summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-03-18 16:23:27 +1100
committerGünther Deschner <gd@samba.org>2009-04-07 13:25:36 +0200
commit574a6a8c350a4bab3f42f3f9cfb382db721d69b5 (patch)
treee86d24ac19e673a7d8b53dbd529d3f9e2a75a28a /source3
parentfca02c9154796624958a877d2c92cabd65e9d0e4 (diff)
downloadsamba-574a6a8c350a4bab3f42f3f9cfb382db721d69b5.tar.gz
samba-574a6a8c350a4bab3f42f3f9cfb382db721d69b5.tar.bz2
samba-574a6a8c350a4bab3f42f3f9cfb382db721d69b5.zip
s3:kerberos Rework smb_krb5_unparse_name() to take a talloc context
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/include/includes.h7
-rw-r--r--source3/libads/authdata.c2
-rw-r--r--source3/libads/kerberos.c8
-rw-r--r--source3/libads/kerberos_keytab.c27
-rw-r--r--source3/libads/kerberos_verify.c6
-rw-r--r--source3/libnet/libnet_keytab.c32
-rw-r--r--source3/libsmb/clikrb5.c23
-rw-r--r--source3/smbd/sesssetup.c8
-rw-r--r--source3/utils/ntlm_auth.c6
9 files changed, 54 insertions, 65 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h
index c883e17713..497034b62c 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -901,9 +901,10 @@ krb5_error_code smb_krb5_parse_name(krb5_context context,
const char *name, /* in unix charset */
krb5_principal *principal);
-krb5_error_code smb_krb5_unparse_name(krb5_context context,
- krb5_const_principal principal,
- char **unix_name);
+krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
+ krb5_context context,
+ krb5_const_principal principal,
+ char **unix_name);
#ifndef HAVE_KRB5_SET_REAL_TIME
krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds);
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 9f0f68ed7b..0032e9e4f6 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -469,7 +469,7 @@ out:
data_blob_free(&sesskey1);
data_blob_free(&sesskey2);
- SAFE_FREE(client_princ_out);
+ TALLOC_FREE(client_princ_out);
return status;
}
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 52cb975a6c..c476f59ff5 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -545,7 +545,7 @@ krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context,
/* look under the old key. If this fails, just use the standard key */
- if (smb_krb5_unparse_name(context, host_princ, &unparsed_name) != 0) {
+ if (smb_krb5_unparse_name(talloc_tos(), context, host_princ, &unparsed_name) != 0) {
return (krb5_principal)NULL;
}
if ((salt_princ_s = kerberos_secrets_fetch_salting_principal(unparsed_name, enctype)) == NULL) {
@@ -558,7 +558,7 @@ krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context,
ret_princ = NULL;
}
- SAFE_FREE(unparsed_name);
+ TALLOC_FREE(unparsed_name);
SAFE_FREE(salt_princ_s);
return ret_princ;
@@ -603,7 +603,7 @@ bool kerberos_secrets_store_salting_principal(const char *service,
goto out;
}
- if (smb_krb5_unparse_name(context, princ, &unparsed_name) != 0) {
+ if (smb_krb5_unparse_name(talloc_tos(), context, princ, &unparsed_name) != 0) {
goto out;
}
@@ -623,7 +623,7 @@ bool kerberos_secrets_store_salting_principal(const char *service,
SAFE_FREE(key);
SAFE_FREE(princ_s);
- SAFE_FREE(unparsed_name);
+ TALLOC_FREE(unparsed_name);
if (princ) {
krb5_free_principal(context, princ);
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 7c028cb78f..4fede259ab 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -64,7 +64,7 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
while(!krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) {
bool compare_name_ok = False;
- ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc);
+ ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal, &ktprinc);
if (ret) {
DEBUG(1,("smb_krb5_kt_add_entry_ext: smb_krb5_unparse_name failed (%s)\n",
error_message(ret)));
@@ -91,7 +91,7 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
