From 7c7125be5dfdbacd702891e16529eb1412966f83 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 31 Jan 2006 01:50:54 +0000 Subject: r13247: Try to make better use of talloc in the auth/ and auth/gensec code. We don't want temporary memory hanging around on the long-term contexts. Andrew Bartlett (This used to be commit 85b3f6ebddfb655fdd08d1799752e562a6ff9cb1) --- source4/auth/auth_sam.c | 10 +++++----- source4/auth/gensec/gensec_gssapi.c | 19 +++++++++++++------ source4/auth/gensec/gensec_krb5.c | 23 +++++++++++++++++------ 3 files changed, 35 insertions(+), 17 deletions(-) (limited to 'source4') diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index c491088302..85506fb41b 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -616,14 +616,14 @@ NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx, const char *principa return nt_status; } - nt_status = authsam_make_server_info(mem_ctx, sam_ctx, msgs[0], msgs_domain_ref[0], + nt_status = authsam_make_server_info(tmp_ctx, sam_ctx, msgs[0], msgs_domain_ref[0], user_sess_key, lm_sess_key, server_info); - if (!NT_STATUS_IS_OK(nt_status)) { - talloc_free(tmp_ctx); - return nt_status; + if (NT_STATUS_IS_OK(nt_status)) { + talloc_steal(mem_ctx, *server_info); } - return NT_STATUS_OK; + talloc_free(tmp_ctx); + return nt_status; } static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx, diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index f9650ee6cc..c90faacf02 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -759,7 +759,7 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit } static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_security, - struct auth_session_info **_session_info) + struct auth_session_info **_session_info) { NTSTATUS nt_status; TALLOC_CTX *mem_ctx; @@ -873,13 +873,17 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi } /* references the server_info into the session_info */ - nt_status = auth_generate_session_info(gensec_gssapi_state, server_info, &session_info); - talloc_free(mem_ctx); - talloc_free(server_info); - NT_STATUS_NOT_OK_RETURN(nt_status); + nt_status = auth_generate_session_info(mem_ctx, server_info, &session_info); + if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(mem_ctx); + return nt_status; + } nt_status = gensec_gssapi_session_key(gensec_security, &session_info->session_key); - NT_STATUS_NOT_OK_RETURN(nt_status); + if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(mem_ctx); + return nt_status; + } if (!(gensec_gssapi_state->got_flags & GSS_C_DELEG_FLAG)) { DEBUG(10, ("gensec_gssapi: NO delegated credentials supplied by client\n")); @@ -888,6 +892,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi DEBUG(10, ("gensec_gssapi: delegated credentials supplied by client\n")); session_info->credentials = cli_credentials_init(session_info); if (!session_info->credentials) { + talloc_free(mem_ctx); return NT_STATUS_NO_MEMORY; } @@ -897,11 +902,13 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi gensec_gssapi_state->delegated_cred_handle, CRED_SPECIFIED); if (ret) { + talloc_free(mem_ctx); return NT_STATUS_NO_MEMORY; } /* It has been taken from this place... */ gensec_gssapi_state->delegated_cred_handle = GSS_C_NO_CREDENTIAL; } + talloc_steal(gensec_gssapi_state, session_info); *_session_info = session_info; return NT_STATUS_OK; diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index de93c5bd0c..a52ea1b686 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -546,6 +546,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security } else { pac = data_blob_talloc(mem_ctx, pac_data.data, pac_data.length); if (!pac.data) { + talloc_free(mem_ctx); return NT_STATUS_NO_MEMORY; } @@ -554,6 +555,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security DEBUG(5, ("krb5_ticket_get_client failed to get cleint principal: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); + talloc_free(mem_ctx); return NT_STATUS_NO_MEMORY; } @@ -568,12 +570,11 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security if (NT_STATUS_IS_OK(nt_status)) { union netr_Validation validation; validation.sam3 = &logon_info->info3; - nt_status = make_server_info_netlogon_validation(gensec_krb5_state, + nt_status = make_server_info_netlogon_validation(mem_ctx, NULL, 3, &validation, &server_info); } - talloc_free(mem_ctx); } @@ -590,6 +591,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security DEBUG(5, ("krb5_ticket_get_client failed to get cleint principal: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); + talloc_free(mem_ctx); return NT_STATUS_NO_MEMORY; } @@ -597,6 +599,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security client_principal, &principal_string); krb5_free_principal(context, client_principal); if (ret) { + talloc_free(mem_ctx); return NT_STATUS_NO_MEMORY; } @@ -611,16 +614,24 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security } /* references the server_info into the session_info */ - nt_status = auth_generate_session_info(gensec_krb5_state, server_info, &session_info); - talloc_free(mem_ctx); + nt_status = auth_generate_session_info(mem_ctx, server_info, &session_info); - NT_STATUS_NOT_OK_RETURN(nt_status); + if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(mem_ctx); + return nt_status; + } nt_status = gensec_krb5_session_key(gensec_security, &session_info->session_key); - NT_STATUS_NOT_OK_RETURN(nt_status); + + if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(mem_ctx); + return nt_status; + } *_session_info = session_info; + talloc_steal(gensec_krb5_state, session_info); + talloc_free(mem_ctx); return NT_STATUS_OK; } -- cgit