From c09dcb903cdc1a68f71e892501a450df31367a54 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 16 Jul 2010 19:44:22 -0400 Subject: s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett --- source3/auth/auth_ntlmssp.c | 18 ++++++++++++------ source3/include/proto.h | 1 - source3/rpc_server/srv_pipe.c | 7 +------ source3/smbd/password.c | 2 +- source3/smbd/seal.c | 2 +- source3/smbd/sesssetup.c | 4 ++-- source3/smbd/smb2_sesssetup.c | 18 +++++++++--------- 7 files changed, 26 insertions(+), 26 deletions(-) (limited to 'source3') diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index d389ee7c1f..bebb86ee17 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -254,6 +254,8 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, return nt_status; } +static int auth_ntlmssp_state_destructor(void *ptr); + NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state) { NTSTATUS nt_status; @@ -311,17 +313,21 @@ NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state) ans->ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge; ans->ntlmssp_state->check_password = auth_ntlmssp_check_password; + talloc_set_destructor((TALLOC_CTX *)ans, auth_ntlmssp_state_destructor); + *auth_ntlmssp_state = ans; return NT_STATUS_OK; } -void auth_ntlmssp_end(struct auth_ntlmssp_state **auth_ntlmssp_state) +static int auth_ntlmssp_state_destructor(void *ptr) { - if (*auth_ntlmssp_state == NULL) { - return; - } - TALLOC_FREE((*auth_ntlmssp_state)->server_info); - TALLOC_FREE(*auth_ntlmssp_state); + struct auth_ntlmssp_state *ans; + + ans = talloc_get_type(ptr, struct auth_ntlmssp_state); + + TALLOC_FREE(ans->server_info); + TALLOC_FREE(ans->ntlmssp_state); + return 0; } NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *auth_ntlmssp_state, diff --git a/source3/include/proto.h b/source3/include/proto.h index 1cf9621182..a5b98cdc4d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -66,7 +66,6 @@ bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *auth_ntlmssp_state) void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state); void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state); NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state); -void auth_ntlmssp_end(struct auth_ntlmssp_state **auth_ntlmssp_state); NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *auth_ntlmssp_state, const DATA_BLOB request, DATA_BLOB *reply) ; NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *auth_ntlmssp_state, diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index a7a5f4d676..a56a6345cc 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -85,12 +85,7 @@ static void dump_pdu_region(const char *name, int v, static void free_pipe_ntlmssp_auth_data(struct pipe_auth_data *auth) { - struct auth_ntlmssp_state *a = auth->a_u.auth_ntlmssp_state; - - if (a) { - auth_ntlmssp_end(&a); - } - auth->a_u.auth_ntlmssp_state = NULL; + TALLOC_FREE(auth->a_u.auth_ntlmssp_state); } static DATA_BLOB generic_session_key(void) diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 2bd333ab30..996417b51e 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -120,7 +120,7 @@ void invalidate_vuid(struct smbd_server_connection *sconn, uint16 vuid) session_yield(vuser); if (vuser->auth_ntlmssp_state) { - auth_ntlmssp_end(&vuser->auth_ntlmssp_state); + TALLOC_FREE(vuser->auth_ntlmssp_state); } DLIST_REMOVE(sconn->smb1.sessions.validated_users, vuser); diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index 171e809b44..ad785a4588 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -101,7 +101,7 @@ static void destroy_auth_ntlmssp(struct smb_srv_trans_enc_ctx *ec) */ if (ec->auth_ntlmssp_state) { - auth_ntlmssp_end(&ec->auth_ntlmssp_state); + TALLOC_FREE(ec->auth_ntlmssp_state); /* The auth_ntlmssp_end killed this already. */ ec->es->s.ntlmssp_state = NULL; } diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 525bcafd09..27eb4f6c48 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -708,7 +708,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req, if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { /* NB. This is *NOT* an error case. JRA */ if (do_invalidate) { - auth_ntlmssp_end(auth_ntlmssp_state); + TALLOC_FREE(*auth_ntlmssp_state); if (!NT_STATUS_IS_OK(nt_status)) { /* Kill the intermediate vuid */ invalidate_vuid(sconn, vuid); @@ -828,7 +828,7 @@ static void reply_spnego_negotiate(struct smb_request *req, #endif if (*auth_ntlmssp_state) { - auth_ntlmssp_end(auth_ntlmssp_state); + TALLOC_FREE(*auth_ntlmssp_state); } if (kerb_mech) { diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 493e74802d..4d0f03259b 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -550,7 +550,7 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session, NTSTATUS status; /* Ensure we have no old NTLM state around. */ - auth_ntlmssp_end(&session->auth_ntlmssp_state); + TALLOC_FREE(session->auth_ntlmssp_state); status = parse_spnego_mechanisms(in_security_buffer, &secblob_in, &kerb_mech); @@ -621,7 +621,7 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session, if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - auth_ntlmssp_end(&session->auth_ntlmssp_state); + TALLOC_FREE(session->auth_ntlmssp_state); TALLOC_FREE(session); } return status; @@ -653,7 +653,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s session->compat_vuser = talloc_zero(session, user_struct); if (session->compat_vuser == NULL) { - auth_ntlmssp_end(&session->auth_ntlmssp_state); + TALLOC_FREE(session->auth_ntlmssp_state); TALLOC_FREE(session); return NT_STATUS_NO_MEMORY; } @@ -682,7 +682,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s DEBUG(1, ("smb2: Failed to claim session " "for vuid=%d\n", session->compat_vuser->vuid)); - auth_ntlmssp_end(&session->auth_ntlmssp_state); + TALLOC_FREE(session->auth_ntlmssp_state); TALLOC_FREE(session); return NT_STATUS_LOGON_FAILURE; } @@ -793,7 +793,7 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session, if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - auth_ntlmssp_end(&session->auth_ntlmssp_state); + TALLOC_FREE(session->auth_ntlmssp_state); data_blob_free(&auth); TALLOC_FREE(session); return status; @@ -808,7 +808,7 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session, secblob_out.data, secblob_out.length); if (secblob_out.data && out_security_buffer->data == NULL) { - auth_ntlmssp_end(&session->auth_ntlmssp_state); + TALLOC_FREE(session->auth_ntlmssp_state); TALLOC_FREE(session); return NT_STATUS_NO_MEMORY; } @@ -858,7 +858,7 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session, secblob_out.data, secblob_out.length); if (secblob_out.data && out_security_buffer->data == NULL) { - auth_ntlmssp_end(&session->auth_ntlmssp_state); + TALLOC_FREE(session->auth_ntlmssp_state); TALLOC_FREE(session); return NT_STATUS_NO_MEMORY; } @@ -872,7 +872,7 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session, status = setup_ntlmssp_server_info(session, status); if (!NT_STATUS_IS_OK(status)) { - auth_ntlmssp_end(&session->auth_ntlmssp_state); + TALLOC_FREE(session->auth_ntlmssp_state); TALLOC_FREE(session); return status; } @@ -971,7 +971,7 @@ static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req, /* Unknown packet type. */ DEBUG(1,("Unknown packet type %u in smb2 sessionsetup\n", (unsigned int)in_security_buffer.data[0] )); - auth_ntlmssp_end(&session->auth_ntlmssp_state); + TALLOC_FREE(session->auth_ntlmssp_state); TALLOC_FREE(session); return NT_STATUS_LOGON_FAILURE; } -- cgit