ktprinc, kt_entry.vno));
}
- SAFE_FREE(ktprinc);
+ TALLOC_FREE(ktprinc);
if (compare_name_ok) {
if (kt_entry.vno == kvno - 1) {
@@ -549,13 +549,12 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
}
}
- TALLOC_FREE( ctx );
-
/* Now loop through the keytab and update any other existing entries... */
kvno = (krb5_kvno) ads_get_machine_kvno(ads, machine_name);
if (kvno == -1) {
DEBUG(1,("ads_keytab_create_default: ads_get_machine_kvno failed to determine the system's kvno.\n"));
+ TALLOC_FREE(ctx);
return -1;
}
@@ -569,6 +568,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
ret = krb5_init_context(&context);
if (ret) {
DEBUG(1,("ads_keytab_create_default: could not krb5_init_context: %s\n",error_message(ret)));
+ TALLOC_FREE(ctx);
return ret;
}
@@ -599,7 +599,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
if (!found) {
goto done;
}
- oldEntries = SMB_MALLOC_ARRAY(char *, found );
+ oldEntries = talloc_array(ctx, char *, found );
if (!oldEntries) {
DEBUG(1,("ads_keytab_create_default: Failed to allocate space to store the old keytab entries (malloc failed?).\n"));
ret = -1;
@@ -615,7 +615,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
char *p;
/* This returns a malloc'ed string in ktprinc. */
- ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc);
+ ret = smb_krb5_unparse_name(oldEntries, context, kt_entry.principal, &ktprinc);
if (ret) {
DEBUG(1,("smb_krb5_unparse_name failed (%s)\n", error_message(ret)));
goto done;
@@ -640,12 +640,12 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
break;
}
if (!strcmp(oldEntries[i], ktprinc)) {
- SAFE_FREE(ktprinc);
+ TALLOC_FREE(ktprinc);
break;
}
}
if (i == found) {
- SAFE_FREE(ktprinc);
+ TALLOC_FREE(ktprinc);
}
}
smb_krb5_kt_free_entry(context, &kt_entry);
@@ -654,7 +654,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
ret = 0;
for (i = 0; oldEntries[i]; i++) {
ret |= ads_keytab_add_entry(ads, oldEntries[i]);
- SAFE_FREE(oldEntries[i]);
+ TALLOC_FREE(oldEntries[i]);
}
krb5_kt_end_seq_get(context, keytab, &cursor);
}
@@ -662,7 +662,8 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
done:
- SAFE_FREE(oldEntries);
+ TALLOC_FREE(oldEntries);
+ TALLOC_FREE(ctx);
{
krb5_keytab_entry zero_kt_entry;
@@ -728,7 +729,7 @@ int ads_keytab_list(const char *keytab_name)
char *etype_s = NULL;
krb5_enctype enctype = 0;
- ret = smb_krb5_unparse_name(context, kt_entry.principal, &princ_s);
+ ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal, &princ_s);
if (ret) {
goto out;
}
@@ -739,14 +740,14 @@ int ads_keytab_list(const char *keytab_name)
if (ret) {
if (asprintf(&etype_s, "UNKNOWN: %d\n", enctype) == -1)
{
- SAFE_FREE(princ_s);
+ TALLOC_FREE(princ_s);
goto out;
}
}
printf("%3d %s\t\t %s\n", kt_entry.vno, etype_s, princ_s);
- SAFE_FREE(princ_s);
+ TALLOC_FREE(princ_s);
SAFE_FREE(etype_s);
ret = smb_krb5_kt_free_entry(context, &kt_entry);
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index b903b2a6eb..8502902963 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -192,7 +192,7 @@ static bool ads_keytab_verify_ticket(krb5_context context,
}
while (!auth_ok && (krb5_kt_next_entry(context, keytab, &kt_entry, &kt_cursor) == 0)) {
- ret = smb_krb5_unparse_name(context, kt_entry.principal, &entry_princ_s);
+ ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal, &entry_princ_s);
if (ret) {
DEBUG(1, ("ads_keytab_verify_ticket: smb_krb5_unparse_name failed (%s)\n",
error_message(ret)));
@@ -242,7 +242,7 @@ static bool ads_keytab_verify_ticket(krb5_context context,
}
/* Free the name we parsed. */
- SAFE_FREE(entry_princ_s);
+ TALLOC_FREE(entry_princ_s);
/* Free the entry we just read. */
smb_krb5_kt_free_entry(context, &kt_entry);
@@ -636,7 +636,7 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
