diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-07-12 14:26:34 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-07-14 16:22:49 +1000 |
commit | 0d95cee58f80e46636fa4b826d248c9ce9983c9b (patch) | |
tree | 8d48702186666fc8a27cb21685c61870fa95d4c5 /source3 | |
parent | 1debe30689e75023fab44028ef6942a692e37e95 (diff) | |
download | samba-0d95cee58f80e46636fa4b826d248c9ce9983c9b.tar.gz samba-0d95cee58f80e46636fa4b826d248c9ce9983c9b.tar.bz2 samba-0d95cee58f80e46636fa4b826d248c9ce9983c9b.zip |
s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS
This fixes a bug where register_existing_vuid() could be called with a
NULL server_info if the alloction failed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3')
-rw-r--r-- | source3/auth/auth_ntlmssp.c | 11 | ||||
-rw-r--r-- | source3/include/proto.h | 5 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 7 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 2 | ||||
-rw-r--r-- | source3/smbd/smb2_sesssetup.c | 7 |
5 files changed, 19 insertions, 13 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index df4666aaee..ba7efbf48e 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -84,8 +84,9 @@ void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state) } -struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, - struct auth_ntlmssp_state *auth_ntlmssp_state) +NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, + struct auth_ntlmssp_state *auth_ntlmssp_state, + struct auth_serversupplied_info **_server_info) { struct auth_serversupplied_info *server_info = auth_ntlmssp_state->server_info; data_blob_free(&server_info->user_session_key); @@ -95,10 +96,12 @@ struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, auth_ntlmssp_state->ntlmssp_state->session_key.data, auth_ntlmssp_state->ntlmssp_state->session_key.length); if (auth_ntlmssp_state->ntlmssp_state->session_key.length && !server_info->user_session_key.data) { - return NULL; + *_server_info = NULL; + return NT_STATUS_NO_MEMORY; } auth_ntlmssp_state->server_info = NULL; - return talloc_steal(mem_ctx, server_info); + *_server_info = talloc_steal(mem_ctx, server_info); + return NT_STATUS_OK; } struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state) diff --git a/source3/include/proto.h b/source3/include/proto.h index d7b70cb4b2..cfa68da723 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -54,8 +54,9 @@ NTSTATUS auth_netlogond_init(void); /* The following definitions come from auth/auth_ntlmssp.c */ -struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, - struct auth_ntlmssp_state *auth_ntlmssp_state); +NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx, + struct auth_ntlmssp_state *auth_ntlmssp_state, + struct auth_serversupplied_info **_server_info); struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state); const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *auth_ntlmssp_state); const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *auth_ntlmssp_state); diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 34587f8964..85c212aa93 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -736,9 +736,10 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) TALLOC_FREE(p->server_info); - p->server_info = auth_ntlmssp_server_info(p, a); - if (p->server_info == NULL) { - DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server info for authenticated user\n")); + status = auth_ntlmssp_server_info(p, a, &p->server_info); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server info for authenticated user: %s\n", + nt_errstr(status))); return false; } diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 391654ebe3..80a5239de3 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -637,7 +637,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req, struct smbd_server_connection *sconn = req->sconn; if (NT_STATUS_IS_OK(nt_status)) { - server_info = auth_ntlmssp_server_info(talloc_tos(), (*auth_ntlmssp_state)); + nt_status = auth_ntlmssp_server_info(talloc_tos(), (*auth_ntlmssp_state), &server_info); } else { /* Note that this server_info won't have a session * key. But for map to guest, that's exactly the right diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 56aa2b8039..6586a45439 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -615,11 +615,12 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s uint64_t *out_session_id) { fstring tmp; - session->server_info = auth_ntlmssp_server_info(session, session->auth_ntlmssp_state); - if (!session->server_info) { + NTSTATUS status = auth_ntlmssp_server_info(session, session->auth_ntlmssp_state, + &session->server_info); + if (!NT_STATUS_IS_OK(status)) { auth_ntlmssp_end(&session->auth_ntlmssp_state); TALLOC_FREE(session); - return NT_STATUS_NO_MEMORY; + return status; } if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || |