diff options
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/auth.h | 2 | ||||
| -rw-r--r-- | source4/auth/gensec/schannel_state.c | 4 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_sam.c | 4 | ||||
| -rw-r--r-- | source4/auth/pyauth.c | 2 | ||||
| -rw-r--r-- | source4/auth/session.h | 2 | ||||
| -rw-r--r-- | source4/auth/system_session.c | 25 |
6 files changed, 27 insertions, 12 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h index 8a0f12efd8..49cf161241 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -236,7 +236,7 @@ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, const char *name_for_logs, bool allow_domain_trust, bool password_change); -struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); +struct auth_session_info *system_session(struct loadparm_context *lp_ctx); NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, const char *netbios_name, const char *domain_name, diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 7aa0ba3d69..163ae1570d 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -48,8 +48,8 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct tevent_conte existed = file_exist(path); ldb = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, path, - system_session(mem_ctx, lp_ctx), - NULL, LDB_FLG_NOSYNC, NULL); + system_session(lp_ctx), + NULL, LDB_FLG_NOSYNC); talloc_free(path); if (!ldb) { return NULL; diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index 46cdd8d24e..baa95f7380 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -202,7 +202,7 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx return NT_STATUS_NO_MEMORY; } - sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(mem_ctx, ctx->auth_ctx->lp_ctx)); + sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(ctx->auth_ctx->lp_ctx)); if (sam_ctx == NULL) { talloc_free(tmp_ctx); return NT_STATUS_INVALID_SYSTEM_SERVICE; @@ -320,7 +320,7 @@ NTSTATUS authsam_get_server_info_principal(TALLOC_CTX *mem_ctx, } sam_ctx = samdb_connect(tmp_ctx, auth_context->event_ctx, auth_context->lp_ctx, - system_session(tmp_ctx, auth_context->lp_ctx)); + system_session(auth_context->lp_ctx)); if (sam_ctx == NULL) { talloc_free(tmp_ctx); return NT_STATUS_INVALID_SYSTEM_SERVICE; diff --git a/source4/auth/pyauth.c b/source4/auth/pyauth.c index 5bb775aa95..7ec7f3e7f2 100644 --- a/source4/auth/pyauth.c +++ b/source4/auth/pyauth.c @@ -49,7 +49,7 @@ static PyObject *py_system_session(PyObject *module, PyObject *args) if (lp_ctx == NULL) return NULL; - session = system_session(NULL, lp_ctx); + session = system_session(lp_ctx); return PyAuthSession_FromSession(session); } diff --git a/source4/auth/session.h b/source4/auth/session.h index ca47af33f4..2a5a8f1098 100644 --- a/source4/auth/session.h +++ b/source4/auth/session.h @@ -35,7 +35,7 @@ struct tevent_context; /* Create a security token for a session SYSTEM (the most * trusted/prvilaged account), including the local machine account as * the off-host credentials */ -struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) ; +struct auth_session_info *system_session(struct loadparm_context *lp_ctx) ; /* * Create a system session, but with anonymous credentials (so we do diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c index 8e22bd820e..765f53a613 100644 --- a/source4/auth/system_session.c +++ b/source4/auth/system_session.c @@ -146,22 +146,37 @@ static NTSTATUS generate_session_info(TALLOC_CTX *mem_ctx, } +/* + prevent the static system session being freed + */ +static int system_session_destructor(struct auth_session_info *info) +{ + return -1; +} /* Create a security token for a session SYSTEM (the most * trusted/prvilaged account), including the local machine account as * the off-host credentials */ -_PUBLIC_ struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) +_PUBLIC_ struct auth_session_info *system_session(struct loadparm_context *lp_ctx) { + static struct auth_session_info *static_session; NTSTATUS nt_status; - struct auth_session_info *session_info = NULL; - nt_status = auth_system_session_info(mem_ctx, + + if (static_session) { + return static_session; + } + + nt_status = auth_system_session_info(talloc_autofree_context(), lp_ctx, - &session_info); + &static_session); if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(static_session); + static_session = NULL; return NULL; } - return session_info; + talloc_set_destructor(static_session, system_session_destructor); + return static_session; } static NTSTATUS _auth_system_session_info(TALLOC_CTX *parent_ctx, |