#endif
#endif
- if ((ret = smb_krb5_unparse_name(context, client_principal, principal))) {
+ if ((ret = smb_krb5_unparse_name(mem_ctx, context, client_principal, principal))) {
DEBUG(3,("ads_verify_ticket: smb_krb5_unparse_name failed (%s)\n",
error_message(ret)));
sret = NT_STATUS_LOGON_FAILURE;
diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c
index 81956942ca..589d4c2525 100644
--- a/source3/libnet/libnet_keytab.c
+++ b/source3/libnet/libnet_keytab.c
@@ -144,7 +144,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context,
goto cont;
}
- ret = smb_krb5_unparse_name(context, kt_entry.principal,
+ ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal,
&princ_s);
if (ret) {
DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n",
@@ -190,7 +190,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context,
cont:
smb_krb5_kt_free_entry(context, &kt_entry);
- SAFE_FREE(princ_s);
+ TALLOC_FREE(princ_s);
}
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
@@ -334,6 +334,8 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c
krb5_keyblock *keyp;
char *princ_s = NULL;
+ entry = NULL;
+
if (kt_entry.vno != kvno) {
goto cont;
}
@@ -344,7 +346,13 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c
goto cont;
}
- ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal,
+ entry = talloc_zero(mem_ctx, struct libnet_keytab_entry);
+ if (!entry) {
+ DEBUG(3, ("talloc failed\n"));
+ goto fail;
+ }
+
+ ret = smb_krb5_unparse_name(entry, ctx->context, kt_entry.principal,
&princ_s);
if (ret) {
goto cont;
@@ -354,24 +362,14 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c
goto cont;
}
- entry = talloc_zero(mem_ctx, struct libnet_keytab_entry);
- if (!entry) {
- DEBUG(3, ("talloc failed\n"));
- goto fail;
- }
-
- entry->name = talloc_strdup(entry, princ_s);
- if (!entry->name) {
- DEBUG(3, ("talloc_strdup_failed\n"));
- goto fail;
- }
-
entry->principal = talloc_strdup(entry, princ_s);
if (!entry->principal) {
DEBUG(3, ("talloc_strdup_failed\n"));
goto fail;
}
+ entry->name = talloc_move(entry, &princ_s);
+
entry->password = data_blob_talloc(entry, KRB5_KEY_DATA(keyp),
KRB5_KEY_LENGTH(keyp));
if (!entry->password.data) {
@@ -382,18 +380,16 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c
DEBUG(10, ("found entry\n"));
smb_krb5_kt_free_entry(ctx->context, &kt_entry);
- SAFE_FREE(princ_s);
break;
fail:
smb_krb5_kt_free_entry(ctx->context, &kt_entry);
- SAFE_FREE(princ_s);
TALLOC_FREE(entry);
break;
cont:
smb_krb5_kt_free_entry(ctx->context, &kt_entry);
- SAFE_FREE(princ_s);
+ TALLOC_FREE(entry);
continue;
}
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 4ab31374e2..aa98d7668f 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -56,12 +56,12 @@ static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context,
char *utf8_name;
size_t converted_size;
- if (!push_utf8_allocate(&utf8_name, name, &converted_size)) {
+ if (!push_utf8_talloc(talloc_tos(), &utf8_name, name, &converted_size)) {
return ENOMEM;
}
ret = krb5_parse_name(context, utf8_name, principal);
- SAFE_FREE(utf8_name);
+ TALLOC_FREE(utf8_name);
return ret;
}
@@ -79,24 +79,25 @@ static krb5_error_code smb_krb5_parse_name_norealm_conv(krb5_context context,
size_t converted_size;
*principal = NULL;
- if (!push_utf8_allocate(&utf8_name, name, &converted_size)) {
+ if (!push_utf8_talloc(talloc_tos(), &utf8_name, name, &converted_size)) {
return ENOMEM;
}
ret = krb5_parse_name_norealm(context, utf8_name, principal);
- SAFE_FREE(utf8_name);
+ TALLOC_FREE(utf8_name);
return ret;
}
#endif
/**************************************************************
krb5_parse_name that returns a UNIX charset name. Must
- be freed with normal free() call.
+ be freed with talloc_free() call.
