diff options
-rw-r--r-- | source4/libcli/auth/gensec.c | 10 | ||||
-rw-r--r-- | source4/libcli/auth/spnego.c | 39 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.c | 3 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 2 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 12 | ||||
-rw-r--r-- | source4/rpc_server/dcerpc_server.c | 3 | ||||
-rw-r--r-- | source4/smb_server/sesssetup.c | 3 | ||||
-rw-r--r-- | source4/utils/ntlm_auth.c | 2 |
8 files changed, 30 insertions, 44 deletions
diff --git a/source4/libcli/auth/gensec.c b/source4/libcli/auth/gensec.c index 7e33a159f9..75086f9281 100644 --- a/source4/libcli/auth/gensec.c +++ b/source4/libcli/auth/gensec.c @@ -440,16 +440,6 @@ NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_ return gensec_security->ops->update(gensec_security, out_mem_ctx, in, out); } -void gensec_end(struct gensec_security **gensec_security) -{ - if (!*gensec_security) { - return; - } - - talloc_free(*gensec_security); - *gensec_security = NULL; -} - /** * Set the requirement for a certain feature on the connection * diff --git a/source4/libcli/auth/spnego.c b/source4/libcli/auth/spnego.c index 988d0b32a5..5cce0f9e17 100644 --- a/source4/libcli/auth/spnego.c +++ b/source4/libcli/auth/spnego.c @@ -45,16 +45,6 @@ struct spnego_state { }; -static int gensec_spnego_destroy(void *ptr) -{ - struct spnego_state *spnego_state = ptr; - - if (spnego_state->sub_sec_security) { - gensec_end(&spnego_state->sub_sec_security); - } - return 0; -} - static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_security) { struct spnego_state *spnego_state; @@ -68,8 +58,6 @@ static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_securi spnego_state->state_position = SPNEGO_CLIENT_START; spnego_state->sub_sec_security = NULL; - talloc_set_destructor(spnego_state, gensec_spnego_destroy); - gensec_security->private_data = spnego_state; return NT_STATUS_OK; } @@ -87,8 +75,6 @@ static NTSTATUS gensec_spnego_server_start(struct gensec_security *gensec_securi spnego_state->state_position = SPNEGO_SERVER_START; spnego_state->sub_sec_security = NULL; - talloc_set_destructor(spnego_state, gensec_spnego_destroy); - gensec_security->private_data = spnego_state; return NT_STATUS_OK; } @@ -246,8 +232,9 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec nt_status = gensec_start_mech_by_oid(spnego_state->sub_sec_security, all_ops[i]->oid); if (!NT_STATUS_IS_OK(nt_status)) { - gensec_end(&spnego_state->sub_sec_security); - continue; + talloc_free(spnego_state->sub_sec_security); + spnego_state->sub_sec_security = NULL; + continue; } nt_status = gensec_update(spnego_state->sub_sec_security, out_mem_ctx, in, out); @@ -255,7 +242,8 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec spnego_state->state_position = SPNEGO_FALLBACK; return nt_status; } - gensec_end(&spnego_state->sub_sec_security); + talloc_free(spnego_state->sub_sec_security); + spnego_state->sub_sec_security = NULL; } DEBUG(1, ("Failed to parse SPNEGO request\n")); return NT_STATUS_INVALID_PARAMETER; @@ -283,7 +271,8 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ nt_status = gensec_start_mech_by_oid(spnego_state->sub_sec_security, mechType[i]); if (!NT_STATUS_IS_OK(nt_status)) { - gensec_end(&spnego_state->sub_sec_security); + talloc_free(spnego_state->sub_sec_security); + spnego_state->sub_sec_security = NULL; continue; } @@ -302,7 +291,8 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("SPNEGO(%s) NEG_TOKEN_INIT failed: %s\n", spnego_state->sub_sec_security->ops->name, nt_errstr(nt_status))); - gensec_end(&spnego_state->sub_sec_security); + talloc_free(spnego_state->sub_sec_security); + spnego_state->sub_sec_security = NULL; } return nt_status; } @@ -344,8 +334,9 @@ static NTSTATUS gensec_spnego_client_negTokenInit(struct gensec_security *gensec nt_status = gensec_start_mech_by_oid(spnego_state->sub_sec_security, mechTypes[0]); if (!NT_STATUS_IS_OK(nt_status)) { - gensec_end(&spnego_state->sub_sec_security); - return nt_status; + talloc_free(spnego_state->sub_sec_security); + spnego_state->sub_sec_security = NULL; + return nt_status; } nt_status = gensec_update(spnego_state->sub_sec_security, out_mem_ctx, in, &unwrapped_out); @@ -367,7 +358,8 @@ static NTSTATUS gensec_spnego_client_negTokenInit(struct gensec_security *gensec spnego_state->state_position = SPNEGO_CLIENT_TARG; return