svn commit: samba r13247 - in branches/SAMBA_4_0/source/auth: . gensec

abartlet at samba.org abartlet at samba.org
Tue Jan 31 01:50:55 GMT 2006 

Author: abartlet
Date: 2006-01-31 01:50:54 +0000 (Tue, 31 Jan 2006)
New Revision: 13247

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13247

Log:
Try to make better use of talloc in the auth/ and auth/gensec code.
We don't want temporary memory hanging around on the long-term
contexts.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/auth/auth_sam.c
   branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
   branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c


Changeset:
Modified: branches/SAMBA_4_0/source/auth/auth_sam.c
===================================================================
--- branches/SAMBA_4_0/source/auth/auth_sam.c	2006-01-31 01:49:56 UTC (rev 13246)
+++ branches/SAMBA_4_0/source/auth/auth_sam.c	2006-01-31 01:50:54 UTC (rev 13247)
@@ -616,14 +616,14 @@
 		return nt_status;
 	}
 
-	nt_status = authsam_make_server_info(mem_ctx, sam_ctx, msgs[0], msgs_domain_ref[0],
+	nt_status = authsam_make_server_info(tmp_ctx, sam_ctx, msgs[0], msgs_domain_ref[0],
 					     user_sess_key, lm_sess_key,
 					     server_info);
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		talloc_free(tmp_ctx);
-		return nt_status;
+	if (NT_STATUS_IS_OK(nt_status)) {
+		talloc_steal(mem_ctx, *server_info);
 	}
-	return NT_STATUS_OK;
+	talloc_free(tmp_ctx);
+	return nt_status;
 }
 
 static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx,

Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
===================================================================
--- branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c	2006-01-31 01:49:56 UTC (rev 13246)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c	2006-01-31 01:50:54 UTC (rev 13247)
@@ -759,7 +759,7 @@
 }
 
 static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_security,
-					 struct auth_session_info **_session_info) 
+					   struct auth_session_info **_session_info) 
 {
 	NTSTATUS nt_status;
 	TALLOC_CTX *mem_ctx;
@@ -873,13 +873,17 @@
 	}
 
 	/* references the server_info into the session_info */
-	nt_status = auth_generate_session_info(gensec_gssapi_state, server_info, &session_info);
-	talloc_free(mem_ctx);
-	talloc_free(server_info);
-	NT_STATUS_NOT_OK_RETURN(nt_status);
+	nt_status = auth_generate_session_info(mem_ctx, server_info, &session_info);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
 
 	nt_status = gensec_gssapi_session_key(gensec_security, &session_info->session_key);
-	NT_STATUS_NOT_OK_RETURN(nt_status);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
 
 	if (!(gensec_gssapi_state->got_flags & GSS_C_DELEG_FLAG)) {
 		DEBUG(10, ("gensec_gssapi: NO delegated credentials supplied by client\n"));
@@ -888,6 +892,7 @@
 		DEBUG(10, ("gensec_gssapi: delegated credentials supplied by client\n"));
 		session_info->credentials = cli_credentials_init(session_info);
 		if (!session_info->credentials) {
+			talloc_free(mem_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 
@@ -897,11 +902,13 @@
 							   gensec_gssapi_state->delegated_cred_handle,
 							   CRED_SPECIFIED);
 		if (ret) {
+			talloc_free(mem_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 		/* It has been taken from this place... */
 		gensec_gssapi_state->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
 	}
+	talloc_steal(gensec_gssapi_state, session_info);
 	*_session_info = session_info;
 
 	return NT_STATUS_OK;

Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c
===================================================================
--- branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c	2006-01-31 01:49:56 UTC (rev 13246)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c	2006-01-31 01:50:54 UTC (rev 13247)
@@ -546,6 +546,7 @@
 	} else {
 		pac = data_blob_talloc(mem_ctx, pac_data.data, pac_data.length);
 		if (!pac.data) {
+			talloc_free(mem_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 
@@ -554,6 +555,7 @@
 			DEBUG(5, ("krb5_ticket_get_client failed to get cleint principal: %s\n", 
 				  smb_get_krb5_error_message(context, 
 							     ret, mem_ctx)));
+			talloc_free(mem_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 		
@@ -568,12 +570,11 @@
 		if (NT_STATUS_IS_OK(nt_status)) {
 			union netr_Validation validation;
 			validation.sam3 = &logon_info->info3;
-			nt_status = make_server_info_netlogon_validation(gensec_krb5_state, 
+			nt_status = make_server_info_netlogon_validation(mem_ctx, 
 									 NULL,
 									 3, &validation,
 									 &server_info); 
 		}
-		talloc_free(mem_ctx);
 	}
 
 		
@@ -590,6 +591,7 @@
 			DEBUG(5, ("krb5_ticket_get_client failed to get cleint principal: %s\n", 
 				  smb_get_krb5_error_message(context, 
 							     ret, mem_ctx)));
+			talloc_free(mem_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 		
@@ -597,6 +599,7 @@
 					client_principal, &principal_string);
 		krb5_free_principal(context, client_principal);
 		if (ret) {
+			talloc_free(mem_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 
@@ -611,16 +614,24 @@
 	}
 
 	/* references the server_info into the session_info */
-	nt_status = auth_generate_session_info(gensec_krb5_state, server_info, &session_info);
-	talloc_free(mem_ctx);
+	nt_status = auth_generate_session_info(mem_ctx, server_info, &session_info);
 
-	NT_STATUS_NOT_OK_RETURN(nt_status);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
 
 	nt_status = gensec_krb5_session_key(gensec_security, &session_info->session_key);
-	NT_STATUS_NOT_OK_RETURN(nt_status);
 
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
+
 	*_session_info = session_info;
 
+	talloc_steal(gensec_krb5_state, session_info);
+	talloc_free(mem_ctx);
 	return NT_STATUS_OK;
 }

More information about the samba-cvs mailing list