**************************************************************/
- krb5_error_code smb_krb5_unparse_name(krb5_context context,
- krb5_const_principal principal,
- char **unix_name)
+krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
+ krb5_context context,
+ krb5_const_principal principal,
+ char **unix_name)
{
krb5_error_code ret;
char *utf8_name;
@@ -108,7 +109,7 @@ static krb5_error_code smb_krb5_parse_name_norealm_conv(krb5_context context,
return ret;
}
- if (!pull_utf8_allocate(unix_name, utf8_name, &converted_size)) {
+ if (!pull_utf8_talloc(mem_ctx, unix_name, utf8_name, &converted_size)) {
krb5_free_unparsed_name(context, utf8_name);
return ENOMEM;
}
@@ -1081,10 +1082,10 @@ get_key_from_keytab(krb5_context context,
}
if ( DEBUGLEVEL >= 10 ) {
- if (smb_krb5_unparse_name(context, server, &name) == 0) {
+ if (smb_krb5_unparse_name(talloc_tos(), context, server, &name) == 0) {
DEBUG(10,("get_key_from_keytab: will look for kvno %d, enctype %d and name: %s\n",
kvno, enctype, name));
- SAFE_FREE(name);
+ TALLOC_FREE(name);
}
}
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index e8878a29ab..d524f21817 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -333,7 +333,6 @@ static void reply_spnego_kerberos(struct smb_request *req,
DEBUG(3,("Doesn't look like a valid principal\n"));
data_blob_free(&ap_rep);
data_blob_free(&session_key);
- SAFE_FREE(client);
talloc_destroy(mem_ctx);
reply_nterror(req,nt_status_squash(NT_STATUS_LOGON_FAILURE));
return;
@@ -355,7 +354,6 @@ static void reply_spnego_kerberos(struct smb_request *req,
if (!lp_allow_trusted_domains()) {
data_blob_free(&ap_rep);
data_blob_free(&session_key);
- SAFE_FREE(client);
talloc_destroy(mem_ctx);
reply_nterror(req, nt_status_squash(
NT_STATUS_LOGON_FAILURE));
@@ -445,7 +443,6 @@ static void reply_spnego_kerberos(struct smb_request *req,
if ( !pw ) {
DEBUG(1,("Username %s is invalid on this system\n",
user));
- SAFE_FREE(client);
data_blob_free(&ap_rep);
data_blob_free(&session_key);
TALLOC_FREE(mem_ctx);
@@ -471,7 +468,6 @@ static void reply_spnego_kerberos(struct smb_request *req,
if ( !NT_STATUS_IS_OK(ret) ) {
DEBUG(1,("make_server_info_info3 failed: %s!\n",
nt_errstr(ret)));
- SAFE_FREE(client);
data_blob_free(&ap_rep);
data_blob_free(&session_key);
TALLOC_FREE(mem_ctx);
@@ -485,7 +481,6 @@ static void reply_spnego_kerberos(struct smb_request *req,
if ( !NT_STATUS_IS_OK(ret) ) {
DEBUG(1,("make_server_info_pw failed: %s!\n",
nt_errstr(ret)));
- SAFE_FREE(client);
data_blob_free(&ap_rep);
data_blob_free(&session_key);
TALLOC_FREE(mem_ctx);
@@ -513,7 +508,6 @@ static void reply_spnego_kerberos(struct smb_request *req,
if ( !NT_STATUS_IS_OK(ret) ) {
DEBUG(10,("failed to create local token: %s\n",
nt_errstr(ret)));
- SAFE_FREE(client);
data_blob_free(&ap_rep);
data_blob_free(&session_key);
TALLOC_FREE( mem_ctx );
@@ -541,8 +535,6 @@ static void reply_spnego_kerberos(struct smb_request *req,
nullblob,
client);
- SAFE_FREE(client);
-
reply_outbuf(req, 4, 0);
SSVAL(req->outbuf,smb_uid,sess_vuid);
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 9bc0c60b7b..7899bd0d07 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1251,8 +1251,6 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
&principal, &pac_data, &ap_rep,
&session_key, True);
- talloc_destroy(mem_ctx);
-
/* Now in "principal" we have the name we are
authenticated as. */
@@ -1274,9 +1272,9 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
user = SMB_STRDUP(principal);
data_blob_free(&ap_rep);
-
- SAFE_FREE(principal);
}
+
+ TALLOC_FREE(mem_ctx);
}
#endif