remaining(data)) {
DATA_BLOB mechList = data_blob_null;
asn1_start_tag(data, ASN1_CONTEXT(3));
- asn1_read_OctetString(data, talloc_autofree_context(), &mechList);
+ asn1_read_OctetString(data, ctx, &mechList);
asn1_end_tag(data);
data_blob_free(&mechList);
DEBUG(5,("spnego_parse_auth_response received mechListMIC, "