summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/libcli/auth/gensec_krb5.c21
-rw-r--r--source4/libcli/auth/gensec_ntlmssp.c23
-rw-r--r--source4/libcli/auth/ntlmssp.c91
-rw-r--r--source4/libcli/auth/ntlmssp.h1
-rw-r--r--source4/libcli/auth/ntlmssp_sign.c8
-rw-r--r--source4/libcli/auth/spnego.c23
-rw-r--r--source4/torture/auth/ntlmssp.c8
7 files changed, 68 insertions, 107 deletions
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c
index 06630455ce..7d92873ac7 100644
--- a/source4/libcli/auth/gensec_krb5.c
+++ b/source4/libcli/auth/gensec_krb5.c
@@ -36,7 +36,6 @@ enum GENSEC_KRB5_STATE {
};
struct gensec_krb5_state {
- TALLOC_CTX *mem_ctx;
DATA_BLOB session_key;
struct PAC_LOGON_INFO *logon_info;
enum GENSEC_KRB5_STATE state_position;
@@ -230,18 +229,11 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security)
struct gensec_krb5_state *gensec_krb5_state;
krb5_error_code ret = 0;
- TALLOC_CTX *mem_ctx = talloc_init("gensec_krb5");
- if (!mem_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
-
- gensec_krb5_state = talloc_p(mem_ctx, struct gensec_krb5_state);
+ gensec_krb5_state = talloc_p(gensec_security, struct gensec_krb5_state);
if (!gensec_krb5_state) {
return NT_STATUS_NO_MEMORY;
}
- gensec_krb5_state->mem_ctx = mem_ctx;
-
gensec_security->private_data = gensec_krb5_state;
initialize_krb5_error_table();
@@ -429,7 +421,7 @@ static void gensec_krb5_end(struct gensec_security *gensec_security)
krb5_free_context(gensec_krb5_state->krb5_context);
}
- talloc_destroy(gensec_krb5_state->mem_ctx);
+ talloc_free(gensec_krb5_state);
gensec_security->private_data = NULL;
}
@@ -544,7 +536,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, TALL
if (pac.data) {
/* decode and verify the pac */
- nt_status = gensec_krb5_decode_pac(gensec_krb5_state->mem_ctx, &gensec_krb5_state->logon_info, pac,
+ nt_status = gensec_krb5_decode_pac(gensec_krb5_state, &gensec_krb5_state->logon_info, pac,
gensec_krb5_state);
} else {
/* NULL PAC, we might need to figure this information out the hard way */
@@ -556,7 +548,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, TALL
/* wrap that up in a nice GSS-API wrapping */
*out = gensec_gssapi_gen_krb5_wrap(out_mem_ctx, &unwrapped_out, TOK_ID_KRB_AP_REP);
- gensec_krb5_state->peer_principal = talloc_steal(gensec_krb5_state->mem_ctx, principal);
+ gensec_krb5_state->peer_principal = talloc_steal(gensec_krb5_state, principal);
}
return nt_status;
}
@@ -591,7 +583,7 @@ static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security,
}
if (err == 0 && skey != NULL) {
DEBUG(10, ("Got KRB5 session key of length %d\n", KRB5_KEY_LENGTH(skey)));
- gensec_krb5_state->session_key = data_blob_talloc(gensec_krb5_state->mem_ctx,
+ gensec_krb5_state->session_key = data_blob_talloc(gensec_krb5_state,
KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey));
*session_key = gensec_krb5_state->session_key;
dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length);
@@ -609,7 +601,6 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
{
NTSTATUS nt_status;
struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data;
- TALLOC_CTX *mem_ctx;
struct auth_serversupplied_info *server_info = NULL;
struct auth_session_info *session_info = NULL;
struct PAC_LOGON_INFO *logon_info = gensec_krb5_state->logon_info;
@@ -657,7 +648,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
ptoken->num_sids = 0;
- ptoken->user_sids = talloc_array_p(mem_ctx, struct dom_sid*, logon_info->groups_count + 2);
+ ptoken->user_sids = talloc_array_p(ptoken, struct dom_sid*, logon_info->groups_count + 2);
if (!ptoken->user_sids) {
return NT_STATUS_NO_MEMORY;
}
