[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-28-130-geff92e2

Jeremy Allison jra at samba.org
Fri Feb 15 01:44:11 GMT 2008


The branch, v3-0-test has been updated
       via  eff92e2ff0893eecbfc7c66ca4700429df5dc6bc (commit)
       via  3f6c025526b2595081535c86b29a372bc6343c88 (commit)
       via  eb52363673c6c8e478477ee0a10a83d7c4e79d3d (commit)
      from  05d5895a3bb0d8b001ed164c5720f10607dfbaca (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-0-test


- Log -----------------------------------------------------------------
commit eff92e2ff0893eecbfc7c66ca4700429df5dc6bc
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Feb 14 17:43:34 2008 -0800

    Ensure we call nt_status_squash() on returns. Smnall whitespace cleanup.
    Jeremy.

commit 3f6c025526b2595081535c86b29a372bc6343c88
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Feb 14 17:42:03 2008 -0800

    Ensure we call auth_ntlmssp_end in invalidate_vuid and invalidate_partical_vuid.
    Jeremy.

commit eb52363673c6c8e478477ee0a10a83d7c4e79d3d
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Feb 14 17:41:06 2008 -0800

    Allow a *NULL to be passed to auth_ntlmssp_end().
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source/auth/auth_ntlmssp.c |    8 +++++++-
 source/smbd/password.c     |   12 ++++++++++--
 source/smbd/sesssetup.c    |   16 ++++++++--------
 3 files changed, 25 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/auth/auth_ntlmssp.c b/source/auth/auth_ntlmssp.c
index 51b145a..a49b36a 100644
--- a/source/auth/auth_ntlmssp.c
+++ b/source/auth/auth_ntlmssp.c
@@ -187,7 +187,13 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
 
 void auth_ntlmssp_end(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
 {
-	TALLOC_CTX *mem_ctx = (*auth_ntlmssp_state)->mem_ctx;
+	TALLOC_CTX *mem_ctx;
+
+	if (*auth_ntlmssp_state == NULL) {
+		return;
+	}
+
+	mem_ctx = (*auth_ntlmssp_state)->mem_ctx;
 
 	if ((*auth_ntlmssp_state)->ntlmssp_state) {
 		ntlmssp_end(&(*auth_ntlmssp_state)->ntlmssp_state);
diff --git a/source/smbd/password.c b/source/smbd/password.c
index 254d3cf..a617d3c 100644
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -91,11 +91,15 @@ void invalidate_vuid(uint16 vuid)
 
 	if (vuser == NULL)
 		return;
-	
+
 	SAFE_FREE(vuser->homedir);
 	SAFE_FREE(vuser->unix_homedir);
 	SAFE_FREE(vuser->logon_script);
-	
+
+	if (vuser->auth_ntlmssp_state) {
+		auth_ntlmssp_end(&vuser->auth_ntlmssp_state);
+	}
+
 	session_yield(vuser);
 	SAFE_FREE(vuser->session_keystr);
 
@@ -123,6 +127,10 @@ void invalidate_intermediate_vuid(uint16 vuid)
 	if (vuser == NULL)
 		return;
 
+	if (vuser->auth_ntlmssp_state) {
+		auth_ntlmssp_end(&vuser->auth_ntlmssp_state);
+	}
+
 	DLIST_REMOVE(validated_users, vuser);
 
 	SAFE_FREE(vuser);
diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index 4fe3ac3..378d8aa 100644
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -716,7 +716,7 @@ static int reply_spnego_negotiate(connection_struct *conn,
 			"misconfiguration, client sent us a "
 			"krb5 ticket and kerberos security "
 			"not enabled"));
-		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+		return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
 	}
 
 	if (*auth_ntlmssp_state) {
@@ -766,7 +766,7 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
 		/* Kill the intermediate vuid */
 		invalidate_intermediate_vuid(vuid);
 
-		return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
+		return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
 	}
 
 	if (auth.data[0] == ASN1_APPLICATION(0)) {
@@ -795,24 +795,24 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
 
 	/* If we get here it wasn't a negTokenTarg auth packet. */
 	data_blob_free(&secblob);
-	
+
 	if (!*auth_ntlmssp_state) {
 		/* Kill the intermediate vuid */
 		invalidate_intermediate_vuid(vuid);
 
 		/* auth before negotiatiate? */
-		return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
-	
-	status = auth_ntlmssp_update(*auth_ntlmssp_state, 
+
+	status = auth_ntlmssp_update(*auth_ntlmssp_state,
 					auth, &auth_reply);
 
 	data_blob_free(&auth);
 
-	reply_spnego_ntlmssp(conn, inbuf, outbuf, vuid, 
+	reply_spnego_ntlmssp(conn, inbuf, outbuf, vuid,
 			     auth_ntlmssp_state,
 			     &auth_reply, status, True);
-		
+
 	data_blob_free(&auth_reply);
 
 	/* and tell smbd that we have already replied to this packet */


-- 
Samba Shared Repository


More information about the samba-cvs mailing list