diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libsmb/clifsinfo.c | 32 | ||||
-rw-r--r-- | source3/smbd/seal.c | 45 |
2 files changed, 18 insertions, 59 deletions
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 0b2d292d36..ad5128e7f8 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -573,22 +573,6 @@ static NTSTATUS enc_blob_send_receive(struct cli_state *cli, DATA_BLOB *in, DATA } /****************************************************************************** - Make a client state struct. -******************************************************************************/ - -static struct smb_trans_enc_state *make_cli_enc_state(void) -{ - struct smb_trans_enc_state *es = NULL; - es = SMB_MALLOC_P(struct smb_trans_enc_state); - if (!es) { - return NULL; - } - ZERO_STRUCTP(es); - - return es; -} - -/****************************************************************************** Start a raw ntlmssp encryption. ******************************************************************************/ @@ -602,12 +586,11 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, DATA_BLOB param_out = data_blob_null; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; struct auth_generic_state *auth_generic_state; - struct smb_trans_enc_state *es = make_cli_enc_state(); - + struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state); if (!es) { return NT_STATUS_NO_MEMORY; } - status = auth_generic_client_prepare(NULL, + status = auth_generic_client_prepare(es, &auth_generic_state); if (!NT_STATUS_IS_OK(status)) { goto fail; @@ -668,8 +651,7 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, } fail: - TALLOC_FREE(auth_generic_state); - common_free_encryption_state(&es); + TALLOC_FREE(es); return status; } @@ -684,13 +666,13 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) DATA_BLOB param_out = data_blob_null; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; struct auth_generic_state *auth_generic_state; - struct smb_trans_enc_state *es = make_cli_enc_state(); + struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state); if (!es) { return NT_STATUS_NO_MEMORY; } - status = auth_generic_client_prepare(NULL, + status = auth_generic_client_prepare(es, &auth_generic_state); if (!NT_STATUS_IS_OK(status)) { goto fail; @@ -747,13 +729,13 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) /* We only need the gensec_security part from here. * es is a malloc()ed pointer, so we cannot make * gensec_security a talloc child */ - es->gensec_security = talloc_move(NULL, + es->gensec_security = talloc_move(es, &auth_generic_state->gensec_security); smb1cli_conn_set_encryption(cli->conn, es); es = NULL; } fail: - common_free_encryption_state(&es); + TALLOC_FREE(es); return status; } diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index 8c4ebea04a..cdcfe06835 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -77,16 +77,15 @@ bool is_encrypted_packet(struct smbd_server_connection *sconn, static NTSTATUS make_auth_gensec(const struct tsocket_address *remote_address, struct smb_trans_enc_state *es) { - struct gensec_security *gensec_security; NTSTATUS status; - status = auth_generic_prepare(NULL, remote_address, - &gensec_security); + status = auth_generic_prepare(es, remote_address, + &es->gensec_security); if (!NT_STATUS_IS_OK(status)) { return nt_status_squash(status); } - gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL); + gensec_want_feature(es->gensec_security, GENSEC_FEATURE_SEAL); /* * We could be accessing the secrets.tdb or krb5.keytab file here. @@ -94,39 +93,18 @@ static NTSTATUS make_auth_gensec(const struct tsocket_address *remote_address, */ become_root(); - status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO); + status = gensec_start_mech_by_oid(es->gensec_security, GENSEC_OID_SPNEGO); unbecome_root(); if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(gensec_security); return nt_status_squash(status); } - es->gensec_security = gensec_security; - return status; } /****************************************************************************** - Shutdown a server encryption context. -******************************************************************************/ - -static void srv_free_encryption_context(struct smb_trans_enc_state **pp_es) -{ - struct smb_trans_enc_state *es = *pp_es; - - if (!es) { - return; - } - - common_free_encryption_state(&es); - - SAFE_FREE(es); - *pp_es = NULL; -} - -/****************************************************************************** Create a server encryption context. ******************************************************************************/ @@ -139,15 +117,14 @@ static NTSTATUS make_srv_encryption_context(const struct tsocket_address *remote *pp_es = NULL; ZERO_STRUCTP(partial_srv_trans_enc_ctx); - es = SMB_MALLOC_P(struct smb_trans_enc_state); + es = talloc_zero(NULL, struct smb_trans_enc_state); if (!es) { return NT_STATUS_NO_MEMORY; } - ZERO_STRUCTP(es); status = make_auth_gensec(remote_address, es); if (!NT_STATUS_IS_OK(status)) { - srv_free_encryption_context(&es); + TALLOC_FREE(es); return status; } *pp_es = es; @@ -241,7 +218,7 @@ NTSTATUS srv_request_encryption_setup(connection_struct *conn, es = partial_srv_trans_enc_ctx; if (!es || es->gensec_security == NULL) { - srv_free_encryption_context(&partial_srv_trans_enc_ctx); + TALLOC_FREE(partial_srv_trans_enc_ctx); return NT_STATUS_INVALID_PARAMETER; } @@ -253,7 +230,7 @@ NTSTATUS srv_request_encryption_setup(connection_struct *conn, unbecome_root(); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) { - srv_free_encryption_context(&partial_srv_trans_enc_ctx); + TALLOC_FREE(partial_srv_trans_enc_ctx); return nt_status_squash(status); } @@ -310,7 +287,7 @@ NTSTATUS srv_encryption_start(connection_struct *conn) return status; } /* Throw away the context we're using currently (if any). */ - srv_free_encryption_context(&srv_trans_enc_ctx); + TALLOC_FREE(srv_trans_enc_ctx); /* Steal the partial pointer. Deliberate shallow copy. */ srv_trans_enc_ctx = partial_srv_trans_enc_ctx; @@ -328,6 +305,6 @@ NTSTATUS srv_encryption_start(connection_struct *conn) void server_encryption_shutdown(struct smbd_server_connection *sconn) { - srv_free_encryption_context(&partial_srv_trans_enc_ctx); - srv_free_encryption_context(&srv_trans_enc_ctx); + TALLOC_FREE(partial_srv_trans_enc_ctx); + TALLOC_FREE(srv_trans_enc_ctx); } |