diff --git a/source4/libcli/auth/gensec_ntlmssp.c b/source4/libcli/auth/gensec_ntlmssp.c
index 8b760bcd45..7270797f52 100644
--- a/source4/libcli/auth/gensec_ntlmssp.c
+++ b/source4/libcli/auth/gensec_ntlmssp.c
@@ -24,7 +24,6 @@
#include "includes.h"
struct gensec_ntlmssp_state {
- TALLOC_CTX *mem_ctx;
struct auth_context *auth_context;
struct auth_serversupplied_info *server_info;
struct ntlmssp_state *ntlmssp_state;
@@ -125,13 +124,13 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
}
if (gensec_ntlmssp_state->server_info->user_session_key.length) {
DEBUG(10, ("Got NT session key of length %u\n", gensec_ntlmssp_state->server_info->user_session_key.length));
- *user_session_key = data_blob_talloc(ntlmssp_state->mem_ctx,
+ *user_session_key = data_blob_talloc(ntlmssp_state,
gensec_ntlmssp_state->server_info->user_session_key.data,
gensec_ntlmssp_state->server_info->user_session_key.length);
}
if (gensec_ntlmssp_state->server_info->lm_session_key.length) {
DEBUG(10, ("Got LM session key of length %u\n", gensec_ntlmssp_state->server_info->lm_session_key.length));
- *lm_session_key = data_blob_talloc(ntlmssp_state->mem_ctx,
+ *lm_session_key = data_blob_talloc(ntlmssp_state,
gensec_ntlmssp_state->server_info->lm_session_key.data,
gensec_ntlmssp_state->server_info->lm_session_key.length);
}
@@ -142,17 +141,11 @@ static NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security)
{
struct gensec_ntlmssp_state *gensec_ntlmssp_state;
- TALLOC_CTX *mem_ctx = talloc_init("gensec_ntlmssp");
- if (!mem_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
-
- gensec_ntlmssp_state = talloc_p(mem_ctx, struct gensec_ntlmssp_state);
+ gensec_ntlmssp_state = talloc_p(gensec_security, struct gensec_ntlmssp_state);
if (!gensec_ntlmssp_state) {
return NT_STATUS_NO_MEMORY;
}
- gensec_ntlmssp_state->mem_ctx = mem_ctx;
gensec_ntlmssp_state->ntlmssp_state = NULL;
gensec_ntlmssp_state->auth_context = NULL;
gensec_ntlmssp_state->server_info = NULL;
@@ -175,7 +168,8 @@ static NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_secur
gensec_ntlmssp_state = gensec_security->private_data;
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_server_start(&gensec_ntlmssp_state->ntlmssp_state))) {
+ if (!NT_STATUS_IS_OK(nt_status = ntlmssp_server_start(gensec_security,
+ &gensec_ntlmssp_state->ntlmssp_state))) {
return nt_status;
}
@@ -221,7 +215,8 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur
}
gensec_ntlmssp_state = gensec_security->private_data;
- status = ntlmssp_client_start(&gensec_ntlmssp_state->ntlmssp_state);
+ status = ntlmssp_client_start(gensec_security,
+ &gensec_ntlmssp_state->ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -265,7 +260,7 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur
return status;
}
- status = gensec_get_password(gensec_security, gensec_ntlmssp_state->mem_ctx, &password);
+ status = gensec_get_password(gensec_security, gensec_ntlmssp_state, &password);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -410,7 +405,7 @@ static void gensec_ntlmssp_end(struct gensec_security *gensec_security)
if (gensec_ntlmssp_state->server_info) {
free_server_info(&gensec_ntlmssp_state->server_info);
}
- talloc_destroy(gensec_ntlmssp_state->mem_ctx);
+ talloc_free(gensec_ntlmssp_state);
gensec_security->private_data = NULL;
}
diff --git a/source4/libcli/auth/ntlmssp.c b/source4/libcli/auth/ntlmssp.c
index f52f1ffbf9..2ea0bcb84e 100644
--- a/source4/libcli/auth/ntlmssp.c
+++ b/source4/libcli/auth/ntlmssp.c
@@ -107,7 +107,7 @@ void debug_ntlmssp_flags(uint32_t neg_flags)
static const uint8_t *get_challenge(const struct ntlmssp_state *ntlmssp_state)
{
- uint8_t *chal = talloc(ntlmssp_state->mem_ctx, 8);
+ uint8_t *chal = talloc(ntlmssp_state, 8);
generate_random_buffer(chal, 8);
return chal;
@@ -143,7 +143,7 @@ static NTSTATUS set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *ch
NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user)
{
- ntlmssp_state->user = talloc_strdup(ntlmssp_state->mem_ctx, user);
+ ntlmssp_state->user = talloc_strdup(ntlmssp_state, user);
if (!ntlmssp_state->user) {
return NT_STATUS_NO_MEMORY;
}
@@ -159,7 +159,7 @@ NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *p
if (!password) {
ntlmssp_state->password = NULL;
} else {
- ntlmssp_state->password = talloc_strdup(ntlmssp_state->mem_ctx, password);
+ ntlmssp_state->password = talloc_strdup(ntlmssp_state, password);
if (!ntlmssp_state->password) {
return NT_STATUS_NO_MEMORY;
}
@@ -173,7 +173,7 @@ NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *p
*/
NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain)
{
- ntlmssp_state->domain = talloc_strdup(ntlmssp_state->mem_ctx, domain);
+ ntlmssp_state->domain = talloc_strdup(ntlmssp_state, domain);
if (!ntlmssp_state->domain) {
return NT_STATUS_NO_MEMORY;
}
@@ -186,7 +186,7 @@ NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *dom
*/
NTSTATUS ntlmssp_set_workstation(struct ntlmssp_state *ntlmssp_state, const char *workstation)
{
- ntlmssp_state->workstation = talloc_strdup(ntlmssp_state->mem_ctx, workstation);
+ ntlmssp_state->workstation = talloc_strdup(ntlmssp_state, workstation);
if (!ntlmssp_state->domain) {
return NT_STATUS_NO_MEMORY;
}
@@ -201,7 +201,7 @@ NTSTATUS ntlmssp_set_workstation(struct ntlmssp_state *ntlmssp_state, const char
NTSTATUS ntlmssp_store_response(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB response)
{
- ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state->mem_ctx,
+ ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state,
response.data, response.length);
return NT_STATUS_OK;
}
@@ -234,7 +234,7 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
if (!out_mem_ctx) {
/* if the caller doesn't want to manage/own the memory,
we can put it on our context */
- out_mem_ctx = ntlmssp_state->mem_ctx;
+ out_mem_ctx = ntlmssp_state;
}
if (!in.length && ntlmssp_state->stored_response.length) {
@@ -257,7 +257,7 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
break;
}
} else {
- if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ if (!msrpc_parse(ntlmssp_state,
&input, "Cd",
"NTLMSSP",
&ntlmssp_command)) {
@@ -311,12 +311,10 @@ NTSTATUS ntlmssp_session_key(struct ntlmssp_state *ntlmssp_state,
void ntlmssp_end(struct ntlmssp_state **ntlmssp_state)
{
- TALLOC_CTX *mem_ctx = (*ntlmssp_state)->mem_ctx;
-
(*ntlmssp_state)->ref_count--;
if ((*ntlmssp_state)->ref_count == 0) {
- talloc_destroy(mem_ctx);
+ talloc_free(*ntlmssp_state);
}
*ntlmssp_state = NULL;
@@ -464,7 +462,7 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
#endif
if (in.length) {
- if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ if (!msrpc_parse(ntlmssp_state,
&in, "CddAA",
"NTLMSSP",
&ntlmssp_command,
@@ -502,8 +500,8 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
if (target_name == NULL)
return NT_STATUS_INVALID_PARAMETER;
- ntlmssp_state->chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8);
- ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8);
+ ntlmssp_state->chal = data_blob_talloc(ntlmssp_state, cryptkey, 8);
+ ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state, cryptkey, 8);
/* This should be a 'netbios domain -> DNS domain' mapping */
dnsdomname[0] = '\0';
@@ -599,7 +597,7 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->workstation = NULL;
