summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/seal.c8
-rw-r--r--source3/smbd/sesssetup.c13
-rw-r--r--source3/smbd/smb2_sesssetup.c28
3 files changed, 22 insertions, 27 deletions
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index 2c7d97fd6d..0cf730ee4f 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -422,7 +422,7 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d
gss_release_buffer(&min, &out_buf);
/* Wrap in SPNEGO. */
- response = spnego_gen_auth_response(&auth_reply, status, OID_KERBEROS5);
+ response = spnego_gen_auth_response(talloc_tos(), &auth_reply, status, OID_KERBEROS5);
data_blob_free(&auth_reply);
SAFE_FREE(*ppdata);
@@ -460,7 +460,7 @@ static NTSTATUS srv_enc_ntlm_negotiate(unsigned char **ppdata, size_t *p_data_si
* for success ... */
if (spnego_wrap) {
- response = spnego_gen_auth_response(&chal, status, OID_NTLMSSP);
+ response = spnego_gen_auth_response(talloc_tos(), &chal, status, OID_NTLMSSP);
data_blob_free(&chal);
} else {
/* Return the raw blob. */
@@ -565,7 +565,7 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn,
}
blob = data_blob_const(*ppdata, *p_data_size);
- if (!spnego_parse_auth(blob, &auth)) {
+ if (!spnego_parse_auth(talloc_tos(), blob, &auth)) {
srv_free_encryption_context(&partial_srv_trans_enc_ctx);
return NT_STATUS_INVALID_PARAMETER;
}
@@ -582,7 +582,7 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn,
* So set mechOID to NULL here.
*/
- response = spnego_gen_auth_response(&auth_reply, status, NULL);
+ response = spnego_gen_auth_response(talloc_tos(), &auth_reply, status, NULL);
data_blob_free(&auth_reply);
if (NT_STATUS_IS_OK(status)) {
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 15cbcbfb9a..9d8e7ece2c 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -272,7 +272,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
return;
}
- if (!spnego_parse_krb5_wrap(*secblob, &ticket, tok_id)) {
+ if (!spnego_parse_krb5_wrap(mem_ctx, *secblob, &ticket, tok_id)) {
talloc_destroy(mem_ctx);
reply_nterror(req, nt_status_squash(NT_STATUS_LOGON_FAILURE));
return;
@@ -603,12 +603,12 @@ static void reply_spnego_kerberos(struct smb_request *req,
/* wrap that up in a nice GSS-API wrapping */
if (NT_STATUS_IS_OK(ret)) {
- ap_rep_wrapped = spnego_gen_krb5_wrap(ap_rep,
+ ap_rep_wrapped = spnego_gen_krb5_wrap(talloc_tos(), ap_rep,
TOK_ID_KRB_AP_REP);
} else {
ap_rep_wrapped = data_blob_null;
}
- response = spnego_gen_auth_response(&ap_rep_wrapped, ret,
+ response = spnego_gen_auth_response(talloc_tos(), &ap_rep_wrapped, ret,
mechOID);
reply_sesssetup_blob(req, response, ret);
@@ -693,7 +693,8 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
out:
if (wrap) {
- response = spnego_gen_auth_response(ntlmssp_blob,
+ response = spnego_gen_auth_response(talloc_tos(),
+ ntlmssp_blob,
nt_status, OID);
} else {
response = *ntlmssp_blob;
@@ -781,7 +782,7 @@ static void reply_spnego_downgrade_to_ntlmssp(struct smb_request *req,
DEBUG(3,("reply_spnego_downgrade_to_ntlmssp: Got krb5 ticket in SPNEGO "
"but set to downgrade to NTLMSSP\n"));
- response = spnego_gen_auth_response(NULL,
+ response = spnego_gen_auth_response(talloc_tos(), NULL,
NT_STATUS_MORE_PROCESSING_REQUIRED,
OID_NTLMSSP);
reply_sesssetup_blob(req, response, NT_STATUS_MORE_PROCESSING_REQUIRED);
@@ -881,7 +882,7 @@ static void reply_spnego_auth(struct smb_request *req,
NTSTATUS status = NT_STATUS_LOGON_FAILURE;
struct smbd_server_connection *sconn = req->sconn;
- if (!spnego_parse_auth(blob1, &auth)) {
+ if (!spnego_parse_auth(talloc_tos(), blob1, &auth)) {
#if 0
file_save("auth.dat", blob1.data, blob1.length);
#endif
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index e8c69eaad5..f5272b35cd 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -192,7 +192,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
bool username_was_mapped = false;
bool map_domainuser_to_guest = false;
- if (!spnego_parse_krb5_wrap(*secblob, &ticket, tok_id)) {
+ if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) {
status = NT_STATUS_LOGON_FAILURE;
goto fail;
}
@@ -488,10 +488,11 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
status = NT_STATUS_OK;
/* wrap that up in a nice GSS-API wrapping */
- ap_rep_wrapped = spnego_gen_krb5_wrap(ap_rep,
+ ap_rep_wrapped = spnego_gen_krb5_wrap(talloc_tos(), ap_rep,
TOK_ID_KRB_AP_REP);
secblob_out = spnego_gen_auth_response(
+ talloc_tos(),
&ap_rep_wrapped,
status,
mechOID);
@@ -524,6 +525,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
ap_rep_wrapped = data_blob_null;
secblob_out = spnego_gen_auth_response(
+ talloc_tos(),
&ap_rep_wrapped,
status,
mechOID);
@@ -546,7 +548,6 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
{
DATA_BLOB secblob_in = data_blob_null;
DATA_BLOB chal_out = data_blob_null;
- DATA_BLOB secblob_out = data_blob_null;
char *kerb_mech = NULL;
NTSTATUS status;
@@ -601,13 +602,11 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
goto out;
}
- secblob_out = spnego_gen_auth_response(&chal_out,
+ *out_security_buffer = spnego_gen_auth_response(smb2req,
+ &chal_out,
status,
OID_NTLMSSP);
- *out_security_buffer = data_blob_talloc(smb2req,
- secblob_out.data,
- secblob_out.length);
- if (secblob_out.data && out_security_buffer->data == NULL) {
+ if (out_security_buffer->data == NULL) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
@@ -616,7 +615,6 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
out:
data_blob_free(&secblob_in);
- data_blob_free(&secblob_out);
data_blob_free(&chal_out);
TALLOC_FREE(kerb_mech);
if (!NT_STATUS_IS_OK(status) &&
@@ -717,10 +715,9 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
{
DATA_BLOB auth = data_blob_null;
DATA_BLOB auth_out = data_blob_null;
- DATA_BLOB secblob_out = data_blob_null;
NTSTATUS status;
- if (!spnego_parse_auth(in_security_buffer, &auth)) {
+ if (!spnego_parse_auth(talloc_tos(), in_security_buffer, &auth)) {
TALLOC_FREE(session);
return NT_STATUS_LOGON_FAILURE;
}
@@ -803,13 +800,10 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
data_blob_free(&auth);
- secblob_out = spnego_gen_auth_response(&auth_out,
- status, NULL);
+ *out_security_buffer = spnego_gen_auth_response(smb2req,
+ &auth_out, status, NULL);
- *out_security_buffer = data_blob_talloc(smb2req,
- secblob_out.data,
- secblob_out.length);
- if (secblob_out.data && out_security_buffer->data == NULL) {
+ if (out_security_buffer->data == NULL) {
TALLOC_FREE(session->auth_ntlmssp_state);
TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;