summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/ntlmssp_wrap.h1
-rw-r--r--source3/librpc/crypto/cli_spnego.c2
-rw-r--r--source3/libsmb/clifsinfo.c3
-rw-r--r--source3/libsmb/ntlmssp_wrap.c11
-rw-r--r--source3/rpc_client/cli_pipe.c7
-rw-r--r--source3/rpc_server/dcesrv_ntlmssp.c9
-rw-r--r--source3/smbd/seal.c10
-rw-r--r--source3/smbd/sesssetup.c11
-rw-r--r--source3/smbd/smb2_sesssetup.c19
9 files changed, 36 insertions, 37 deletions
diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h
index ff534da46f..7cdc2d9020 100644
--- a/source3/include/ntlmssp_wrap.h
+++ b/source3/include/ntlmssp_wrap.h
@@ -79,6 +79,7 @@ DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans,
TALLOC_CTX *mem_ctx);
NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans,
+ TALLOC_CTX *mem_ctx,
const DATA_BLOB request, DATA_BLOB *reply);
NTSTATUS auth_ntlmssp_client_start(TALLOC_CTX *mem_ctx,
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index f245484653..3e40d15569 100644
--- a/source3/librpc/crypto/cli_spnego.c
+++ b/source3/librpc/crypto/cli_spnego.c
@@ -217,7 +217,7 @@ NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx,
case SPNEGO_NTLMSSP:
ntlmssp_ctx = sp_ctx->mech_ctx.ntlmssp_state;
- status = auth_ntlmssp_update(ntlmssp_ctx,
+ status = auth_ntlmssp_update(ntlmssp_ctx, mem_ctx,
token_in, &token_out);
if (NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index db6260efc7..3e268b5e6f 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -636,7 +636,8 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli,
}
do {
- status = auth_ntlmssp_update(es->s.auth_ntlmssp_state, blob_in, &blob_out);
+ status = auth_ntlmssp_update(es->s.auth_ntlmssp_state, es->s.auth_ntlmssp_state,
+ blob_in, &blob_out);
data_blob_free(&blob_in);
data_blob_free(&param_out);
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) {
diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c
index 43cde19b3b..454720423a 100644
--- a/source3/libsmb/ntlmssp_wrap.c
+++ b/source3/libsmb/ntlmssp_wrap.c
@@ -186,12 +186,19 @@ DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, TALLOC_CT
}
NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans,
+ TALLOC_CTX *mem_ctx,
const DATA_BLOB request, DATA_BLOB *reply)
{
+ NTSTATUS status;
if (ans->gensec_security) {
- return gensec_update(ans->gensec_security, ans, request, reply);
+ return gensec_update(ans->gensec_security, mem_ctx, request, reply);
+ }
+ status = ntlmssp_update(ans->ntlmssp_state, request, reply);
+ if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ return status;
}
- return ntlmssp_update(ans->ntlmssp_state, request, reply);
+ talloc_steal(mem_ctx, reply->data);
+ return status;
}
NTSTATUS auth_ntlmssp_client_start(TALLOC_CTX *mem_ctx,
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 9d0abfc612..3224f09e27 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1037,6 +1037,7 @@ static NTSTATUS create_gssapi_auth_bind_req(TALLOC_CTX *mem_ctx,
********************************************************************/
static NTSTATUS create_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
DATA_BLOB *auth_token)
{
struct auth_ntlmssp_state *ntlmssp_ctx;
@@ -1047,7 +1048,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *cli,
struct auth_ntlmssp_state);
DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
- status = auth_ntlmssp_update(ntlmssp_ctx, null_blob, auth_token);
+ status = auth_ntlmssp_update(ntlmssp_ctx, mem_ctx, null_blob, auth_token);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
data_blob_free(auth_token);
@@ -1171,7 +1172,7 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX *mem_ctx,
break;
case DCERPC_AUTH_TYPE_NTLMSSP:
- ret = create_ntlmssp_auth_rpc_bind_req(cli, &auth_token);
+ ret = create_ntlmssp_auth_rpc_bind_req(cli, mem_ctx, &auth_token);
if (!NT_STATUS_IS_OK(ret)) {
return ret;
}
@@ -1772,7 +1773,7 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
case DCERPC_AUTH_TYPE_NTLMSSP:
ntlmssp_ctx = talloc_get_type_abort(pauth->auth_ctx,
struct auth_ntlmssp_state);
- status = auth_ntlmssp_update(ntlmssp_ctx,
+ status = auth_ntlmssp_update(ntlmssp_ctx, state,
auth.credentials, &auth_token);
if (NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
diff --git a/source3/rpc_server/dcesrv_ntlmssp.c b/source3/rpc_server/dcesrv_ntlmssp.c
index 26f924eedf..87c8e0bece 100644
--- a/source3/rpc_server/dcesrv_ntlmssp.c
+++ b/source3/rpc_server/dcesrv_ntlmssp.c
@@ -56,15 +56,13 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx,
NTLMSSP_NEGOTIATE_SEAL);