/* now the NTLMSSP encoded auth hashes */
- if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ if (!msrpc_parse(ntlmssp_state,
&request, parse_string,
"NTLMSSP",
&ntlmssp_command,
@@ -625,7 +623,7 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
}
/* now the NTLMSSP encoded auth hashes */
- if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ if (!msrpc_parse(ntlmssp_state,
&request, parse_string,
"NTLMSSP",
&ntlmssp_command,
@@ -690,7 +688,7 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
MD5Update(&md5_session_nonce_ctx, ntlmssp_state->session_nonce, 16);
MD5Final(session_nonce_hash, &md5_session_nonce_ctx);
- ntlmssp_state->chal = data_blob_talloc(ntlmssp_state->mem_ctx,
+ ntlmssp_state->chal = data_blob_talloc(ntlmssp_state,
session_nonce_hash, 8);
/* LM response is no longer useful, zero it out */
@@ -736,7 +734,7 @@ static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state,
/* Handle the different session key derivation for NTLM2 */
if (ntlmssp_state->doing_ntlm2) {
if (user_session_key && user_session_key->data && user_session_key->length == 16) {
- session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
+ session_key = data_blob_talloc(ntlmssp_state, NULL, 16);
hmac_md5(user_session_key->data, ntlmssp_state->session_nonce,
sizeof(ntlmssp_state->session_nonce), session_key.data);
DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n"));
@@ -752,7 +750,7 @@ static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state,
if (lm_session_key && lm_session_key->data && lm_session_key->length >= 8) {
if (ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) {
- session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
+ session_key = data_blob_talloc(ntlmssp_state, NULL, 16);
SMBsesskeygen_lm_sess_key(lm_session_key->data, ntlmssp_state->lm_resp.data,
session_key.data);
DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
@@ -761,7 +759,7 @@ static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state,
/* When there is no LM response, just use zeros */
static const uint8_t zeros[24];
- session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
+ session_key = data_blob_talloc(ntlmssp_state, NULL, 16);
SMBsesskeygen_lm_sess_key(zeros, zeros,
session_key.data);
DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
@@ -820,7 +818,7 @@ static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state,
arcfour_crypt(ntlmssp_state->encrypted_session_key.data,
session_key.data,
ntlmssp_state->encrypted_session_key.length);
- ntlmssp_state->session_key = data_blob_talloc(ntlmssp_state->mem_ctx,
+ ntlmssp_state->session_key = data_blob_talloc(ntlmssp_state,
ntlmssp_state->encrypted_session_key.data,
ntlmssp_state->encrypted_session_key.length);
dump_data_pw("KEY_EXCH session key:\n", ntlmssp_state->encrypted_session_key.data,
@@ -903,22 +901,17 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
* @param ntlmssp_state NTLMSSP State, allocated by this function
*/
-NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state)
+NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx, struct ntlmssp_state **ntlmssp_state)
{
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_init("NTLMSSP context");
-
- *ntlmssp_state = talloc_zero(mem_ctx, sizeof(**ntlmssp_state));
+ *ntlmssp_state = talloc_p(mem_ctx, struct ntlmssp_state);
if (!*ntlmssp_state) {
DEBUG(0,("ntlmssp_server_start: talloc failed!\n"));
- talloc_destroy(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
+ ZERO_STRUCTP(*ntlmssp_state);
(*ntlmssp_state)->role = NTLMSSP_SERVER;
- (*ntlmssp_state)->mem_ctx = mem_ctx;
(*ntlmssp_state)->get_challenge = get_challenge;
