From d3fe48ba48b25f359292ee96dbf5cecc0b0b16a3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jul 2011 19:10:15 +1000 Subject: gensec: Remove mem_ctx from calls that do not return memory Signed-off-by: Andrew Tridgell --- source4/auth/gensec/gensec_gssapi.c | 15 +++++++++------ source4/auth/gensec/schannel.c | 6 ++---- source4/auth/gensec/spnego.c | 6 ------ 3 files changed, 11 insertions(+), 16 deletions(-) (limited to 'source4/auth/gensec') diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 6ecd29bf34..4dd809856c 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -1038,7 +1038,6 @@ static NTSTATUS gensec_gssapi_seal_packet(struct gensec_security *gensec_securit } static NTSTATUS gensec_gssapi_unseal_packet(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, const DATA_BLOB *sig) @@ -1053,7 +1052,7 @@ static NTSTATUS gensec_gssapi_unseal_packet(struct gensec_security *gensec_secur dump_data_pw("gensec_gssapi_unseal_packet: sig\n", sig->data, sig->length); - in = data_blob_talloc(mem_ctx, NULL, sig->length + length); + in = data_blob_talloc(gensec_security, NULL, sig->length + length); memcpy(in.data, sig->data, sig->length); memcpy(in.data + sig->length, data, length); @@ -1067,9 +1066,12 @@ static NTSTATUS gensec_gssapi_unseal_packet(struct gensec_security *gensec_secur &output_token, &conf_state, &qop_state); + talloc_free(in.data); if (GSS_ERROR(maj_stat)) { + char *error_string = gssapi_error_string(NULL, maj_stat, min_stat, gensec_gssapi_state->gss_oid); DEBUG(1, ("gensec_gssapi_unseal_packet: GSS UnWrap failed: %s\n", - gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid))); + error_string)); + talloc_free(error_string); return NT_STATUS_ACCESS_DENIED; } @@ -1128,7 +1130,6 @@ static NTSTATUS gensec_gssapi_sign_packet(struct gensec_security *gensec_securit } static NTSTATUS gensec_gssapi_check_packet(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, const uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, const DATA_BLOB *sig) @@ -1159,8 +1160,10 @@ static NTSTATUS gensec_gssapi_check_packet(struct gensec_security *gensec_securi &input_token, &qop_state); if (GSS_ERROR(maj_stat)) { - DEBUG(1, ("GSS VerifyMic failed: %s\n", - gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid))); + char *error_string = gssapi_error_string(NULL, maj_stat, min_stat, gensec_gssapi_state->gss_oid); + DEBUG(1, ("GSS VerifyMic failed: %s\n", error_string)); + talloc_free(error_string); + return NT_STATUS_ACCESS_DENIED; } diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 2e3f0219e9..8f9aa921a9 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -290,7 +290,6 @@ static bool schannel_have_feature(struct gensec_security *gensec_security, unseal a packet */ static NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, const DATA_BLOB *sig) @@ -299,7 +298,7 @@ static NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security, talloc_get_type(gensec_security->private_data, struct schannel_state); - return netsec_incoming_packet(state, mem_ctx, true, + return netsec_incoming_packet(state, true, discard_const_p(uint8_t, data), length, sig); } @@ -308,7 +307,6 @@ static NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security, check the signature on a packet */ static NTSTATUS schannel_check_packet(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, const uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, const DATA_BLOB *sig) @@ -317,7 +315,7 @@ static NTSTATUS schannel_check_packet(struct gensec_security *gensec_security, talloc_get_type(gensec_security->private_data, struct schannel_state); - return netsec_incoming_packet(state, mem_ctx, false, + return netsec_incoming_packet(state, false, discard_const_p(uint8_t, data), length, sig); } diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index 3611d31a23..c48e87e8b5 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -96,7 +96,6 @@ static NTSTATUS gensec_spnego_server_start(struct gensec_security *gensec_securi wrappers for the spnego_*() functions */ static NTSTATUS gensec_spnego_unseal_packet(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, const DATA_BLOB *sig) @@ -109,14 +108,12 @@ static NTSTATUS gensec_spnego_unseal_packet(struct gensec_security *gensec_secur } return gensec_unseal_packet(spnego_state->sub_sec_security, - mem_ctx, data, length, whole_pdu, pdu_length, sig); } static NTSTATUS gensec_spnego_check_packet(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, const uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, const DATA_BLOB *sig) @@ -129,7 +126,6 @@ static NTSTATUS gensec_spnego_check_packet(struct gensec_security *gensec_securi } return gensec_check_packet(spnego_state->sub_sec_security, - mem_ctx, data, length, whole_pdu, pdu_length, sig); @@ -922,7 +918,6 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA if (NT_STATUS_IS_OK(nt_status) && spnego.negTokenTarg.mechListMIC.length > 0) { new_spnego = true; nt_status = gensec_check_packet(spnego_state->sub_sec_security, - out_mem_ctx, spnego_state->mech_types.data, spnego_state->mech_types.length, spnego_state->mech_types.data, @@ -1029,7 +1024,6 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA } if (NT_STATUS_IS_OK(nt_status) && spnego.negTokenTarg.mechListMIC.length > 0) { nt_status = gensec_check_packet(spnego_state->sub_sec_security, - out_mem_ctx, spnego_state->mech_types.data, spnego_state->mech_types.length, spnego_state->mech_types.data, -- cgit