nt_status; } - gensec_end(&spnego_state->sub_sec_security); + talloc_free(spnego_state->sub_sec_security); + spnego_state->sub_sec_security = NULL; DEBUG(1, ("Failed to setup SPNEGO netTokenInit request\n")); return NT_STATUS_INVALID_PARAMETER; @@ -515,7 +507,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA if (!in.length) { /* client to produce negTokenInit */ - return gensec_spnego_client_negTokenInit(gensec_security, spnego_state, out_mem_ctx, in, out); + return gensec_spnego_client_negTokenInit(gensec_security, spnego_state, + out_mem_ctx, in, out); } len = spnego_read_data(in, &spnego); diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 9217c90e0e..f6c0ebc413 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -85,9 +85,6 @@ void dcerpc_pipe_close(struct dcerpc_pipe *p) if (!p) return; p->reference_count--; if (p->reference_count <= 0) { - if (p->security_state.generic_state) { - gensec_end(&p->security_state.generic_state); - } p->transport.shutdown_pipe(p); talloc_free(p); } diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 844746e322..1c5556ccee 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -113,7 +113,7 @@ done: talloc_destroy(mem_ctx); if (!NT_STATUS_IS_OK(status)) { - gensec_end(&p->security_state.generic_state); + talloc_free(p->security_state.generic_state); ZERO_STRUCT(p->security_state); } else { /* Authenticated connections use the generic session key */ diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 635735a55d..6df48b7dd3 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -436,14 +436,16 @@ NTSTATUS dcerpc_bind_auth_schannel_withkey(struct dcerpc_pipe *p, status = gensec_set_username(p->security_state.generic_state, username); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to set schannel username to %s: %s\n", username, nt_errstr(status))); - gensec_end(&p->security_state.generic_state); + talloc_free(p->security_state.generic_state); + p->security_state.generic_state = NULL; return status; } status = gensec_set_domain(p->security_state.generic_state, domain); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to set schannel domain to %s: %s\n", domain, nt_errstr(status))); - gensec_end(&p->security_state.generic_state); + talloc_free(p->security_state.generic_state); + p->security_state.generic_state = NULL; return status; } @@ -451,7 +453,8 @@ NTSTATUS dcerpc_bind_auth_schannel_withkey(struct dcerpc_pipe *p, if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start SCHANNEL GENSEC backend: %s\n", nt_errstr(status))); - gensec_end(&p->security_state.generic_state); + talloc_free(p->security_state.generic_state); + p->security_state.generic_state = NULL; return status; } @@ -463,7 +466,8 @@ NTSTATUS dcerpc_bind_auth_schannel_withkey(struct dcerpc_pipe *p, if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to bind to pipe with SCHANNEL: %s\n", nt_errstr(status))); - gensec_end(&p->security_state.generic_state); + talloc_free(p->security_state.generic_state); + p->security_state.generic_state = NULL; return status; } diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 231778247f..cf4ea8bea8 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -274,7 +274,8 @@ static int dcesrv_endpoint_destructor(void *ptr) } if (p->auth_state.gensec_security) { - gensec_end(&p->auth_state.gensec_security); + talloc_free(p->auth_state.gensec_security); + p->auth_state.gensec_security = NULL; } return 0; diff --git a/source4/smb_server/sesssetup.c b/source4/smb_server/sesssetup.c index 85fac5680b..dcecc1327c 100644 --- a/source4/smb_server/sesssetup.c +++ b/source4/smb_server/sesssetup.c @@ -287,7 +287,8 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup status = nt_status_squash(status); if (smb_sess->gensec_ctx && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - gensec_end(&smb_sess->gensec_ctx); + talloc_free(smb_sess->gensec_ctx); + smb_sess->gensec_ctx = NULL; } } diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c index c99dcb1b7a..f741999ac9 100644 --- a/source4/utils/ntlm_auth.c +++ b/source4/utils/ntlm_auth.c @@ -320,7 +320,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, if (strncmp(buf, "YR", 2) == 0) { if (gensec_state && *gensec_state) { - gensec_end(gensec_state); + talloc_free(*gensec_state); *gensec_state = NULL; } } else if ( (strncmp(buf, "OK", 2) == 0)) { |