(*ntlmssp_state)->set_challenge = set_challenge;
(*ntlmssp_state)->may_set_challenge = may_set_challenge;
@@ -1025,7 +1018,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
NTSTATUS nt_status;
- if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ if (!msrpc_parse(ntlmssp_state,
&in, "CdBd",
"NTLMSSP",
&ntlmssp_command,
@@ -1064,7 +1057,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
DEBUG(3, ("NTLMSSP: Set final flags:\n"));
debug_ntlmssp_flags(ntlmssp_state->neg_flags);
- if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ if (!msrpc_parse(ntlmssp_state,
&in, chal_parse_string,
"NTLMSSP",
&ntlmssp_command,
@@ -1089,8 +1082,8 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
/* do nothing - blobs are zero length */
/* session key is all zeros */
- session_key = data_blob_talloc(ntlmssp_state->mem_ctx, zeros, 16);
- lm_session_key = data_blob_talloc(ntlmssp_state->mem_ctx, zeros, 16);
+ session_key = data_blob_talloc(ntlmssp_state, zeros, 16);
+ lm_session_key = data_blob_talloc(ntlmssp_state, zeros, 16);
/* not doing NLTM2 without a password */
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
@@ -1126,7 +1119,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
uint8_t user_session_key[16];
E_md4hash(ntlmssp_state->password, nt_hash);
- lm_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24);
+ lm_response = data_blob_talloc(ntlmssp_state, NULL, 24);
generate_random_buffer(lm_response.data, 8);
memset(lm_response.data+8, 0, 16);
@@ -1142,12 +1135,12 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
DEBUG(5, ("challenge is: \n"));
dump_data(5, (const char *)session_nonce_hash, 8);
- nt_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24);
+ nt_response = data_blob_talloc(ntlmssp_state, NULL, 24);
SMBNTencrypt(ntlmssp_state->password,
session_nonce_hash,
nt_response.data);
- session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
+ session_key = data_blob_talloc(ntlmssp_state, NULL, 16);
SMBsesskeygen_ntv1(nt_hash, user_session_key);
hmac_md5(user_session_key, session_nonce, sizeof(session_nonce), session_key.data);
@@ -1159,18 +1152,18 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
uint8_t nt_hash[16];
if (ntlmssp_state->use_nt_response) {
- nt_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24);
+ nt_response = data_blob_talloc(ntlmssp_state, NULL, 24);
SMBNTencrypt(ntlmssp_state->password,challenge_blob.data,
nt_response.data);
E_md4hash(ntlmssp_state->password, nt_hash);
- session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
+ session_key = data_blob_talloc(ntlmssp_state, NULL, 16);
SMBsesskeygen_ntv1(nt_hash, session_key.data);
dump_data_pw("NT session key:\n", session_key.data, session_key.length);
}
/* lanman auth is insecure, it may be disabled */
if (lp_client_lanman_auth()) {
- lm_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24);
+ lm_response = data_blob_talloc(ntlmssp_state, NULL, 24);
if (!SMBencrypt(ntlmssp_state->password,challenge_blob.data,
lm_response.data)) {
/* If the LM password was too long (and therefore the LM hash being
@@ -1181,7 +1174,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
} else {
E_deshash(ntlmssp_state->password, lm_hash);
- lm_session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
+ lm_session_key = data_blob_talloc(ntlmssp_state, NULL, 16);
memcpy(lm_session_key.data, lm_hash, 8);
memset(&lm_session_key.data[8], '\0', 8);
@@ -1197,7 +1190,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
&& lp_client_lanman_auth() && lm_session_key.length == 16) {
- DATA_BLOB new_session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
