summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libads/sasl.c40
1 files changed, 32 insertions, 8 deletions
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 1ab71c6ee5..971156ae61 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -29,12 +29,12 @@
static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
{
const char *mechs[] = {OID_NTLMSSP, NULL};
- DATA_BLOB msg1;
+ DATA_BLOB msg1 = data_blob(NULL, 0);
DATA_BLOB blob, chal1, chal2, auth;
uint8 challenge[8];
uint8 nthash[24], lmhash[24], sess_key[16];
uint32 neg_flags;
- struct berval cred, *scred;
+ struct berval cred, *scred = NULL;
ADS_STATUS status;
int rc;
@@ -70,6 +70,7 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
}
blob = data_blob(scred->bv_val, scred->bv_len);
+ ber_bvfree(scred);
/* the server gives us back two challenges */
if (!spnego_parse_challenge(blob, &chal1, &chal2)) {
@@ -105,15 +106,29 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
data_blob_free(&blob);
+ /* Remember to free the msg1 blob. The contents of this
+ have been copied into cred and need freeing before reassignment. */
+ data_blob_free(&msg1);
+
/* now send the auth packet and we should be done */
cred.bv_val = (char *)auth.data;
cred.bv_len = auth.length;
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
+ ber_bvfree(scred);
+ data_blob_free(&auth);
+
return ADS_ERROR(rc);
failed:
+
+ /* Remember to free the msg1 blob. The contents of this
+ have been copied into cred and need freeing. */
+ data_blob_free(&msg1);
+
+ if(scred)
+ ber_bvfree(scred);
return status;
}
@@ -122,9 +137,9 @@ failed:
*/
static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *principal)
{
- DATA_BLOB blob;
- struct berval cred, *scred;
- DATA_BLOB session_key;
+ DATA_BLOB blob = data_blob(NULL, 0);
+ struct berval cred, *scred = NULL;
+ DATA_BLOB session_key = data_blob(NULL, 0);
int rc;
rc = spnego_gen_negTokenTarg(principal, ads->auth.time_offset, &blob, &session_key);
@@ -141,6 +156,8 @@ static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *princip
data_blob_free(&blob);
data_blob_free(&session_key);
+ if(scred)
+ ber_bvfree(scred);
return ADS_ERROR(rc);
}
@@ -154,7 +171,7 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
int rc, i;
ADS_STATUS status;
DATA_BLOB blob;
- char *principal;
+ char *principal = NULL;
char *OIDs[ASN1_MAX_OIDS];
BOOL got_kerberos_mechanism = False;
@@ -197,8 +214,10 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
got_kerberos_mechanism) {
status = ads_sasl_spnego_krb5_bind(ads, principal);
- if (ADS_ERR_OK(status))
+ if (ADS_ERR_OK(status)) {
+ SAFE_FREE(principal);
return status;
+ }
status = ADS_ERROR_KRB5(ads_kinit_password(ads));
@@ -209,11 +228,14 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
/* only fallback to NTLMSSP if allowed */
if (ADS_ERR_OK(status) ||
!(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
+ SAFE_FREE(principal);
return status;
}
}
#endif
+ SAFE_FREE(principal);
+
/* lets do NTLMSSP ... this has the big advantage that we don't need
to sync clocks, and we don't rely on special versions of the krb5
library for HMAC_MD4 encryption */
@@ -242,7 +264,7 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
gss_buffer_desc output_token, input_token;
uint32 ret_flags, conf_state;
struct berval cred;
- struct berval *scred;
+ struct berval *scred = NULL;
int i=0;
int gss_rc, rc;
uint8 *p;
@@ -385,6 +407,8 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
gss_release_buffer(&minor_status, &input_token);
failed:
+ if(scred)
+ ber_bvfree(scred);
return status;
}
#endif