[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Jul 20 16:00:31 MDT 2010
The branch, master has been updated
via cce19c5... Fix one more data_blob -> data_blob_talloc. Move away from implicit NULL context tallocs.
from 4ed9437... Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduce use of malloc, and data_blob().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit cce19c51625e2d73a541bbdfcc549f5a63c26abe
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jul 20 14:59:31 2010 -0700
Fix one more data_blob -> data_blob_talloc. Move away from implicit NULL context tallocs.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 8 +++++---
source3/libads/sasl.c | 9 ++++++---
source3/libsmb/cliconnect.c | 4 ++--
source3/libsmb/clifsinfo.c | 13 +++++++------
source3/libsmb/clispnego.c | 12 +++++++-----
source3/rpc_client/cli_pipe.c | 4 +++-
source3/smbd/negprot.c | 4 ++--
7 files changed, 32 insertions(+), 22 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index ce94ae5..4af9509 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2796,7 +2796,8 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr
/* The following definitions come from libsmb/clispnego.c */
-DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+DATA_BLOB spnego_gen_negTokenInit(TALLOC_CTX *ctx,
+ const char *OIDs[],
DATA_BLOB *psecblob,
const char *principal);
bool spnego_parse_negTokenInit(TALLOC_CTX *ctx,
@@ -2807,8 +2808,9 @@ bool spnego_parse_negTokenInit(TALLOC_CTX *ctx,
DATA_BLOB gen_negTokenTarg(const char *OIDs[], DATA_BLOB blob);
DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2]);
bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]);
-int spnego_gen_krb5_negTokenInit(const char *principal, int time_offset,
- DATA_BLOB *targ,
+int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx,
+ const char *principal, int time_offset,
+ DATA_BLOB *targ,
DATA_BLOB *session_key_krb5, uint32 extra_ap_opts,
time_t *expire_time);
bool spnego_parse_challenge(const DATA_BLOB blob,
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 1b62daf..d0b3f2a 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -192,7 +192,8 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
if (turn == 1) {
const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
/* and wrap it in a SPNEGO wrapper */
- msg1 = spnego_gen_negTokenInit(OIDs_ntlm, &blob_out, NULL);
+ msg1 = spnego_gen_negTokenInit(talloc_tos(),
+ OIDs_ntlm, &blob_out, NULL);
} else {
/* wrap it in SPNEGO */
msg1 = spnego_gen_auth(blob_out);
@@ -508,7 +509,8 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t
/* and wrap that in a shiny SPNEGO wrapper */
unwrapped = data_blob_const(output_token.value, output_token.length);
- wrapped = spnego_gen_negTokenInit(spnego_mechs, &unwrapped, NULL);
+ wrapped = spnego_gen_negTokenInit(talloc_tos(),
+ spnego_mechs, &unwrapped, NULL);
gss_release_buffer(&minor_status, &output_token);
if (unwrapped.length > wrapped.length) {
status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -705,7 +707,8 @@ static ADS_STATUS ads_sasl_spnego_rawkrb5_bind(ADS_STRUCT *ads, const char *prin
return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
}
- rc = spnego_gen_krb5_negTokenInit(principal, ads->auth.time_offset, &blob, &session_key, 0,
+ rc = spnego_gen_krb5_negTokenInit(talloc_tos(), principal,
+ ads->auth.time_offset, &blob, &session_key, 0,
&ads->auth.tgs_expire);
if (rc) {
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 86338d0..86448ff 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -857,7 +857,7 @@ static struct tevent_req *cli_session_setup_kerberos_send(
* Ok, this is cheating: spnego_gen_krb5_negTokenInit can block if
* we have to acquire a ticket. To be fixed later :-)
*/
- rc = spnego_gen_krb5_negTokenInit(principal, 0, &state->negTokenTarg,
+ rc = spnego_gen_krb5_negTokenInit(state, principal, 0, &state->negTokenTarg,
&state->session_key_krb5, 0, NULL);
if (rc) {
DEBUG(1, ("cli_session_setup_kerberos: "
@@ -1033,7 +1033,7 @@ static struct tevent_req *cli_session_setup_ntlmssp_send(
goto fail;
}
- state->blob_out = spnego_gen_negTokenInit(OIDs_ntlm, &blob_out, NULL);
+ state->blob_out = spnego_gen_negTokenInit(state, OIDs_ntlm, &blob_out, NULL);
data_blob_free(&blob_out);
subreq = cli_sesssetup_blob_send(state, ev, cli, state->blob_out);
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index 3c8e544..aa7d1fb 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -716,7 +716,8 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli,
Get client gss blob to send to a server.
