svn commit: samba r11846 - branches/SAMBA_3_0/source/libads
branches/SAMBA_3_0/source/smbd trunk/source/libads trunk/source/smbd
gd at samba.org
gd at samba.org
Tue Nov 22 10:23:00 GMT 2005
Author: gd
Date: 2005-11-22 10:22:59 +0000 (Tue, 22 Nov 2005)
New Revision: 11846
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11846
Log:
Destroy the TALLOC_CTX on error in the Kerberos session setup and give a
more precise inline comment why PAC verification may fail.
Guenther
Modified:
branches/SAMBA_3_0/source/libads/kerberos_verify.c
branches/SAMBA_3_0/source/smbd/sesssetup.c
trunk/source/libads/kerberos_verify.c
trunk/source/smbd/sesssetup.c
Changeset:
Modified: branches/SAMBA_3_0/source/libads/kerberos_verify.c
===================================================================
--- branches/SAMBA_3_0/source/libads/kerberos_verify.c 2005-11-22 06:07:26 UTC (rev 11845)
+++ branches/SAMBA_3_0/source/libads/kerberos_verify.c 2005-11-22 10:22:59 UTC (rev 11846)
@@ -400,9 +400,9 @@
file_save("/tmp/ticket.dat", ticket->data, ticket->length);
#endif
- /* continue when no PAC is retrieved
- (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set,
- or Kerberos tickets encryped using a DES key) - Guenther */
+ /* continue when no PAC is retrieved or we couldn't decode the PAC
+ (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, or
+ Kerberos tickets encrypted using a DES key) - Guenther */
got_auth_data = get_auth_data_from_tkt(mem_ctx, &auth_data, tkt);
if (!got_auth_data) {
Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/sesssetup.c 2005-11-22 06:07:26 UTC (rev 11845)
+++ branches/SAMBA_3_0/source/smbd/sesssetup.c 2005-11-22 10:22:59 UTC (rev 11846)
@@ -168,6 +168,7 @@
return ERROR_NT(NT_STATUS_NO_MEMORY);
if (!spnego_parse_krb5_wrap(*secblob, &ticket, tok_id)) {
+ talloc_destroy(mem_ctx);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
@@ -177,6 +178,7 @@
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1,("Failed to verify incoming ticket!\n"));
+ talloc_destroy(mem_ctx);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
@@ -188,6 +190,7 @@
data_blob_free(&ap_rep);
data_blob_free(&session_key);
SAFE_FREE(client);
+ talloc_destroy(mem_ctx);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
@@ -206,6 +209,7 @@
data_blob_free(&ap_rep);
data_blob_free(&session_key);
SAFE_FREE(client);
+ talloc_destroy(mem_ctx);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
}
@@ -283,6 +287,7 @@
SAFE_FREE(client);
data_blob_free(&ap_rep);
data_blob_free(&session_key);
+ talloc_destroy(mem_ctx);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
}
@@ -302,6 +307,7 @@
data_blob_free(&ap_rep);
data_blob_free(&session_key);
passwd_free(&pw);
+ talloc_destroy(mem_ctx);
return ERROR_NT(ret);
}
@@ -314,6 +320,7 @@
data_blob_free(&ap_rep);
data_blob_free(&session_key);
passwd_free(&pw);
+ talloc_destroy(mem_ctx);
return ERROR_NT(ret);
}
Modified: trunk/source/libads/kerberos_verify.c
===================================================================
--- trunk/source/libads/kerberos_verify.c 2005-11-22 06:07:26 UTC (rev 11845)
+++ trunk/source/libads/kerberos_verify.c 2005-11-22 10:22:59 UTC (rev 11846)
@@ -400,9 +400,9 @@
file_save("/tmp/ticket.dat", ticket->data, ticket->length);
#endif
- /* continue when no PAC is retrieved
- (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set,
- or Kerberos tickets encryped using a DES key) - Guenther */
+ /* continue when no PAC is retrieved or we couldn't decode the PAC
+ (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, or
+ Kerberos tickets encrypted using a DES key) - Guenther */
got_auth_data = get_auth_data_from_tkt(mem_ctx, &auth_data, tkt);
if (!got_auth_data) {
Modified: trunk/source/smbd/sesssetup.c
===================================================================
--- trunk/source/smbd/sesssetup.c 2005-11-22 06:07:26 UTC (rev 11845)
+++ trunk/source/smbd/sesssetup.c 2005-11-22 10:22:59 UTC (rev 11846)
@@ -168,6 +168,7 @@
return ERROR_NT(NT_STATUS_NO_MEMORY);
if (!spnego_parse_krb5_wrap(*secblob, &ticket, tok_id)) {
+ talloc_destroy(mem_ctx);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
@@ -177,6 +178,7 @@
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1,("Failed to verify incoming ticket!\n"));
+ talloc_destroy(mem_ctx);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
@@ -188,6 +190,7 @@
data_blob_free(&ap_rep);
data_blob_free(&session_key);
SAFE_FREE(client);
+ talloc_destroy(mem_ctx);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
@@ -206,6 +209,7 @@
data_blob_free(&ap_rep);
data_blob_free(&session_key);
SAFE_FREE(client);
+ talloc_destroy(mem_ctx);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
}
@@ -283,6 +287,7 @@
SAFE_FREE(client);
data_blob_free(&ap_rep);
data_blob_free(&session_key);
+ talloc_destroy(mem_ctx);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
}
@@ -302,6 +307,7 @@
data_blob_free(&ap_rep);
data_blob_free(&session_key);
passwd_free(&pw);
+ talloc_destroy(mem_ctx);
return ERROR_NT(ret);
}
@@ -314,6 +320,7 @@
data_blob_free(&ap_rep);
data_blob_free(&session_key);
passwd_free(&pw);
+ talloc_destroy(mem_ctx);
return ERROR_NT(ret);
}
More information about the samba-cvs
mailing list