summaryrefslogtreecommitdiff
path: root/source4/auth/gensec/gensec_gssapi.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-08-01 15:39:01 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-08-03 18:48:02 +1000
commit35b309fa0cac9341f364243b03ebfcc80f74198e (patch)
treeb99fc49ec70be97a41289b3978db367fba63a769 /source4/auth/gensec/gensec_gssapi.c
parentd3fe48ba48b25f359292ee96dbf5cecc0b0b16a3 (diff)
downloadsamba-35b309fa0cac9341f364243b03ebfcc80f74198e.tar.gz
samba-35b309fa0cac9341f364243b03ebfcc80f74198e.tar.bz2
samba-35b309fa0cac9341f364243b03ebfcc80f74198e.zip
gensec: clarify memory ownership for gensec_session_info() and gensec_session_key()
This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
Diffstat (limited to 'source4/auth/gensec/gensec_gssapi.c')
-rw-r--r--source4/auth/gensec/gensec_gssapi.c20
1 files changed, 6 insertions, 14 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 4dd809856c..55610f5742 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -169,9 +169,6 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
break;
}
- gensec_gssapi_state->session_key = data_blob(NULL, 0);
- gensec_gssapi_state->pac = data_blob(NULL, 0);
-
ret = smb_krb5_init_context(gensec_gssapi_state,
NULL,
gensec_security->settings->lp_ctx,
@@ -1242,6 +1239,7 @@ static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security,
* This breaks all the abstractions, but what do you expect...
*/
static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
DATA_BLOB *session_key)
{
struct gensec_gssapi_state *gensec_gssapi_state
@@ -1253,11 +1251,6 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit
return NT_STATUS_NO_USER_SESSION_KEY;
}
- if (gensec_gssapi_state->session_key.data) {
- *session_key = gensec_gssapi_state->session_key;
- return NT_STATUS_OK;
- }
-
maj_stat = gsskrb5_get_subkey(&min_stat,
gensec_gssapi_state->gssapi_context,
&subkey);
@@ -1269,10 +1262,9 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit
DEBUG(10, ("Got KRB5 session key of length %d%s\n",
(int)KRB5_KEY_LENGTH(subkey),
(gensec_gssapi_state->sasl_state == STAGE_DONE)?" (done)":""));
- *session_key = data_blob_talloc(gensec_gssapi_state,
+ *session_key = data_blob_talloc(mem_ctx,
KRB5_KEY_DATA(subkey), KRB5_KEY_LENGTH(subkey));
krb5_free_keyblock(gensec_gssapi_state->smb_krb5_context->krb5_context, subkey);
- gensec_gssapi_state->session_key = *session_key;
dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length);
return NT_STATUS_OK;
@@ -1282,6 +1274,7 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit
* this session. This uses either the PAC (if present) or a local
* database lookup */
static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx_out,
struct auth_session_info **_session_info)
{
NTSTATUS nt_status;
@@ -1302,7 +1295,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
return NT_STATUS_INVALID_PARAMETER;
}
- mem_ctx = talloc_named(gensec_gssapi_state, 0, "gensec_gssapi_session_info context");
+ mem_ctx = talloc_named(mem_ctx_out, 0, "gensec_gssapi_session_info context");
NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
nt_status = gssapi_obtain_pac_blob(mem_ctx, gensec_gssapi_state->gssapi_context,
@@ -1391,7 +1384,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
return nt_status;
}
- nt_status = gensec_gssapi_session_key(gensec_security, &session_info->session_key);
+ nt_status = gensec_gssapi_session_key(gensec_security, session_info, &session_info->session_key);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;
@@ -1436,9 +1429,8 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
/* It has been taken from this place... */
gensec_gssapi_state->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
}
- talloc_steal(gensec_gssapi_state, session_info);
+ *_session_info = talloc_steal(mem_ctx_out, session_info);
talloc_free(mem_ctx);
- *_session_info = session_info;
return NT_STATUS_OK;
}