summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libcli/smb/smbXcli_base.c4
-rw-r--r--libcli/smb/smb_seal.c19
-rw-r--r--libcli/smb/smb_seal.h1
-rw-r--r--source3/libsmb/clifsinfo.c32
-rw-r--r--source3/smbd/seal.c45
5 files changed, 20 insertions, 81 deletions
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 06fcb34a31..df0145718e 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -214,7 +214,7 @@ static int smbXcli_conn_destructor(struct smbXcli_conn *conn)
}
if (conn->smb1.trans_enc) {
- common_free_encryption_state(&conn->smb1.trans_enc);
+ TALLOC_FREE(conn->smb1.trans_enc);
}
return 0;
@@ -596,7 +596,7 @@ void smb1cli_conn_set_encryption(struct smbXcli_conn *conn,
{
/* Replace the old state, if any. */
if (conn->smb1.trans_enc) {
- common_free_encryption_state(&conn->smb1.trans_enc);
+ TALLOC_FREE(conn->smb1.trans_enc);
}
conn->smb1.trans_enc = es;
}
diff --git a/libcli/smb/smb_seal.c b/libcli/smb/smb_seal.c
index a56dc6092e..d5bb2388bb 100644
--- a/libcli/smb/smb_seal.c
+++ b/libcli/smb/smb_seal.c
@@ -200,25 +200,6 @@ NTSTATUS common_decrypt_buffer(struct smb_trans_enc_state *es, char *buf)
}
/******************************************************************************
- Shutdown an encryption state.
-******************************************************************************/
-
-void common_free_encryption_state(struct smb_trans_enc_state **pp_es)
-{
- struct smb_trans_enc_state *es = *pp_es;
-
- if (es == NULL) {
- return;
- }
-
- if (es->gensec_security) {
- TALLOC_FREE(es->gensec_security);
- }
- SAFE_FREE(es);
- *pp_es = NULL;
-}
-
-/******************************************************************************
Free an encryption-allocated buffer.
******************************************************************************/
diff --git a/libcli/smb/smb_seal.h b/libcli/smb/smb_seal.h
index 01a61e8586..f47f904528 100644
--- a/libcli/smb/smb_seal.h
+++ b/libcli/smb/smb_seal.h
@@ -32,7 +32,6 @@ NTSTATUS get_enc_ctx_num(const uint8_t *buf, uint16_t *p_enc_ctx_num);
bool common_encryption_on(struct smb_trans_enc_state *es);
NTSTATUS common_encrypt_buffer(struct smb_trans_enc_state *es, char *buffer, char **buf_out);
NTSTATUS common_decrypt_buffer(struct smb_trans_enc_state *es, char *buf);
-void common_free_encryption_state(struct smb_trans_enc_state **pp_es);
void common_free_enc_buffer(struct smb_trans_enc_state *es, char *buf);
#endif /* _HEADER_SMB_CRYPT_H */
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index 0b2d292d36..ad5128e7f8 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -573,22 +573,6 @@ static NTSTATUS enc_blob_send_receive(struct cli_state *cli, DATA_BLOB *in, DATA
}
/******************************************************************************
- Make a client state struct.
-******************************************************************************/
-
-static struct smb_trans_enc_state *make_cli_enc_state(void)
-{
- struct smb_trans_enc_state *es = NULL;
- es = SMB_MALLOC_P(struct smb_trans_enc_state);
- if (!es) {
- return NULL;
- }
- ZERO_STRUCTP(es);
-
- return es;
-}
-
-/******************************************************************************
Start a raw ntlmssp encryption.
******************************************************************************/
@@ -602,12 +586,11 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli,
DATA_BLOB param_out = data_blob_null;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
struct auth_generic_state *auth_generic_state;
- struct smb_trans_enc_state *es = make_cli_enc_state();
-
+ struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state);
if (!es) {
return NT_STATUS_NO_MEMORY;
}
- status = auth_generic_client_prepare(NULL,
+ status = auth_generic_client_prepare(es,
&auth_generic_state);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
@@ -668,8 +651,7 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli,
}
fail:
- TALLOC_FREE(auth_generic_state);
- common_free_encryption_state(&es);
+ TALLOC_FREE(es);
return status;
}
@@ -684,13 +666,13 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
DATA_BLOB param_out = data_blob_null;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
struct auth_generic_state *auth_generic_state;
- struct smb_trans_enc_state *es = make_cli_enc_state();
+ struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state);
if (!es) {
return NT_STATUS_NO_MEMORY;
}
- status = auth_generic_client_prepare(NULL,
+ status = auth_generic_client_prepare(es,
&auth_generic_state);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
@@ -747,13 +729,13 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
/* We only need the gensec_security part from here.
