diff options
-rw-r--r-- | source3/include/proto.h | 16 | ||||
-rw-r--r-- | source3/libads/sasl.c | 8 | ||||
-rw-r--r-- | source3/libsmb/cliconnect.c | 6 | ||||
-rw-r--r-- | source3/libsmb/clifsinfo.c | 2 | ||||
-rw-r--r-- | source3/libsmb/clispnego.c | 36 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 8 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 14 | ||||
-rw-r--r-- | source3/smbd/seal.c | 8 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 13 | ||||
-rw-r--r-- | source3/smbd/smb2_sesssetup.c | 28 |
10 files changed, 65 insertions, 74 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 4af95090f0..75e4aaf7a8 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2805,21 +2805,21 @@ bool spnego_parse_negTokenInit(TALLOC_CTX *ctx, char *OIDs[ASN1_MAX_OIDS], char **principal, DATA_BLOB *secblob); -DATA_BLOB gen_negTokenTarg(const char *OIDs[], DATA_BLOB blob); -DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2]); -bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]); +DATA_BLOB spnego_gen_krb5_wrap(TALLOC_CTX *ctx, const DATA_BLOB ticket, const uint8 tok_id[2]); +bool spnego_parse_krb5_wrap(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]); int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx, const char *principal, int time_offset, DATA_BLOB *targ, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, time_t *expire_time); -bool spnego_parse_challenge(const DATA_BLOB blob, +bool spnego_parse_challenge(TALLOC_CTX *ctx, const DATA_BLOB blob, DATA_BLOB *chal1, DATA_BLOB *chal2); -DATA_BLOB spnego_gen_auth(DATA_BLOB blob); -bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth); -DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status, +DATA_BLOB spnego_gen_auth(TALLOC_CTX *ctx, DATA_BLOB blob); +bool spnego_parse_auth(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *auth); +DATA_BLOB spnego_gen_auth_response(TALLOC_CTX *ctx, DATA_BLOB *reply, NTSTATUS nt_status, const char *mechOID); -bool spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, +bool spnego_parse_auth_response(TALLOC_CTX *ctx, + DATA_BLOB blob, NTSTATUS nt_status, const char *mechOID, DATA_BLOB *auth); diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index d0b3f2a7ec..f4a0ac627e 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -196,7 +196,7 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) OIDs_ntlm, &blob_out, NULL); } else { /* wrap it in SPNEGO */ - msg1 = spnego_gen_auth(blob_out); + msg1 = spnego_gen_auth(talloc_tos(), blob_out); } data_blob_free(&blob_out); @@ -232,7 +232,7 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) (rc == LDAP_SASL_BIND_IN_PROGRESS)) { DATA_BLOB tmp_blob = data_blob_null; /* the server might give us back two challenges */ - if (!spnego_parse_challenge(blob, &blob_in, + if (!spnego_parse_challenge(talloc_tos(), blob, &blob_in, &tmp_blob)) { TALLOC_FREE(ntlmssp_state); @@ -242,7 +242,7 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) } data_blob_free(&tmp_blob); } else if (rc == LDAP_SASL_BIND_IN_PROGRESS) { - if (!spnego_parse_auth_response(blob, nt_status, OID_NTLMSSP, + if (!spnego_parse_auth_response(talloc_tos(), blob, nt_status, OID_NTLMSSP, &blob_in)) { TALLOC_FREE(ntlmssp_state); @@ -534,7 +534,7 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t wrapped = data_blob_null; } - ok = spnego_parse_auth_response(wrapped, NT_STATUS_OK, + ok = spnego_parse_auth_response(talloc_tos(), wrapped, NT_STATUS_OK, OID_KERBEROS5_OLD, &unwrapped); if (scred) ber_bvfree(scred); diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 86448ff6b3..2d3e5a56a7 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1098,11 +1098,11 @@ static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq) && NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { DATA_BLOB tmp_blob = data_blob_null; /* the server might give us back two challenges */ - parse_ret = spnego_parse_challenge(blob_in, &msg_in, + parse_ret = spnego_parse_challenge(state, blob_in, &msg_in, &tmp_blob); data_blob_free(&tmp_blob); } else { - parse_ret = spnego_parse_auth_response(blob_in, status, + parse_ret = spnego_parse_auth_response(state, blob_in, status, OID_NTLMSSP, &msg_in); } state->turn += 1; @@ -1128,7 +1128,7 @@ static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq) return; } - state->blob_out = spnego_gen_auth(blob_out); + state->blob_out = spnego_gen_auth(state, blob_out); TALLOC_FREE(subreq); if (tevent_req_nomem(state->blob_out.data, req)) { return; diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index aa7d1fb9ad..9e4d9fa8ad 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -764,7 +764,7 @@ static NTSTATUS make_cli_gss_blob(TALLOC_CTX *ctx, p_tok_in = GSS_C_NO_BUFFER; } else { /* Remove the SPNEGO wrapper */ - if (!spnego_parse_auth_response(spnego_blob_in, status_in, OID_KERBEROS5, &blob_in)) { + if (!spnego_parse_auth_response(ctx, spnego_blob_in, status_in, OID_KERBEROS5, &blob_in)) { status = NT_STATUS_UNSUCCESSFUL; goto fail; } diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index d5867120ea..66e023a91d 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -216,7 +216,7 @@ bool spnego_parse_negTokenInit(TALLOC_CTX *ctx, /* generate a krb5 GSS-API wrapper packet given a ticket */ -DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2]) +DATA_BLOB spnego_gen_krb5_wrap(TALLOC_CTX *ctx, const DATA_BLOB ticket, const uint8 tok_id[2]) { ASN1_DATA *data; DATA_BLOB ret; @@ -237,7 +237,7 @@ DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2]) DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs)); } - ret = data_blob(data->data, data->length); + ret = data_blob_talloc(ctx, data->data, data->length); asn1_free(data); return ret; @@ -246,7 +246,7 @@ DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2]) /* parse a krb5 GSS-API wrapper packet giving a ticket */ -bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]) +bool spnego_parse_krb5_wrap(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]) { bool ret; ASN1_DATA *data; @@ -268,7 +268,7 @@ bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]) } else { asn1_read(data, tok_id, 2); data_remaining -= 2; - *ticket = data_blob(NULL, data_remaining); + *ticket = data_blob_talloc(ctx, NULL, data_remaining); asn1_read(data, ticket->data, ticket->length); } @@ -309,7 +309,7 @@ int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx, return retval; /* wrap that up in a nice GSS-API wrapping */ - tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ); + tkt_wrapped = spnego_gen_krb5_wrap(ctx, tkt, TOK_ID_KRB_AP_REQ); /* and wrap that in a shiny SPNEGO wrapper */ *targ = spnego_gen_negTokenInit(ctx, krb_mechs, &tkt_wrapped, NULL); @@ -324,7 +324,7 @@ int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx, /* parse a spnego NTLMSSP challenge packet giving two security blobs */ -bool spnego_parse_challenge(const DATA_BLOB blob, +bool spnego_parse_challenge(TALLOC_CTX *ctx, const DATA_BLOB blob, DATA_BLOB *chal1, DATA_BLOB *chal2) { bool ret; @@ -351,13 +351,13 @@ bool spnego_parse_challenge(const DATA_BLOB blob, asn1_end_tag(data); asn1_start_tag(data,ASN1_CONTEXT(2)); - asn1_read_OctetString(data, talloc_autofree_context(), chal1); + asn1_read_OctetString(data, ctx, chal1); asn1_end_tag(data); /* the second challenge is optional (XP doesn't send it) */ if (asn1_tag_remaining(data)) { asn1_start_tag(data,ASN1_CONTEXT(3)); - asn1_read_OctetString(data, talloc_autofree_context(), chal2); + asn1_read_OctetString(data, ctx, chal2); asn1_end_tag(data); } @@ -379,7 +379,7 @@ bool spnego_parse_challenge(const DATA_BLOB blob, /* generate a SPNEGO auth packet. This will contain the encrypted passwords */ -DATA_BLOB spnego_gen_auth(DATA_BLOB blob) +DATA_BLOB spnego_gen_auth(TALLOC_CTX *ctx, DATA_BLOB blob) { ASN1_DATA *data; DATA_BLOB ret; @@ -397,7 +397,7 @@ DATA_BLOB spnego_gen_auth(DATA_BLOB blob) asn1_pop_tag(data); asn1_pop_tag(data); - ret = data_blob(data->data, data->length); + ret = data_blob_talloc(ctx, data->data, data->length); asn1_free(data); @@ -407,7 +407,7 @@ DATA_BLOB spnego_gen_auth(DATA_BLOB blob) /* parse a SPNEGO auth packet. This contains the encrypted passwords */ -bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth) +bool spnego_parse_auth(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *auth) { ssize_t len; struct spnego_data token; @@ -425,7 +425,7 @@ bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth) return false; } - *auth = data_blob_talloc(talloc_tos(), + *auth = data_blob_talloc(ctx, token.negTokenTarg.responseToken.data, token.negTokenTarg.responseToken.length); spnego_free_data(&token); @@ -436,7 +436,8 @@ bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth) /* generate a minimal SPNEGO response packet. Doesn't contain much. */ -DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status, +DATA_BLOB spnego_gen_auth_response(TALLOC_CTX *ctx, + DATA_BLOB *reply, NTSTATUS nt_status, const char *mechOID) { ASN1_DATA *data; @@ -477,7 +478,7 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status, asn1_pop_tag(data); asn1_pop_tag(data); - ret = data_blob(data->data, data->length); + ret = data_blob_talloc(ctx, data->data, data->length); asn1_free(data); return ret; } @@ -485,7 +486,8 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status, /* parse a SPNEGO auth packet. This contains the encrypted passwords */ -bool spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, +bool spnego_parse_auth_response(TALLOC_CTX *ctx, + DATA_BLOB blob, NTSTATUS nt_status, const char *mechOID, DATA_BLOB *auth) { @@ -521,7 +523,7 @@ bool spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, if (asn1_tag_remaining(data)) { asn1_start_tag(data,ASN1_CONTEXT(2)); - asn1_read_OctetString(data, talloc_autofree_context(), auth); + asn1_read_OctetString(data, ctx, auth); asn1_end_tag(data); } } else if (negResult == SPNEGO_ACCEPT_INCOMPLETE) { @@ -535,7 +537,7 @@ bool spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, if (asn1_tag_remaining(data)) { DATA_BLOB mechList = data_blob_null; asn1_start_tag(data, ASN1_CONTEXT(3)); - asn1_read_OctetString(data, talloc_autofree_context(), &mechList); + asn1_read_OctetString(data, ctx, &mechList); asn1_end_tag(data); data_blob_free(&mechList); DEBUG(5,("spnego_parse_auth_response received mechListMIC, " diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 3ca9271a82..50b0efadb2 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1302,7 +1302,7 @@ static NTSTATUS create_krb5_auth_bind_req(struct rpc_pipe_client *cli, } /* wrap that up in a nice GSS-API wrapping */ - tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ); + tkt_wrapped = spnego_gen_krb5_wrap(talloc_tos(), tkt, TOK_ID_KRB_AP_REQ); data_blob_free(&tkt); @@ -2496,7 +2496,7 @@ static NTSTATUS rpc_finish_spnego_ntlmssp_bind_send(struct tevent_req *req, * The server might give us back two challenges - tmp_blob is for the * second. */ - if (!spnego_parse_challenge(auth_info.credentials, + if (!spnego_parse_challenge(state, auth_info.credentials, &server_ntlm_response, &tmp_blob)) { data_blob_free(&server_ntlm_response); data_blob_free(&tmp_blob); @@ -2520,7 +2520,7 @@ static NTSTATUS rpc_finish_spnego_ntlmssp_bind_send(struct tevent_req *req, } /* SPNEGO wrap the client reply. */ - tmp_blob = spnego_gen_auth(client_reply); + tmp_blob = spnego_gen_auth(state, client_reply); data_blob_free(&client_reply); client_reply = tmp_blob; tmp_blob = data_blob_null; @@ -2577,7 +2577,7 @@ static void rpc_bind_ntlmssp_api_done(struct tevent_req *subreq) } /* Check we got a valid auth response. */ - if (!spnego_parse_auth_response(auth.credentials, + if (!spnego_parse_auth_response(talloc_tos(), auth.credentials, NT_STATUS_OK, OID_NTLMSSP, &tmp_blob)) { data_blob_free(&tmp_blob); diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index e69bd9e31f..0132400029 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -887,21 +887,18 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, } /* Generate the response blob we need for step 2 of the bind. */ - *response = spnego_gen_auth_response(&chal, status, OID_NTLMSSP); + *response = spnego_gen_auth_response(mem_ctx, &chal, status, OID_NTLMSSP); } else { /* * SPNEGO negotiate down to NTLMSSP. The subsequent * code to process follow-up packets is not complete * yet. JRA. */ - *response = spnego_gen_auth_response(NULL, + *response = spnego_gen_auth_response(mem_ctx, NULL, NT_STATUS_MORE_PROCESSING_REQUIRED, OID_NTLMSSP); } - /* Make sure data is bound to the memctx, to be freed the caller */ - talloc_steal(mem_ctx, response->data); - /* auth_pad_len will be handled by the caller */ p->auth.a_u.auth_ntlmssp_state = a; @@ -954,7 +951,7 @@ static bool pipe_spnego_auth_bind_continue(pipes_struct *p, goto err; } - if (!spnego_parse_auth(pauth_info->credentials, &auth_blob)) { + if (!spnego_parse_auth(talloc_tos(), pauth_info->credentials, &auth_blob)) { DEBUG(0,("pipe_spnego_auth_bind_continue: invalid SPNEGO blob.\n")); goto err; } @@ -971,10 +968,7 @@ static bool pipe_spnego_auth_bind_continue(pipes_struct *p, data_blob_free(&auth_blob); /* Generate the spnego "accept completed" blob - no incoming data. */ - *response = spnego_gen_auth_response(&auth_reply, NT_STATUS_OK, OID_NTLMSSP); - - /* Make sure data is bound to the memctx, to be freed the caller */ - talloc_steal(mem_ctx, response->data); + *response = spnego_gen_auth_response(mem_ctx, &auth_reply, NT_STATUS_OK, OID_NTLMSSP); data_blob_free(&auth_reply); diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index 2c7d97fd6d..0cf730ee4f 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -422,7 +422,7 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d gss_release_buffer(&min, &out_buf); /* Wrap in SPNEGO. */ - response = spnego_gen_auth_response(&auth_reply, status, OID_KERBEROS5); + response = spnego_gen_auth_response(talloc_tos(), &auth_reply, status, OID_KERBEROS5); data_blob_free(&auth_reply); SAFE_FREE(*ppdata); @@ -460,7 +460,7 @@ static NTSTATUS srv_enc_ntlm_negotiate(unsigned char **ppdata, size_t *p_data_si * for success ... */ if (spnego_wrap) { - response = spnego_gen_auth_response(&chal, status, OID_NTLMSSP); + response = spnego_gen_auth_response(talloc_tos(), &chal, status, OID_NTLMSSP); data_blob_free(&chal); } else { /* Return the raw blob. */ @@ -565,7 +565,7 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn, } blob = data_blob_const(*ppdata, *p_data_size); - if (!spnego_parse_auth(blob, &auth)) { + if (!spnego_parse_auth(talloc_tos(), blob, &auth)) { srv_free_encryption_context(&partial_srv_trans_enc_ctx); return NT_STATUS_INVALID_PARAMETER; } @@ -582,7 +582,7 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn, * So set mechOID to NULL here. */ - response = spnego_gen_auth_response(&auth_reply, status, NULL); + response = spnego_gen_auth_response(talloc_tos(), &auth_reply, status, NULL); data_blob_free(&auth_reply); if (NT_STATUS_IS_OK(status)) { diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 15cbcbfb9a..9d8e7ece2c 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -272,7 +272,7 @@ static void reply_spnego_kerberos(struct smb_request *req, return; } - if (!spnego_parse_krb5_wrap(*secblob, &ticket, tok_id)) { + if (!spnego_parse_krb5_wrap(mem_ctx, *secblob, &ticket, tok_id)) { talloc_destroy(mem_ctx); reply_nterror(req, nt_status_squash(NT_STATUS_LOGON_FAILURE)); return; @@ -603,12 +603,12 @@ static void reply_spnego_kerberos(struct smb_request *req, /* wrap that up in a nice GSS-API wrapping */ if (NT_STATUS_IS_OK(ret)) { - ap_rep_wrapped = spnego_gen_krb5_wrap(ap_rep, + ap_rep_wrapped = spnego_gen_krb5_wrap(talloc_tos(), ap_rep, TOK_ID_KRB_AP_REP); } else { ap_rep_wrapped = data_blob_null; } - response = spnego_gen_auth_response(&ap_rep_wrapped, ret, + response = spnego_gen_auth_response(talloc_tos(), &ap_rep_wrapped, ret, mechOID); reply_sesssetup_blob(req, response, ret); @@ -693,7 +693,8 @@ static void reply_spnego_ntlmssp(struct smb_request *req, out: if (wrap) { - response = spnego_gen_auth_response(ntlmssp_blob, + response = spnego_gen_auth_response(talloc_tos(), + ntlmssp_blob, nt_status, OID); } else { response = *ntlmssp_blob; @@ -781,7 +782,7 @@ static void reply_spnego_downgrade_to_ntlmssp(struct smb_request *req, DEBUG(3,("reply_spnego_downgrade_to_ntlmssp: Got krb5 ticket in SPNEGO " "but set to downgrade to NTLMSSP\n")); - response = spnego_gen_auth_response(NULL, + response = spnego_gen_auth_response(talloc_tos(), NULL, NT_STATUS_MORE_PROCESSING_REQUIRED, OID_NTLMSSP); reply_sesssetup_blob(req, response, NT_STATUS_MORE_PROCESSING_REQUIRED); @@ -881,7 +882,7 @@ static void reply_spnego_auth(struct smb_request *req, NTSTATUS status = NT_STATUS_LOGON_FAILURE; struct smbd_server_connection *sconn = req->sconn; - if (!spnego_parse_auth(blob1, &auth)) { + if (!spnego_parse_auth(talloc_tos(), blob1, &auth)) { #if 0 file_save("auth.dat", blob1.data, blob1.length); #endif diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index e8c69eaad5..f5272b35cd 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -192,7 +192,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, bool username_was_mapped = false; bool map_domainuser_to_guest = false; - if (!spnego_parse_krb5_wrap(*secblob, &ticket, tok_id)) { + if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) { status = NT_STATUS_LOGON_FAILURE; goto fail; } @@ -488,10 +488,11 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, status = NT_STATUS_OK; /* wrap that up in a nice GSS-API wrapping */ - ap_rep_wrapped = spnego_gen_krb5_wrap(ap_rep, + ap_rep_wrapped = spnego_gen_krb5_wrap(talloc_tos(), ap_rep, TOK_ID_KRB_AP_REP); secblob_out = spnego_gen_auth_response( + talloc_tos(), &ap_rep_wrapped, status, mechOID); @@ -524,6 +525,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, ap_rep_wrapped = data_blob_null; secblob_out = spnego_gen_auth_response( + talloc_tos(), &ap_rep_wrapped, status, mechOID); @@ -546,7 +548,6 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session, { DATA_BLOB secblob_in = data_blob_null; DATA_BLOB chal_out = data_blob_null; - DATA_BLOB secblob_out = data_blob_null; char *kerb_mech = NULL; NTSTATUS status; @@ -601,13 +602,11 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session, goto out; } - secblob_out = spnego_gen_auth_response(&chal_out, + *out_security_buffer = spnego_gen_auth_response(smb2req, + &chal_out, status, OID_NTLMSSP); - *out_security_buffer = data_blob_talloc(smb2req, - secblob_out.data, - secblob_out.length); - if (secblob_out.data && out_security_buffer->data == NULL) { + if (out_security_buffer->data == NULL) { status = NT_STATUS_NO_MEMORY; goto out; } @@ -616,7 +615,6 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session, out: data_blob_free(&secblob_in); - data_blob_free(&secblob_out); data_blob_free(&chal_out); TALLOC_FREE(kerb_mech); if (!NT_STATUS_IS_OK(status) && @@ -717,10 +715,9 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session, { DATA_BLOB auth = data_blob_null; DATA_BLOB auth_out = data_blob_null; - DATA_BLOB secblob_out = data_blob_null; NTSTATUS status; - if (!spnego_parse_auth(in_security_buffer, &auth)) { + if (!spnego_parse_auth(talloc_tos(), in_security_buffer, &auth)) { TALLOC_FREE(session); return NT_STATUS_LOGON_FAILURE; } @@ -803,13 +800,10 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session, data_blob_free(&auth); - secblob_out = spnego_gen_auth_response(&auth_out, - status, NULL); + *out_security_buffer = spnego_gen_auth_response(smb2req, + &auth_out, status, NULL); - *out_security_buffer = data_blob_talloc(smb2req, - secblob_out.data, - secblob_out.length); - if (secblob_out.data && out_security_buffer->data == NULL) { + if (out_security_buffer->data == NULL) { TALLOC_FREE(session->auth_ntlmssp_state); TALLOC_FREE(session); return NT_STATUS_NO_MEMORY; |