diff options
| author | Günther Deschner <gd@samba.org> | 2005-11-22 10:22:59 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:05:29 -0500 |
| commit | 90603cb3cddcab3c7577cdad81e4a134c39de4ce (patch) | |
| tree | 860c6892a3068552e6abcc0a93604c4149ba5157 /source3 | |
| parent | e98a396b768f2966306c8c4a3f6037e3a7547af7 (diff) | |
| download | samba-90603cb3cddcab3c7577cdad81e4a134c39de4ce.tar.gz samba-90603cb3cddcab3c7577cdad81e4a134c39de4ce.tar.bz2 samba-90603cb3cddcab3c7577cdad81e4a134c39de4ce.zip | |
r11846: Destroy the TALLOC_CTX on error in the Kerberos session setup and give a
more precise inline comment why PAC verification may fail.
Guenther
(This used to be commit 43b57715e9b44a0a0c7cc7fe3674a5fd4369e78b)
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/libads/kerberos_verify.c | 6 | ||||
| -rw-r--r-- | source3/smbd/sesssetup.c | 7 |
2 files changed, 10 insertions, 3 deletions
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index f21577d080..220bf14e32 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -400,9 +400,9 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx, file_save("/tmp/ticket.dat", ticket->data, ticket->length); #endif - /* continue when no PAC is retrieved - (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, - or Kerberos tickets encryped using a DES key) - Guenther */ + /* continue when no PAC is retrieved or we couldn't decode the PAC + (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, or + Kerberos tickets encrypted using a DES key) - Guenther */ got_auth_data = get_auth_data_from_tkt(mem_ctx, &auth_data, tkt); if (!got_auth_data) { diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 2c96760167..8aa046b85a 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -168,6 +168,7 @@ static int reply_spnego_kerberos(connection_struct *conn, return ERROR_NT(NT_STATUS_NO_MEMORY); if (!spnego_parse_krb5_wrap(*secblob, &ticket, tok_id)) { + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -177,6 +178,7 @@ static int reply_spnego_kerberos(connection_struct *conn, if (!NT_STATUS_IS_OK(ret)) { DEBUG(1,("Failed to verify incoming ticket!\n")); + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -188,6 +190,7 @@ static int reply_spnego_kerberos(connection_struct *conn, data_blob_free(&ap_rep); data_blob_free(&session_key); SAFE_FREE(client); + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -206,6 +209,7 @@ static int reply_spnego_kerberos(connection_struct *conn, data_blob_free(&ap_rep); data_blob_free(&session_key); SAFE_FREE(client); + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } } @@ -283,6 +287,7 @@ static int reply_spnego_kerberos(connection_struct *conn, SAFE_FREE(client); data_blob_free(&ap_rep); data_blob_free(&session_key); + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } } @@ -302,6 +307,7 @@ static int reply_spnego_kerberos(connection_struct *conn, data_blob_free(&ap_rep); data_blob_free(&session_key); passwd_free(&pw); + talloc_destroy(mem_ctx); return ERROR_NT(ret); } @@ -314,6 +320,7 @@ static int reply_spnego_kerberos(connection_struct *conn, data_blob_free(&ap_rep); data_blob_free(&session_key); passwd_free(&pw); + talloc_destroy(mem_ctx); return ERROR_NT(ret); } |