s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts

Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state.
Remote auth_ntlmssp_end and use TALLOC_FREE in the callers.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

7 files changed, 26 insertions, 26 deletions

diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index d389ee7c1f..bebb86ee17 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -254,6 +254,8 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 	return nt_status;
 }
 
+static int auth_ntlmssp_state_destructor(void *ptr);
+
 NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state)
 {
 	NTSTATUS nt_status;
@@ -311,17 +313,21 @@ NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state)
 	ans->ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
 	ans->ntlmssp_state->check_password = auth_ntlmssp_check_password;
 
+	talloc_set_destructor((TALLOC_CTX *)ans, auth_ntlmssp_state_destructor);
+
 	*auth_ntlmssp_state = ans;
 	return NT_STATUS_OK;
 }
 
-void auth_ntlmssp_end(struct auth_ntlmssp_state **auth_ntlmssp_state)
+static int auth_ntlmssp_state_destructor(void *ptr)
 {
-	if (*auth_ntlmssp_state == NULL) {
-		return;
-	}
-	TALLOC_FREE((*auth_ntlmssp_state)->server_info);
-	TALLOC_FREE(*auth_ntlmssp_state);
+	struct auth_ntlmssp_state *ans;
+
+	ans = talloc_get_type(ptr, struct auth_ntlmssp_state);
+
+	TALLOC_FREE(ans->server_info);
+	TALLOC_FREE(ans->ntlmssp_state);
+	return 0;
 }
 
 NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *auth_ntlmssp_state,
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 1cf9621182..a5b98cdc4d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -66,7 +66,6 @@ bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
 void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state);
 void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state);
 NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state);
-void auth_ntlmssp_end(struct auth_ntlmssp_state **auth_ntlmssp_state);
 NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *auth_ntlmssp_state,
 			     const DATA_BLOB request, DATA_BLOB *reply) ;
 NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *auth_ntlmssp_state,
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index a7a5f4d676..a56a6345cc 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -85,12 +85,7 @@ static void dump_pdu_region(const char *name, int v,
 
 static void free_pipe_ntlmssp_auth_data(struct pipe_auth_data *auth)
 {
-	struct auth_ntlmssp_state *a = auth->a_u.auth_ntlmssp_state;
-
-	if (a) {
-		auth_ntlmssp_end(&a);
-	}
-	auth->a_u.auth_ntlmssp_state = NULL;
+	TALLOC_FREE(auth->a_u.auth_ntlmssp_state);
 }
 
 static DATA_BLOB generic_session_key(void)
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 2bd333ab30..996417b51e 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -120,7 +120,7 @@ void invalidate_vuid(struct smbd_server_connection *sconn, uint16 vuid)
 	session_yield(vuser);
 
 	if (vuser->auth_ntlmssp_state) {
-		auth_ntlmssp_end(&vuser->auth_ntlmssp_state);
+		TALLOC_FREE(vuser->auth_ntlmssp_state);
 	}
 
 	DLIST_REMOVE(sconn->smb1.sessions.validated_users, vuser);
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index 171e809b44..ad785a4588 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -101,7 +101,7 @@ static void destroy_auth_ntlmssp(struct smb_srv_trans_enc_ctx *ec)
 	 */
 
 	if (ec->auth_ntlmssp_state) {
-		auth_ntlmssp_end(&ec->auth_ntlmssp_state);
+		TALLOC_FREE(ec->auth_ntlmssp_state);
 		/* The auth_ntlmssp_end killed this already. */
 		ec->es->s.ntlmssp_state = NULL;
 	}
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 525bcafd09..27eb4f6c48 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -708,7 +708,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
 	if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		/* NB. This is *NOT* an error case. JRA */
 		if (do_invalidate) {
-			auth_ntlmssp_end(auth_ntlmssp_state);
+			TALLOC_FREE(*auth_ntlmssp_state);
 			if (!NT_STATUS_IS_OK(nt_status)) {
 				/* Kill the intermediate vuid */
 				invalidate_vuid(sconn, vuid);
@@ -828,7 +828,7 @@ static void reply_spnego_negotiate(struct smb_request *req,
 #endif
 
 	if (*auth_ntlmssp_state) {
-		auth_ntlmssp_end(auth_ntlmssp_state);
+		TALLOC_FREE(*auth_ntlmssp_state);
 	}
 
 	if (kerb_mech) {
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 493e74802d..4d0f03259b 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -550,7 +550,7 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
 	NTSTATUS status;
 
 	/* Ensure we have no old NTLM state around. */
-	auth_ntlmssp_end(&session->auth_ntlmssp_state);
+	TALLOC_FREE(session->auth_ntlmssp_state);
 
 	status = parse_spnego_mechanisms(in_security_buffer,
 			&secblob_in, &kerb_mech);
@@ -621,7 +621,7 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
 	if (!NT_STATUS_IS_OK(status) &&
 			!NT_STATUS_EQUAL(status,
 				NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		auth_ntlmssp_end(&session->auth_ntlmssp_state);
+		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 	}
 	return status;
@@ -653,7 +653,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 
 	session->compat_vuser = talloc_zero(session, user_struct);
 	if (session->compat_vuser == NULL) {
-		auth_ntlmssp_end(&session->auth_ntlmssp_state);
+		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -682,7 +682,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 		DEBUG(1, ("smb2: Failed to claim session "
 			"for vuid=%d\n",
 			session->compat_vuser->vuid));
-		auth_ntlmssp_end(&session->auth_ntlmssp_state);
+		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 		return NT_STATUS_LOGON_FAILURE;
 	}
@@ -793,7 +793,7 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
 
 	if (!NT_STATUS_IS_OK(status) &&
 			!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		auth_ntlmssp_end(&session->auth_ntlmssp_state);
+		TALLOC_FREE(session->auth_ntlmssp_state);
 		data_blob_free(&auth);
 		TALLOC_FREE(session);
 		return status;
@@ -808,7 +808,7 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
 						secblob_out.data,
 						secblob_out.length);
 	if (secblob_out.data && out_security_buffer->data == NULL) {
-		auth_ntlmssp_end(&session->auth_ntlmssp_state);
+		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -858,7 +858,7 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
 						secblob_out.data,
 						secblob_out.length);
 		if (secblob_out.data && out_security_buffer->data == NULL) {
-			auth_ntlmssp_end(&session->auth_ntlmssp_state);
+			TALLOC_FREE(session->auth_ntlmssp_state);
 			TALLOC_FREE(session);
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -872,7 +872,7 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
 	status = setup_ntlmssp_server_info(session, status);
 
 	if (!NT_STATUS_IS_OK(status)) {
-		auth_ntlmssp_end(&session->auth_ntlmssp_state);
+		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 		return status;
 	}
@@ -971,7 +971,7 @@ static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
 	/* Unknown packet type. */
 	DEBUG(1,("Unknown packet type %u in smb2 sessionsetup\n",
 		(unsigned int)in_security_buffer.data[0] ));
-	auth_ntlmssp_end(&session->auth_ntlmssp_state);
+	TALLOC_FREE(session->auth_ntlmssp_state);
 	TALLOC_FREE(session);
 	return NT_STATUS_LOGON_FAILURE;
 }