+ DATA_BLOB new_session_key = data_blob_talloc(ntlmssp_state, NULL, 16);
if (lm_response.length == 24) {
SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data,
new_session_key.data);
@@ -1220,14 +1213,14 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
generate_random_buffer(client_session_key, sizeof(client_session_key));
/* Encrypt the new session key with the old one */
- encrypted_session_key = data_blob_talloc(ntlmssp_state->mem_ctx,
+ encrypted_session_key = data_blob_talloc(ntlmssp_state,
client_session_key, sizeof(client_session_key));
dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length);
arcfour_crypt(encrypted_session_key.data, session_key.data, encrypted_session_key.length);
dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length);
/* Mark the new session key as the 'real' session key */
- session_key = data_blob_talloc(ntlmssp_state->mem_ctx, client_session_key, sizeof(client_session_key));
+ session_key = data_blob_talloc(ntlmssp_state, client_session_key, sizeof(client_session_key));
}
/* this generates the actual auth packet */
@@ -1266,23 +1259,17 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
return NT_STATUS_MORE_PROCESSING_REQUIRED;
}
-NTSTATUS ntlmssp_client_start(struct ntlmssp_state **ntlmssp_state)
+NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx, struct ntlmssp_state **ntlmssp_state)
{
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_init("NTLMSSP Client context");
-
- *ntlmssp_state = talloc_zero(mem_ctx, sizeof(**ntlmssp_state));
+ *ntlmssp_state = talloc_p(mem_ctx, struct ntlmssp_state);
if (!*ntlmssp_state) {
DEBUG(0,("ntlmssp_client_start: talloc failed!\n"));
- talloc_destroy(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
+ ZERO_STRUCTP(*ntlmssp_state);
(*ntlmssp_state)->role = NTLMSSP_CLIENT;
- (*ntlmssp_state)->mem_ctx = mem_ctx;
-
(*ntlmssp_state)->get_global_myname = lp_netbios_name;
(*ntlmssp_state)->get_domain = lp_workgroup;
diff --git a/source4/libcli/auth/ntlmssp.h b/source4/libcli/auth/ntlmssp.h
index a318025650..a6d1510450 100644
--- a/source4/libcli/auth/ntlmssp.h
+++ b/source4/libcli/auth/ntlmssp.h
@@ -75,7 +75,6 @@ enum ntlmssp_message_type
struct ntlmssp_state
{
- TALLOC_CTX *mem_ctx;
uint_t ref_count;
enum ntlmssp_role role;
enum samr_Role server_role;
diff --git a/source4/libcli/auth/ntlmssp_sign.c b/source4/libcli/auth/ntlmssp_sign.c
index 2b9659ae52..5a99f14496 100644
--- a/source4/libcli/auth/ntlmssp_sign.c
+++ b/source4/libcli/auth/ntlmssp_sign.c
@@ -387,14 +387,14 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
weak_session_key.length);
/* SEND */
- calc_ntlmv2_key(ntlmssp_state->mem_ctx,
+ calc_ntlmv2_key(ntlmssp_state,
&ntlmssp_state->send_sign_key,
ntlmssp_state->session_key, send_sign_const);
dump_data_pw("NTLMSSP send sign key:\n",
ntlmssp_state->send_sign_key.data,
ntlmssp_state->send_sign_key.length);
- calc_ntlmv2_key(ntlmssp_state->mem_ctx,
+ calc_ntlmv2_key(ntlmssp_state,
&ntlmssp_state->send_seal_key,
weak_session_key, send_seal_const);
dump_data_pw("NTLMSSP send seal key:\n",
@@ -409,14 +409,14 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
sizeof(ntlmssp_state->send_seal_hash));
/* RECV */
- calc_ntlmv2_key(ntlmssp_state->mem_ctx,
+ calc_ntlmv2_key(ntlmssp_state,
&ntlmssp_state->recv_sign_key,
ntlmssp_state->session_key, recv_sign_const);
dump_data_pw("NTLMSSP recv sign key:\n",
ntlmssp_state->recv_sign_key.data,
ntlmssp_state->recv_sign_key.length);
- calc_ntlmv2_key(ntlmssp_state->mem_ctx,
+ calc_ntlmv2_key(ntlmssp_state,
&ntlmssp_state->recv_seal_key,
weak_session_key, recv_seal_const);
dump_data_pw("NTLMSSP recv seal key:\n",
