From 6d7ac4f1ad364cac6266bd3e88d141a7517a7d15 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 26 Jul 2011 17:20:35 +1000 Subject: s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_update This clarifies the lifetime of the returned token. Andrew Bartlett Signed-off-by: Andrew Tridgell --- source3/smbd/seal.c | 10 +++++++--- source3/smbd/sesssetup.c | 11 ++++++----- source3/smbd/smb2_sesssetup.c | 19 ++++--------------- 3 files changed, 17 insertions(+), 23 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index e6b683d97f..5481e52fe0 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -478,7 +478,9 @@ static NTSTATUS srv_enc_ntlm_negotiate(const struct tsocket_address *remote_addr return status; } - status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state, secblob, &chal); + status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state, + partial_srv_trans_enc_ctx->auth_ntlmssp_state, + secblob, &chal); /* status here should be NT_STATUS_MORE_PROCESSING_REQUIRED * for success ... */ @@ -601,7 +603,7 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn, return NT_STATUS_INVALID_PARAMETER; } - status = auth_ntlmssp_update(ec->auth_ntlmssp_state, auth, &auth_reply); + status = auth_ntlmssp_update(ec->auth_ntlmssp_state, talloc_tos(), auth, &auth_reply); data_blob_free(&auth); /* From RFC4178. @@ -671,7 +673,9 @@ static NTSTATUS srv_enc_raw_ntlm_auth(connection_struct *conn, } /* Second step. */ - status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state, blob, &response); + status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state, + talloc_tos(), + blob, &response); if (NT_STATUS_IS_OK(status)) { /* Return the context we're using for this encryption state. */ diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 329b8b6aa5..b1fed41e8e 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -633,8 +633,8 @@ static void reply_spnego_negotiate(struct smb_request *req, return; } - status = auth_ntlmssp_update(*auth_ntlmssp_state, - secblob, &chal); + status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(), + secblob, &chal); data_blob_free(&secblob); @@ -736,8 +736,8 @@ static void reply_spnego_auth(struct smb_request *req, } } - status = auth_ntlmssp_update(*auth_ntlmssp_state, - auth, &auth_reply); + status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(), + auth, &auth_reply); data_blob_free(&auth); @@ -1151,7 +1151,8 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) } status = auth_ntlmssp_update(vuser->auth_ntlmssp_state, - blob1, &chal); + talloc_tos(), + blob1, &chal); data_blob_free(&blob1); diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 511df8639d..320a707758 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -393,6 +393,7 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session, } status = auth_ntlmssp_update(session->auth_ntlmssp_state, + talloc_tos(), secblob_in, &chal_out); } @@ -584,7 +585,7 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session, } status = auth_ntlmssp_update(session->auth_ntlmssp_state, - auth, + talloc_tos(), auth, &auth_out); /* If status is NT_STATUS_OK then we need to get the token. * Map to guest is now internal to auth_ntlmssp */ @@ -637,7 +638,6 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session, uint64_t *out_session_id) { NTSTATUS status; - DATA_BLOB secblob_out = data_blob_null; if (session->auth_ntlmssp_state == NULL) { status = auth_ntlmssp_start(session->sconn->remote_address, @@ -650,20 +650,9 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session, /* RAW NTLMSSP */ status = auth_ntlmssp_update(session->auth_ntlmssp_state, + smb2req, in_security_buffer, - &secblob_out); - - if (NT_STATUS_IS_OK(status) || - NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - *out_security_buffer = data_blob_talloc(smb2req, - secblob_out.data, - secblob_out.length); - if (secblob_out.data && out_security_buffer->data == NULL) { - TALLOC_FREE(session->auth_ntlmssp_state); - TALLOC_FREE(session); - return NT_STATUS_NO_MEMORY; - } - } + out_security_buffer); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { *out_session_id = session->vuid; -- cgit