r23020: a better fix for the memory leak - this one doesn't stuff up spnego :)

(This used to be commit 9a8da730a725fc9fc1a3e407273e688f44eadfe1)

3 files changed, 16 insertions, 5 deletions

diff --git a/source4/smb_server/session.c b/source4/smb_server/session.c
index e95dc9e856..bd5660e481 100644
--- a/source4/smb_server/session.c
+++ b/source4/smb_server/session.c
@@ -136,6 +136,7 @@ static int smbsrv_session_destructor(struct smbsrv_session *sess)
  * gensec_ctx is optional, but talloc_steal'ed when present
  */
 struct smbsrv_session *smbsrv_session_new(struct smbsrv_connection *smb_conn,
+					  TALLOC_CTX *mem_ctx,
 					  struct gensec_security *gensec_ctx)
 {
 	struct smbsrv_session *sess = NULL;
@@ -144,7 +145,7 @@ struct smbsrv_session *smbsrv_session_new(struct smbsrv_connection *smb_conn,
 	/* Ensure no vuid gets registered in share level security. */
 	if (smb_conn->config.security == SEC_SHARE) return NULL;
 
-	sess = talloc_zero(smb_conn, struct smbsrv_session);
+	sess = talloc_zero(mem_ctx, struct smbsrv_session);
 	if (!sess) return NULL;
 	sess->smb_conn = smb_conn;
 
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c
index b6bddaa5b1..2e9403b10a 100644
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -49,6 +49,8 @@ static void smbsrv_sesssetup_backend_send(struct smbsrv_request *req,
 {
 	if (NT_STATUS_IS_OK(status)) {
 		req->smb_conn->negotiate.done_sesssetup = True;
+		/* we need to keep the session long term */
+		req->session = talloc_steal(req->smb_conn, req->session);
 	}
 	smbsrv_reply_sesssetup_send(req, sess, status);
 }
@@ -71,7 +73,7 @@ static void sesssetup_old_send(struct auth_check_password_request *areq,
 	if (!NT_STATUS_IS_OK(status)) goto failed;
 
 	/* allocate a new session */
-	smb_sess = smbsrv_session_new(req->smb_conn, NULL);
+	smb_sess = smbsrv_session_new(req->smb_conn, req, NULL);
 	if (!smb_sess) {
 		status = NT_STATUS_INSUFFICIENT_RESOURCES;
 		goto failed;
@@ -166,7 +168,7 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq,
 	if (!NT_STATUS_IS_OK(status)) goto failed;
 
 	/* allocate a new session */
-	smb_sess = smbsrv_session_new(req->smb_conn, NULL);
+	smb_sess = smbsrv_session_new(req->smb_conn, req, NULL);
 	if (!smb_sess) {
 		status = NT_STATUS_INSUFFICIENT_RESOURCES;
 		goto failed;
@@ -339,6 +341,10 @@ done:
 failed:
 	status = auth_nt_status_squash(status);
 	smbsrv_sesssetup_backend_send(req, sess, status);
+	if (!NT_STATUS_IS_OK(status) && 
+	    !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		talloc_free(smb_sess);
+	}
 }
 
 /*
@@ -394,7 +400,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se
 		}
 
 		/* allocate a new session */
-		smb_sess = smbsrv_session_new(req->smb_conn, gensec_ctx);
+		smb_sess = smbsrv_session_new(req->smb_conn, req->smb_conn, gensec_ctx);
 		if (!smb_sess) {
 			status = NT_STATUS_INSUFFICIENT_RESOURCES;
 			goto failed;
diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c
index c99b443a35..3439f2f068 100644
--- a/source4/smb_server/smb2/sesssetup.c
+++ b/source4/smb_server/smb2/sesssetup.c
@@ -95,6 +95,10 @@ done:
 failed:
 	req->status = auth_nt_status_squash(status);
 	smb2srv_sesssetup_send(req, io);
+	if (!NT_STATUS_IS_OK(status) && !
+	    NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		talloc_free(smb_sess);
+	}
 }
 
 static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_sesssetup *io)
@@ -138,7 +142,7 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses
 		}
 
 		/* allocate a new session */
-		smb_sess = smbsrv_session_new(req->smb_conn, gensec_ctx);
+		smb_sess = smbsrv_session_new(req->smb_conn, req->smb_conn, gensec_ctx);
 		if (!smb_sess) {
 			status = NT_STATUS_INSUFFICIENT_RESOURCES;
 			goto failed;