}
- status = auth_ntlmssp_update(a, *token_in, token_out);
+ status = auth_ntlmssp_update(a, mem_ctx, *token_in, token_out);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
DEBUG(0, (__location__ ": auth_ntlmssp_update failed: %s\n",
nt_errstr(status)));
goto done;
}
- /* Make sure data is bound to the memctx, to be freed the caller */
- talloc_steal(mem_ctx, token_out->data);
/* steal ntlmssp context too */
*ctx = talloc_move(mem_ctx, &a);
@@ -87,12 +85,9 @@ NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx,
/* this has to be done as root in order to verify the password */
become_root();
- status = auth_ntlmssp_update(ctx, *token_in, token_out);
+ status = auth_ntlmssp_update(ctx, mem_ctx, *token_in, token_out);
unbecome_root();
- /* put the output token data on the given mem_ctx */
- talloc_steal(mem_ctx, token_out->data);
-
return status;
}
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index e6b683d97f..5481e52fe0 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -478,7 +478,9 @@ static NTSTATUS srv_enc_ntlm_negotiate(const struct tsocket_address *remote_addr
return status;
}
- status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state, secblob, &chal);
+ status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state,
+ partial_srv_trans_enc_ctx->auth_ntlmssp_state,
+ secblob, &chal);
/* status here should be NT_STATUS_MORE_PROCESSING_REQUIRED
* for success ... */
@@ -601,7 +603,7 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn,
return NT_STATUS_INVALID_PARAMETER;
}
- status = auth_ntlmssp_update(ec->auth_ntlmssp_state, auth, &auth_reply);
+ status = auth_ntlmssp_update(ec->auth_ntlmssp_state, talloc_tos(), auth, &auth_reply);
data_blob_free(&auth);
/* From RFC4178.
@@ -671,7 +673,9 @@ static NTSTATUS srv_enc_raw_ntlm_auth(connection_struct *conn,
}
/* Second step. */
- status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state, blob, &response);
+ status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state,
+ talloc_tos(),
+ blob, &response);
if (NT_STATUS_IS_OK(status)) {
/* Return the context we're using for this encryption state. */
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 329b8b6aa5..b1fed41e8e 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -633,8 +633,8 @@ static void reply_spnego_negotiate(struct smb_request *req,
return;
}
- status = auth_ntlmssp_update(*auth_ntlmssp_state,
- secblob, &chal);
+ status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(),
+ secblob, &chal);
data_blob_free(&secblob);
@@ -736,8 +736,8 @@ static void reply_spnego_auth(struct smb_request *req,
}
}
- status = auth_ntlmssp_update(*auth_ntlmssp_state,
- auth, &auth_reply);
+ status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(),
+ auth, &auth_reply);
data_blob_free(&auth);
@@ -1151,7 +1151,8 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
}
status = auth_ntlmssp_update(vuser->auth_ntlmssp_state,
- blob1, &chal);
+ talloc_tos(),
+ blob1, &chal);
data_blob_free(&blob1);
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 511df8639d..320a707758 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -393,6 +393,7 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
}
status = auth_ntlmssp_update(session->auth_ntlmssp_state,
+ talloc_tos(),
secblob_in,
&chal_out);
}
@@ -584,7 +585,7 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
}
status = auth_ntlmssp_update(session->auth_ntlmssp_state,
- auth,
+ talloc_tos(), auth,
&auth_out);
/* If status is NT_STATUS_OK then we need to get the token.
* Map to guest is now internal to auth_ntlmssp */
@@ -637,7 +638,6 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
uint64_t *out_session_id)
{
NTSTATUS status;
- DATA_BLOB secblob_out = data_blob_null;
if (session->auth_ntlmssp_state == NULL) {
status = auth_ntlmssp_start(session->sconn->remote_address,
@@ -650,20 +650,9 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
/* RAW NTLMSSP */
status = auth_ntlmssp_update(session->auth_ntlmssp_state,
+ smb2req,
in_security_buffer,
- &secblob_out);
-
- if (NT_STATUS_IS_OK(status) ||
- NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- *out_security_buffer = data_blob_talloc(smb2req,
- secblob_out.data,
- secblob_out.length);
- if (secblob_out.data && out_security_buffer->data == NULL) {
- TALLOC_FREE(session->auth_ntlmssp_state);
- TALLOC_FREE(session);
- return NT_STATUS_NO_MEMORY;
- }
- }
+ out_security_buffer);
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
*out_session_id = session->vuid;