diff --git a/source4/libcli/auth/spnego.c b/source4/libcli/auth/spnego.c
index bbf8f86676..efe9ad675b 100644
--- a/source4/libcli/auth/spnego.c
+++ b/source4/libcli/auth/spnego.c
@@ -37,7 +37,6 @@ enum spnego_state_position {
};
struct spnego_state {
- TALLOC_CTX *mem_ctx;
uint_t ref_count;
enum spnego_message_type expected_packet;
enum spnego_state_position state_position;
@@ -47,19 +46,14 @@ struct spnego_state {
static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_security)
{
struct spnego_state *spnego_state;
- TALLOC_CTX *mem_ctx = talloc_init("gensec_spnego_client_start");
- if (!mem_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
- spnego_state = talloc_p(mem_ctx, struct spnego_state);
-
+
+ spnego_state = talloc_p(gensec_security, struct spnego_state);
if (!spnego_state) {
return NT_STATUS_NO_MEMORY;
}
spnego_state->expected_packet = SPNEGO_NEG_TOKEN_INIT;
spnego_state->state_position = SPNEGO_CLIENT_START;
- spnego_state->mem_ctx = mem_ctx;
spnego_state->sub_sec_security = NULL;
gensec_security->private_data = spnego_state;
@@ -69,19 +63,14 @@ static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_securi
static NTSTATUS gensec_spnego_server_start(struct gensec_security *gensec_security)
{
struct spnego_state *spnego_state;
- TALLOC_CTX *mem_ctx = talloc_init("gensec_spnego_server_start");
- if (!mem_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
- spnego_state = talloc_p(mem_ctx, struct spnego_state);
-
+
+ spnego_state = talloc_p(gensec_security, struct spnego_state);
if (!spnego_state) {
return NT_STATUS_NO_MEMORY;
}
spnego_state->expected_packet = SPNEGO_NEG_TOKEN_INIT;
spnego_state->state_position = SPNEGO_SERVER_START;
- spnego_state->mem_ctx = mem_ctx;
spnego_state->sub_sec_security = NULL;
gensec_security->private_data = spnego_state;
@@ -426,7 +415,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
*out = data_blob(NULL, 0);
if (!out_mem_ctx) {
- out_mem_ctx = spnego_state->mem_ctx;
+ out_mem_ctx = spnego_state;
}
/* and switch into the state machine */
@@ -701,7 +690,7 @@ static void gensec_spnego_end(struct gensec_security *gensec_security)
gensec_end(&spnego_state->sub_sec_security);
}
- talloc_destroy(spnego_state->mem_ctx);
+ talloc_free(spnego_state);
gensec_security->private_data = NULL;
}
diff --git a/source4/torture/auth/ntlmssp.c b/source4/torture/auth/ntlmssp.c
index dc4356bac1..a10ca77c53 100644
--- a/source4/torture/auth/ntlmssp.c
+++ b/source4/torture/auth/ntlmssp.c
@@ -27,7 +27,7 @@ BOOL torture_ntlmssp_self_check(int dummy)
DATA_BLOB sig, expected_sig;
NTSTATUS status;
- if (!NT_STATUS_IS_OK(ntlmssp_client_start(&ntlmssp_state))) {
+ if (!NT_STATUS_IS_OK(ntlmssp_client_start(NULL, &ntlmssp_state))) {
return False;
}
@@ -45,7 +45,7 @@ BOOL torture_ntlmssp_self_check(int dummy)
}
data = strhex_to_data_blob("6a43494653");
- ntlmssp_sign_packet(ntlmssp_state, ntlmssp_state->mem_ctx,
+ ntlmssp_sign_packet(ntlmssp_state, ntlmssp_state,
data.data, data.length, data.data, data.length, &sig);
expected_sig = strhex_to_data_blob("01000000e37f97f2544f4d7e00000000");
@@ -64,7 +64,7 @@ BOOL torture_ntlmssp_self_check(int dummy)
ntlmssp_end(&ntlmssp_state);
- if (!NT_STATUS_IS_OK(ntlmssp_client_start(&ntlmssp_state))) {
+ if (!NT_STATUS_IS_OK(ntlmssp_client_start(NULL, &ntlmssp_state))) {
return False;
}
@@ -82,7 +82,7 @@ BOOL torture_ntlmssp_self_check(int dummy)
}
data = strhex_to_data_blob("6a43494653");
- ntlmssp_sign_packet(ntlmssp_state, ntlmssp_state->mem_ctx,
+ ntlmssp_sign_packet(ntlmssp_state, ntlmssp_state,
data.data, data.length, data.data, data.length, &sig);
expected_sig = strhex_to_data_blob("0100000078010900397420fe0e5a0f89");