summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-01-31 01:50:54 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:51:37 -0500
commit7c7125be5dfdbacd702891e16529eb1412966f83 (patch)
treea5740baeadabc46793b30897c009892f8b5c53ad /source4
parentbc72dfa91ac409d3879b1959b607fa9f30cec160 (diff)
downloadsamba-7c7125be5dfdbacd702891e16529eb1412966f83.tar.gz
samba-7c7125be5dfdbacd702891e16529eb1412966f83.tar.bz2
samba-7c7125be5dfdbacd702891e16529eb1412966f83.zip
r13247: Try to make better use of talloc in the auth/ and auth/gensec code.
We don't want temporary memory hanging around on the long-term contexts. Andrew Bartlett (This used to be commit 85b3f6ebddfb655fdd08d1799752e562a6ff9cb1)
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/auth_sam.c10
-rw-r--r--source4/auth/gensec/gensec_gssapi.c19
-rw-r--r--source4/auth/gensec/gensec_krb5.c23
3 files changed, 35 insertions, 17 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index c491088302..85506fb41b 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -616,14 +616,14 @@ NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx, const char *principa
return nt_status;
}
- nt_status = authsam_make_server_info(mem_ctx, sam_ctx, msgs[0], msgs_domain_ref[0],
+ nt_status = authsam_make_server_info(tmp_ctx, sam_ctx, msgs[0], msgs_domain_ref[0],
user_sess_key, lm_sess_key,
server_info);
- if (!NT_STATUS_IS_OK(nt_status)) {
- talloc_free(tmp_ctx);
- return nt_status;
+ if (NT_STATUS_IS_OK(nt_status)) {
+ talloc_steal(mem_ctx, *server_info);
}
- return NT_STATUS_OK;
+ talloc_free(tmp_ctx);
+ return nt_status;
}
static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx,
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index f9650ee6cc..c90faacf02 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -759,7 +759,7 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit
}
static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_security,
- struct auth_session_info **_session_info)
+ struct auth_session_info **_session_info)
{
NTSTATUS nt_status;
TALLOC_CTX *mem_ctx;
@@ -873,13 +873,17 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
}
/* references the server_info into the session_info */
- nt_status = auth_generate_session_info(gensec_gssapi_state, server_info, &session_info);
- talloc_free(mem_ctx);
- talloc_free(server_info);
- NT_STATUS_NOT_OK_RETURN(nt_status);
+ nt_status = auth_generate_session_info(mem_ctx, server_info, &session_info);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(mem_ctx);
+ return nt_status;
+ }
nt_status = gensec_gssapi_session_key(gensec_security, &session_info->session_key);
- NT_STATUS_NOT_OK_RETURN(nt_status);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(mem_ctx);
+ return nt_status;
+ }
if (!(gensec_gssapi_state->got_flags & GSS_C_DELEG_FLAG)) {
DEBUG(10, ("gensec_gssapi: NO delegated credentials supplied by client\n"));
@@ -888,6 +892,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
DEBUG(10, ("gensec_gssapi: delegated credentials supplied by client\n"));
session_info->credentials = cli_credentials_init(session_info);
if (!session_info->credentials) {
+ talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
@@ -897,11 +902,13 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
gensec_gssapi_state->delegated_cred_handle,
CRED_SPECIFIED);
if (ret) {
+ talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
/* It has been taken from this place... */
gensec_gssapi_state->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
}
+ talloc_steal(gensec_gssapi_state, session_info);
*_session_info = session_info;
return NT_STATUS_OK;
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index de93c5bd0c..a52ea1b686 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -546,6 +546,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
} else {
pac = data_blob_talloc(mem_ctx, pac_data.data, pac_data.length);
if (!pac.data) {
+ talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
@@ -554,6 +555,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
DEBUG(5, ("krb5_ticket_get_client failed to get cleint principal: %s\n",
smb_get_krb5_error_message(context,
ret, mem_ctx)));
+ talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
@@ -568,12 +570,11 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
if (NT_STATUS_IS_OK(nt_status)) {
union netr_Validation validation;
validation.sam3 = &logon_info->info3;
- nt_status = make_server_info_netlogon_validation(gensec_krb5_state,
+ nt_status = make_server_info_netlogon_validation(mem_ctx,
NULL,
3, &validation,
&server_info);
}
- talloc_free(mem_ctx);
}
@@ -590,6 +591,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
DEBUG(5, ("krb5_ticket_get_client failed to get cleint principal: %s\n",
smb_get_krb5_error_message(context,
ret, mem_ctx)));
+ talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
@@ -597,6 +599,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
client_principal, &principal_string);
krb5_free_principal(context, client_principal);
if (ret) {
+ talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
@@ -611,16 +614,24 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
}
/* references the server_info into the session_info */
- nt_status = auth_generate_session_info(gensec_krb5_state, server_info, &session_info);
- talloc_free(mem_ctx);
+ nt_status = auth_generate_session_info(mem_ctx, server_info, &session_info);
- NT_STATUS_NOT_OK_RETURN(nt_status);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(mem_ctx);
+ return nt_status;
+ }
nt_status = gensec_krb5_session_key(gensec_security, &session_info->session_key);
- NT_STATUS_NOT_OK_RETURN(nt_status);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(mem_ctx);
+ return nt_status;
+ }
*_session_info = session_info;
+ talloc_steal(gensec_krb5_state, session_info);
+ talloc_free(mem_ctx);
return NT_STATUS_OK;
}