* es is a malloc()ed pointer, so we cannot make
* gensec_security a talloc child */
- es->gensec_security = talloc_move(NULL,
+ es->gensec_security = talloc_move(es,
&auth_generic_state->gensec_security);
smb1cli_conn_set_encryption(cli->conn, es);
es = NULL;
}
fail:
- common_free_encryption_state(&es);
+ TALLOC_FREE(es);
return status;
}
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index 8c4ebea04a..cdcfe06835 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -77,16 +77,15 @@ bool is_encrypted_packet(struct smbd_server_connection *sconn,
static NTSTATUS make_auth_gensec(const struct tsocket_address *remote_address,
struct smb_trans_enc_state *es)
{
- struct gensec_security *gensec_security;
NTSTATUS status;
- status = auth_generic_prepare(NULL, remote_address,
- &gensec_security);
+ status = auth_generic_prepare(es, remote_address,
+ &es->gensec_security);
if (!NT_STATUS_IS_OK(status)) {
return nt_status_squash(status);
}
- gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
+ gensec_want_feature(es->gensec_security, GENSEC_FEATURE_SEAL);
/*
* We could be accessing the secrets.tdb or krb5.keytab file here.
@@ -94,39 +93,18 @@ static NTSTATUS make_auth_gensec(const struct tsocket_address *remote_address,
*/
become_root();
- status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
+ status = gensec_start_mech_by_oid(es->gensec_security, GENSEC_OID_SPNEGO);
unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(gensec_security);
return nt_status_squash(status);
}
- es->gensec_security = gensec_security;
-
return status;
}
/******************************************************************************
- Shutdown a server encryption context.
-******************************************************************************/
-
-static void srv_free_encryption_context(struct smb_trans_enc_state **pp_es)
-{
- struct smb_trans_enc_state *es = *pp_es;
-
- if (!es) {
- return;
- }
-
- common_free_encryption_state(&es);
-
- SAFE_FREE(es);
- *pp_es = NULL;
-}
-
-/******************************************************************************
Create a server encryption context.
******************************************************************************/
@@ -139,15 +117,14 @@ static NTSTATUS make_srv_encryption_context(const struct tsocket_address *remote
*pp_es = NULL;
ZERO_STRUCTP(partial_srv_trans_enc_ctx);
- es = SMB_MALLOC_P(struct smb_trans_enc_state);
+ es = talloc_zero(NULL, struct smb_trans_enc_state);
if (!es) {
return NT_STATUS_NO_MEMORY;
}
- ZERO_STRUCTP(es);
status = make_auth_gensec(remote_address,
es);
if (!NT_STATUS_IS_OK(status)) {
- srv_free_encryption_context(&es);
+ TALLOC_FREE(es);
return status;
}
*pp_es = es;
@@ -241,7 +218,7 @@ NTSTATUS srv_request_encryption_setup(connection_struct *conn,
es = partial_srv_trans_enc_ctx;
if (!es || es->gensec_security == NULL) {
- srv_free_encryption_context(&partial_srv_trans_enc_ctx);
+ TALLOC_FREE(partial_srv_trans_enc_ctx);
return NT_STATUS_INVALID_PARAMETER;
}
@@ -253,7 +230,7 @@ NTSTATUS srv_request_encryption_setup(connection_struct *conn,
unbecome_root();
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
!NT_STATUS_IS_OK(status)) {
- srv_free_encryption_context(&partial_srv_trans_enc_ctx);
+ TALLOC_FREE(partial_srv_trans_enc_ctx);
return nt_status_squash(status);
}
@@ -310,7 +287,7 @@ NTSTATUS srv_encryption_start(connection_struct *conn)
return status;
}
/* Throw away the context we're using currently (if any). */
- srv_free_encryption_context(&srv_trans_enc_ctx);
+ TALLOC_FREE(srv_trans_enc_ctx);
/* Steal the partial pointer. Deliberate shallow copy. */
srv_trans_enc_ctx = partial_srv_trans_enc_ctx;
@@ -328,6 +305,6 @@ NTSTATUS srv_encryption_start(connection_struct *conn)
void server_encryption_shutdown(struct smbd_server_connection *sconn)
{
- srv_free_encryption_context(&partial_srv_trans_enc_ctx);
- srv_free_encryption_context(&srv_trans_enc_ctx);
+ TALLOC_FREE(partial_srv_trans_enc_ctx);
+ TALLOC_FREE(srv_trans_enc_ctx);
}