summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-07-12 14:26:34 +1000
committerAndrew Tridgell <tridge@samba.org>2010-07-14 16:22:49 +1000
commit0d95cee58f80e46636fa4b826d248c9ce9983c9b (patch)
tree8d48702186666fc8a27cb21685c61870fa95d4c5 /source3
parent1debe30689e75023fab44028ef6942a692e37e95 (diff)
downloadsamba-0d95cee58f80e46636fa4b826d248c9ce9983c9b.tar.gz
samba-0d95cee58f80e46636fa4b826d248c9ce9983c9b.tar.bz2
samba-0d95cee58f80e46636fa4b826d248c9ce9983c9b.zip
s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS
This fixes a bug where register_existing_vuid() could be called with a NULL server_info if the alloction failed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_ntlmssp.c11
-rw-r--r--source3/include/proto.h5
-rw-r--r--source3/rpc_server/srv_pipe.c7
-rw-r--r--source3/smbd/sesssetup.c2
-rw-r--r--source3/smbd/smb2_sesssetup.c7
5 files changed, 19 insertions, 13 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index df4666aaee..ba7efbf48e 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -84,8 +84,9 @@ void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
}
-struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
- struct auth_ntlmssp_state *auth_ntlmssp_state)
+NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
+ struct auth_ntlmssp_state *auth_ntlmssp_state,
+ struct auth_serversupplied_info **_server_info)
{
struct auth_serversupplied_info *server_info = auth_ntlmssp_state->server_info;
data_blob_free(&server_info->user_session_key);
@@ -95,10 +96,12 @@ struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
auth_ntlmssp_state->ntlmssp_state->session_key.data,
auth_ntlmssp_state->ntlmssp_state->session_key.length);
if (auth_ntlmssp_state->ntlmssp_state->session_key.length && !server_info->user_session_key.data) {
- return NULL;
+ *_server_info = NULL;
+ return NT_STATUS_NO_MEMORY;
}
auth_ntlmssp_state->server_info = NULL;
- return talloc_steal(mem_ctx, server_info);
+ *_server_info = talloc_steal(mem_ctx, server_info);
+ return NT_STATUS_OK;
}
struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index d7b70cb4b2..cfa68da723 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -54,8 +54,9 @@ NTSTATUS auth_netlogond_init(void);
/* The following definitions come from auth/auth_ntlmssp.c */
-struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
- struct auth_ntlmssp_state *auth_ntlmssp_state);
+NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
+ struct auth_ntlmssp_state *auth_ntlmssp_state,
+ struct auth_serversupplied_info **_server_info);
struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state);
const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *auth_ntlmssp_state);
const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *auth_ntlmssp_state);
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 34587f8964..85c212aa93 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -736,9 +736,10 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
TALLOC_FREE(p->server_info);
- p->server_info = auth_ntlmssp_server_info(p, a);
- if (p->server_info == NULL) {
- DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server info for authenticated user\n"));
+ status = auth_ntlmssp_server_info(p, a, &p->server_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server info for authenticated user: %s\n",
+ nt_errstr(status)));
return false;
}
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 391654ebe3..80a5239de3 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -637,7 +637,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
struct smbd_server_connection *sconn = req->sconn;
if (NT_STATUS_IS_OK(nt_status)) {
- server_info = auth_ntlmssp_server_info(talloc_tos(), (*auth_ntlmssp_state));
+ nt_status = auth_ntlmssp_server_info(talloc_tos(), (*auth_ntlmssp_state), &server_info);
} else {
/* Note that this server_info won't have a session
* key. But for map to guest, that's exactly the right
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 56aa2b8039..6586a45439 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -615,11 +615,12 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
uint64_t *out_session_id)
{
fstring tmp;
- session->server_info = auth_ntlmssp_server_info(session, session->auth_ntlmssp_state);
- if (!session->server_info) {
+ NTSTATUS status = auth_ntlmssp_server_info(session, session->auth_ntlmssp_state,
+ &session->server_info);
+ if (!NT_STATUS_IS_OK(status)) {
auth_ntlmssp_end(&session->auth_ntlmssp_state);
TALLOC_FREE(session);
- return NT_STATUS_NO_MEMORY;
+ return status;
}
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||