From 5002b3a90d6002ce51ad1d8a038ea4c7be98ab43 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 20 Jul 2010 16:17:58 -0700 Subject: Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL contexts. Jeremy. --- source3/libsmb/cliconnect.c | 6 +++--- source3/libsmb/clifsinfo.c | 2 +- source3/libsmb/clispnego.c | 36 +++++++++++++++++++----------------- 3 files changed, 23 insertions(+), 21 deletions(-) (limited to 'source3/libsmb') diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 86448ff6b3..2d3e5a56a7 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1098,11 +1098,11 @@ static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq) && NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { DATA_BLOB tmp_blob = data_blob_null; /* the server might give us back two challenges */ - parse_ret = spnego_parse_challenge(blob_in, &msg_in, + parse_ret = spnego_parse_challenge(state, blob_in, &msg_in, &tmp_blob); data_blob_free(&tmp_blob); } else { - parse_ret = spnego_parse_auth_response(blob_in, status, + parse_ret = spnego_parse_auth_response(state, blob_in, status, OID_NTLMSSP, &msg_in); } state->turn += 1; @@ -1128,7 +1128,7 @@ static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq) return; } - state->blob_out = spnego_gen_auth(blob_out); + state->blob_out = spnego_gen_auth(state, blob_out); TALLOC_FREE(subreq); if (tevent_req_nomem(state->blob_out.data, req)) { return; diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index aa7d1fb9ad..9e4d9fa8ad 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -764,7 +764,7 @@ static NTSTATUS make_cli_gss_blob(TALLOC_CTX *ctx, p_tok_in = GSS_C_NO_BUFFER; } else { /* Remove the SPNEGO wrapper */ - if (!spnego_parse_auth_response(spnego_blob_in, status_in, OID_KERBEROS5, &blob_in)) { + if (!spnego_parse_auth_response(ctx, spnego_blob_in, status_in, OID_KERBEROS5, &blob_in)) { status = NT_STATUS_UNSUCCESSFUL; goto fail; } diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index d5867120ea..66e023a91d 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -216,7 +216,7 @@ bool spnego_parse_negTokenInit(TALLOC_CTX *ctx, /* generate a krb5 GSS-API wrapper packet given a ticket */ -DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2]) +DATA_BLOB spnego_gen_krb5_wrap(TALLOC_CTX *ctx, const DATA_BLOB ticket, const uint8 tok_id[2]) { ASN1_DATA *data; DATA_BLOB ret; @@ -237,7 +237,7 @@ DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2]) DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs)); } - ret = data_blob(data->data, data->length); + ret = data_blob_talloc(ctx, data->data, data->length); asn1_free(data); return ret; @@ -246,7 +246,7 @@ DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2]) /* parse a krb5 GSS-API wrapper packet giving a ticket */ -bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]) +bool spnego_parse_krb5_wrap(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]) { bool ret; ASN1_DATA *data; @@ -268,7 +268,7 @@ bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]) } else { asn1_read(data, tok_id, 2); data_remaining -= 2; - *ticket = data_blob(NULL, data_remaining); + *ticket = data_blob_talloc(ctx, NULL, data_remaining); asn1_read(data, ticket->data, ticket->length); } @@ -309,7 +309,7 @@ int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx, return retval; /* wrap that up in a nice GSS-API wrapping */ - tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ); + tkt_wrapped = spnego_gen_krb5_wrap(ctx, tkt, TOK_ID_KRB_AP_REQ); /* and wrap that in a shiny SPNEGO wrapper */ *targ = spnego_gen_negTokenInit(ctx, krb_mechs, &tkt_wrapped, NULL); @@ -324,7 +324,7 @@ int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx, /* parse a spnego NTLMSSP challenge packet giving two security blobs */ -bool spnego_parse_challenge(const DATA_BLOB blob, +bool spnego_parse_challenge(TALLOC_CTX *ctx, const DATA_BLOB blob, DATA_BLOB *chal1, DATA_BLOB *chal2) { bool ret; @@ -351,13 +351,13 @@ bool spnego_parse_challenge(const DATA_BLOB blob, asn1_end_tag(data); asn1_start_tag(data,ASN1_CONTEXT(2)); - asn1_read_OctetString(data, talloc_autofree_context(), chal1); + asn1_read_OctetString(data, ctx, chal1); asn1_end_tag(data); /* the second challenge is optional (XP doesn't send it) */ if (asn1_tag_remaining(data)) { asn1_start_tag(data,ASN1_CONTEXT(3)); - asn1_read_OctetString(data, talloc_autofree_context(), chal2); + asn1_read_OctetString(data, ctx, chal2); asn1_end_tag(data); } @@ -379,7 +379,7 @@ bool spnego_parse_challenge(const DATA_BLOB blob, /* generate a SPNEGO auth packet. This will contain the encrypted passwords */ -DATA_BLOB spnego_gen_auth(DATA_BLOB blob) +DATA_BLOB spnego_gen_auth(TALLOC_CTX *ctx, DATA_BLOB blob) { ASN1_DATA *data; DATA_BLOB ret; @@ -397,7 +397,7 @@ DATA_BLOB spnego_gen_auth(DATA_BLOB blob) asn1_pop_tag(data); asn1_pop_tag(data); - ret = data_blob(data->data, data->length); + ret = data_blob_talloc(ctx, data->data, data->length); asn1_free(data); @@ -407,7 +407,7 @@ DATA_BLOB spnego_gen_auth(DATA_BLOB blob) /* parse a SPNEGO auth packet. This contains the encrypted passwords */ -bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth) +bool spnego_parse_auth(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *auth) { ssize_t len; struct spnego_data token; @@ -425,7 +425,7 @@ bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth) return false; } - *auth = data_blob_talloc(talloc_tos(), + *auth = data_blob_talloc(ctx, token.negTokenTarg.responseToken.data, token.negTokenTarg.responseToken.length); spnego_free_data(&token); @@ -436,7 +436,8 @@ bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth) /* generate a minimal SPNEGO response packet. Doesn't contain much. */ -DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status, +DATA_BLOB spnego_gen_auth_response(TALLOC_CTX *ctx, + DATA_BLOB *reply, NTSTATUS nt_status, const char *mechOID) { ASN1_DATA *data; @@ -477,7 +478,7 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status, asn1_pop_tag(data); asn1_pop_tag(data); - ret = data_blob(data->data, data->length); + ret = data_blob_talloc(ctx, data->data, data->length); asn1_free(data); return ret; } @@ -485,7 +486,8 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status, /* parse a SPNEGO auth packet. This contains the encrypted passwords */ -bool spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, +bool spnego_parse_auth_response(TALLOC_CTX *ctx, + DATA_BLOB blob, NTSTATUS nt_status, const char *mechOID, DATA_BLOB *auth) { @@ -521,7 +523,7 @@ bool spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, if (asn1_tag_remaining(data)) { asn1_start_tag(data,ASN1_CONTEXT(2)); - asn1_read_OctetString(data, talloc_autofree_context(), auth); + asn1_read_OctetString(data, ctx, auth); asn1_end_tag(data); } } else if (negResult == SPNEGO_ACCEPT_INCOMPLETE) { @@ -535,7 +537,7 @@ bool spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, if (asn1_tag_remaining(data)) { DATA_BLOB mechList = data_blob_null; asn1_start_tag(data, ASN1_CONTEXT(3)); - asn1_read_OctetString(data, talloc_autofree_context(), &mechList); + asn1_read_OctetString(data, ctx, &mechList); asn1_end_tag(data); data_blob_free(&mechList); DEBUG(5,("spnego_parse_auth_response received mechListMIC, " -- cgit