diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-12-24 09:54:23 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:07:37 -0500 |
| commit | 44113c4de1ae06a78a940782dc762b6576310d0d (patch) | |
| tree | 7d6e30dc5a56b11edcd2def2304aa78071b1405e /source4/libcli/auth/spnego.c | |
| parent | bebe512a57c6aabe6cd539750834297a17b5c4f5 (diff) | |
| download | samba-44113c4de1ae06a78a940782dc762b6576310d0d.tar.gz samba-44113c4de1ae06a78a940782dc762b6576310d0d.tar.bz2 samba-44113c4de1ae06a78a940782dc762b6576310d0d.zip | |
r4355: More work from the elves on Christmas eve:
- Update Samba4's kerberos code to match the 'salting' changes in
Samba3 (and many other cleanups by jra).
- Move GENSEC into the modern era of talloc destructors. This avoids
many of the memory leaks in this code, as we now can't somehow
'forget' to call the end routine.
- This required fixing some of the talloc hierarchies.
- The new krb5 seems more sensitive to getting the service name
right, so start actually setting the service name on the krb5 context.
Andrew Bartlett
(This used to be commit 278bf1a61a6da6ef955a12c13d7b1a0357cebf1f)
Diffstat (limited to 'source4/libcli/auth/spnego.c')
| -rw-r--r-- | source4/libcli/auth/spnego.c | 49 |
1 files changed, 23 insertions, 26 deletions
diff --git a/source4/libcli/auth/spnego.c b/source4/libcli/auth/spnego.c index 01757a0487..988d0b32a5 100644 --- a/source4/libcli/auth/spnego.c +++ b/source4/libcli/auth/spnego.c @@ -44,6 +44,17 @@ struct spnego_state { struct gensec_security *sub_sec_security; }; + +static int gensec_spnego_destroy(void *ptr) +{ + struct spnego_state *spnego_state = ptr; + + if (spnego_state->sub_sec_security) { + gensec_end(&spnego_state->sub_sec_security); + } + return 0; +} + static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_security) { struct spnego_state *spnego_state; @@ -57,6 +68,8 @@ static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_securi spnego_state->state_position = SPNEGO_CLIENT_START; spnego_state->sub_sec_security = NULL; + talloc_set_destructor(spnego_state, gensec_spnego_destroy); + gensec_security->private_data = spnego_state; return NT_STATUS_OK; } @@ -74,6 +87,8 @@ static NTSTATUS gensec_spnego_server_start(struct gensec_security *gensec_securi spnego_state->state_position = SPNEGO_SERVER_START; spnego_state->sub_sec_security = NULL; + talloc_set_destructor(spnego_state, gensec_spnego_destroy); + gensec_security->private_data = spnego_state; return NT_STATUS_OK; } @@ -221,7 +236,8 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec continue; } - nt_status = gensec_subcontext_start(gensec_security, + nt_status = gensec_subcontext_start(spnego_state, + gensec_security, &spnego_state->sub_sec_security); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; @@ -257,7 +273,8 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ DATA_BLOB null_data_blob = data_blob(NULL,0); for (i=0; mechType && mechType[i]; i++) { - nt_status = gensec_subcontext_start(gensec_security, + nt_status = gensec_subcontext_start(spnego_state, + gensec_security, &spnego_state->sub_sec_security); if (!NT_STATUS_IS_OK(nt_status)) { break; @@ -317,7 +334,8 @@ static NTSTATUS gensec_spnego_client_negTokenInit(struct gensec_security *gensec return NT_STATUS_INVALID_PARAMETER; } - nt_status = gensec_subcontext_start(gensec_security, + nt_status = gensec_subcontext_start(spnego_state, + gensec_security, &spnego_state->sub_sec_security); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; @@ -467,19 +485,12 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA return nt_status; } else { const char **mechlist = gensec_security_oids(out_mem_ctx, GENSEC_OID_SPNEGO); - const char *mechListMIC; - - mechListMIC = talloc_asprintf(out_mem_ctx,"%s$@%s", - lp_netbios_name(), - lp_realm()); - if (!mechListMIC) { - return NT_STATUS_NO_MEMORY; - } spnego_out.type = SPNEGO_NEG_TOKEN_INIT; spnego_out.negTokenInit.mechTypes = mechlist; spnego_out.negTokenInit.reqFlags = 0; - spnego_out.negTokenInit.mechListMIC = data_blob_string_const(mechListMIC); + spnego_out.negTokenInit.mechListMIC + = data_blob_string_const(gensec_get_target_principal(gensec_security)); spnego_out.negTokenInit.mechToken = unwrapped_out; if (spnego_write_data(out_mem_ctx, out, &spnego_out) == -1) { @@ -694,19 +705,6 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA return NT_STATUS_INVALID_PARAMETER; } -static void gensec_spnego_end(struct gensec_security *gensec_security) -{ - struct spnego_state *spnego_state = gensec_security->private_data; - - if (spnego_state->sub_sec_security) { - gensec_end(&spnego_state->sub_sec_security); - } - - talloc_free(spnego_state); - - gensec_security->private_data = NULL; -} - static const struct gensec_security_ops gensec_spnego_security_ops = { .name = "spnego", .sasl_name = "GSS-SPNEGO", @@ -722,7 +720,6 @@ static const struct gensec_security_ops gensec_spnego_security_ops = { .unseal_packet = gensec_spnego_unseal_packet, .session_key = gensec_spnego_session_key, .session_info = gensec_spnego_session_info, - .end = gensec_spnego_end }; NTSTATUS gensec_spnego_init(void) |