diff options
| -rw-r--r-- | libcli/smb/smbXcli_base.c | 4 | ||||
| -rw-r--r-- | libcli/smb/smb_seal.c | 19 | ||||
| -rw-r--r-- | libcli/smb/smb_seal.h | 1 | ||||
| -rw-r--r-- | source3/libsmb/clifsinfo.c | 32 | ||||
| -rw-r--r-- | source3/smbd/seal.c | 45 |
5 files changed, 20 insertions, 81 deletions
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 06fcb34a31..df0145718e 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -214,7 +214,7 @@ static int smbXcli_conn_destructor(struct smbXcli_conn *conn) } if (conn->smb1.trans_enc) { - common_free_encryption_state(&conn->smb1.trans_enc); + TALLOC_FREE(conn->smb1.trans_enc); } return 0; @@ -596,7 +596,7 @@ void smb1cli_conn_set_encryption(struct smbXcli_conn *conn, { /* Replace the old state, if any. */ if (conn->smb1.trans_enc) { - common_free_encryption_state(&conn->smb1.trans_enc); + TALLOC_FREE(conn->smb1.trans_enc); } conn->smb1.trans_enc = es; } diff --git a/libcli/smb/smb_seal.c b/libcli/smb/smb_seal.c index a56dc6092e..d5bb2388bb 100644 --- a/libcli/smb/smb_seal.c +++ b/libcli/smb/smb_seal.c @@ -200,25 +200,6 @@ NTSTATUS common_decrypt_buffer(struct smb_trans_enc_state *es, char *buf) } /****************************************************************************** - Shutdown an encryption state. -******************************************************************************/ - -void common_free_encryption_state(struct smb_trans_enc_state **pp_es) -{ - struct smb_trans_enc_state *es = *pp_es; - - if (es == NULL) { - return; - } - - if (es->gensec_security) { - TALLOC_FREE(es->gensec_security); - } - SAFE_FREE(es); - *pp_es = NULL; -} - -/****************************************************************************** Free an encryption-allocated buffer. ******************************************************************************/ diff --git a/libcli/smb/smb_seal.h b/libcli/smb/smb_seal.h index 01a61e8586..f47f904528 100644 --- a/libcli/smb/smb_seal.h +++ b/libcli/smb/smb_seal.h @@ -32,7 +32,6 @@ NTSTATUS get_enc_ctx_num(const uint8_t *buf, uint16_t *p_enc_ctx_num); bool common_encryption_on(struct smb_trans_enc_state *es); NTSTATUS common_encrypt_buffer(struct smb_trans_enc_state *es, char *buffer, char **buf_out); NTSTATUS common_decrypt_buffer(struct smb_trans_enc_state *es, char *buf); -void common_free_encryption_state(struct smb_trans_enc_state **pp_es); void common_free_enc_buffer(struct smb_trans_enc_state *es, char *buf); #endif /* _HEADER_SMB_CRYPT_H */ diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 0b2d292d36..ad5128e7f8 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -573,22 +573,6 @@ static NTSTATUS enc_blob_send_receive(struct cli_state *cli, DATA_BLOB *in, DATA } /****************************************************************************** - Make a client state struct. -******************************************************************************/ - -static struct smb_trans_enc_state *make_cli_enc_state(void) -{ - struct smb_trans_enc_state *es = NULL; - es = SMB_MALLOC_P(struct smb_trans_enc_state); - if (!es) { - return NULL; - } - ZERO_STRUCTP(es); - - return es; -} - -/****************************************************************************** Start a raw ntlmssp encryption. ******************************************************************************/ @@ -602,12 +586,11 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, DATA_BLOB param_out = data_blob_null; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; struct auth_generic_state *auth_generic_state; - struct smb_trans_enc_state *es = make_cli_enc_state(); - + struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state); if (!es) { return NT_STATUS_NO_MEMORY; } - status = auth_generic_client_prepare(NULL, + status = auth_generic_client_prepare(es, &auth_generic_state); if (!NT_STATUS_IS_OK(status)) { goto fail; @@ -668,8 +651,7 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, } fail: - TALLOC_FREE(auth_generic_state); - common_free_encryption_state(&es); + TALLOC_FREE(es); return status; } @@ -684,13 +666,13 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) DATA_BLOB param_out = data_blob_null; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; struct auth_generic_state *auth_generic_state; - struct smb_trans_enc_state *es = make_cli_enc_state(); + struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state); if (!es) { return NT_STATUS_NO_MEMORY; } - status = auth_generic_client_prepare(NULL, + status = auth_generic_client_prepare(es, &auth_generic_state); if (!NT_STATUS_IS_OK(status)) { goto fail; @@ -747,13 +729,13 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) /* We only need the gensec_security part from here. * es is a malloc()ed pointer, so we cannot make * gensec_security a talloc child */ - es->gensec_security = talloc_move(NULL, + es->gensec_security = talloc_move(es, &auth_generic_state->gensec_security); smb1cli_conn_set_encryption(cli->conn, es); es = NULL; } fail: - common_free_encryption_state(&es); + TALLOC_FREE(es); return status; } diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index 8c4ebea04a..cdcfe06835 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -77,16 +77,15 @@ bool is_encrypted_packet(struct smbd_server_connection *sconn, static NTSTATUS make_auth_gensec(const struct tsocket_address *remote_address, struct smb_trans_enc_state *es) { - struct gensec_security *gensec_security; NTSTATUS status; - status = auth_generic_prepare(NULL, remote_address, - &gensec_security); + status = auth_generic_prepare(es, remote_address, + &es->gensec_security); if (!NT_STATUS_IS_OK(status)) { return nt_status_squash(status); } - gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL); + gensec_want_feature(es->gensec_security, GENSEC_FEATURE_SEAL); /* * We could be accessing the secrets.tdb or krb5.keytab file here. @@ -94,39 +93,18 @@ static NTSTATUS make_auth_gensec(const struct tsocket_address *remote_address, */ become_root(); - status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO); + status = gensec_start_mech_by_oid(es->gensec_security, GENSEC_OID_SPNEGO); unbecome_root(); if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(gensec_security); return nt_status_squash(status); } - es->gensec_security = gensec_security; - return status; } /****************************************************************************** - Shutdown a server encryption context. -******************************************************************************/ - -static void srv_free_encryption_context(struct smb_trans_enc_state **pp_es) -{ - struct smb_trans_enc_state *es = *pp_es; - - if (!es) { - return; - } - - common_free_encryption_state(&es); - - SAFE_FREE(es); - *pp_es = NULL; -} - -/****************************************************************************** Create a server encryption context. ******************************************************************************/ @@ -139,15 +117,14 @@ static NTSTATUS make_srv_encryption_context(const struct tsocket_address *remote *pp_es = NULL; ZERO_STRUCTP(partial_srv_trans_enc_ctx); - es = SMB_MALLOC_P(struct smb_trans_enc_state); + es = talloc_zero(NULL, struct smb_trans_enc_state); if (!es) { return NT_STATUS_NO_MEMORY; } - ZERO_STRUCTP(es); status = make_auth_gensec(remote_address, es); if (!NT_STATUS_IS_OK(status)) { - srv_free_encryption_context(&es); + TALLOC_FREE(es); return status; } *pp_es = es; @@ -241,7 +218,7 @@ NTSTATUS srv_request_encryption_setup(connection_struct *conn, es = partial_srv_trans_enc_ctx; if (!es || es->gensec_security == NULL) { - srv_free_encryption_context(&partial_srv_trans_enc_ctx); + TALLOC_FREE(partial_srv_trans_enc_ctx); return NT_STATUS_INVALID_PARAMETER; } @@ -253,7 +230,7 @@ NTSTATUS srv_request_encryption_setup(connection_struct *conn, unbecome_root(); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) { - srv_free_encryption_context(&partial_srv_trans_enc_ctx); + TALLOC_FREE(partial_srv_trans_enc_ctx); return nt_status_squash(status); } @@ -310,7 +287,7 @@ NTSTATUS srv_encryption_start(connection_struct *conn) return status; } /* Throw away the context we're using currently (if any). */ - srv_free_encryption_context(&srv_trans_enc_ctx); + TALLOC_FREE(srv_trans_enc_ctx); /* Steal the partial pointer. Deliberate shallow copy. */ srv_trans_enc_ctx = partial_srv_trans_enc_ctx; @@ -328,6 +305,6 @@ NTSTATUS srv_encryption_start(connection_struct *conn) void server_encryption_shutdown(struct smbd_server_connection *sconn) { - srv_free_encryption_context(&partial_srv_trans_enc_ctx); - srv_free_encryption_context(&srv_trans_enc_ctx); + TALLOC_FREE(partial_srv_trans_enc_ctx); + TALLOC_FREE(srv_trans_enc_ctx); } |