******************************************************************************/
-static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es,
+static NTSTATUS make_cli_gss_blob(TALLOC_CTX *ctx,
+ struct smb_trans_enc_state *es,
const char *service,
const char *host,
NTSTATUS status_in,
@@ -798,10 +799,10 @@ static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es,
status = NT_STATUS_ACCESS_DENIED;
}
- blob_out = data_blob(tok_out.value, tok_out.length);
+ blob_out = data_blob_talloc(ctx, tok_out.value, tok_out.length);
/* Wrap in an SPNEGO wrapper */
- *p_blob_out = spnego_gen_negTokenInit(krb_mechs, &blob_out, NULL);
+ *p_blob_out = spnego_gen_negTokenInit(ctx, krb_mechs, &blob_out, NULL);
fail:
@@ -837,10 +838,10 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
strlower_m(fqdn);
servicename = "cifs";
- status = make_cli_gss_blob(es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
+ status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) {
servicename = "host";
- status = make_cli_gss_blob(es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
+ status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) {
goto fail;
}
@@ -853,7 +854,7 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
es->enc_ctx_num = SVAL(param_out.data, 0);
}
data_blob_free(&blob_send);
- status = make_cli_gss_blob(es, servicename, fqdn, status, blob_recv, &blob_send);
+ status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, status, blob_recv, &blob_send);
} while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED));
data_blob_free(&blob_recv);
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 0935041..d586712 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -29,7 +29,8 @@
OIDs (the mechanisms) a blob, and a principal name string
*/
-DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+DATA_BLOB spnego_gen_negTokenInit(TALLOC_CTX *ctx,
+ const char *OIDs[],
DATA_BLOB *psecblob,
const char *principal)
{
@@ -81,7 +82,7 @@ DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data->ofs));
}
- ret = data_blob(data->data, data->length);
+ ret = data_blob_talloc(ctx, data->data, data->length);
asn1_free(data);
return ret;
@@ -289,8 +290,9 @@ bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2])
generate a SPNEGO krb5 negTokenInit packet, ready for a EXTENDED_SECURITY
kerberos session setup
*/
-int spnego_gen_krb5_negTokenInit(const char *principal, int time_offset,
- DATA_BLOB *targ,
+int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx,
+ const char *principal, int time_offset,
+ DATA_BLOB *targ,
DATA_BLOB *session_key_krb5, uint32 extra_ap_opts,
time_t *expire_time)
{
@@ -310,7 +312,7 @@ int spnego_gen_krb5_negTokenInit(const char *principal, int time_offset,
tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
/* and wrap that in a shiny SPNEGO wrapper */
- *targ = spnego_gen_negTokenInit(krb_mechs, &tkt_wrapped, NULL);
+ *targ = spnego_gen_negTokenInit(ctx, krb_mechs, &tkt_wrapped, NULL);
data_blob_free(&tkt_wrapped);
data_blob_free(&tkt);
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 226f139..3ca9271 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1352,7 +1352,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *
}
/* Wrap this in SPNEGO. */
- spnego_msg = spnego_gen_negTokenInit(OIDs_ntlm, &request, NULL);
+ spnego_msg = spnego_gen_negTokenInit(talloc_tos(), OIDs_ntlm, &request, NULL);
data_blob_free(&request);
@@ -1363,6 +1363,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *
1, /* auth_context_id */
&spnego_msg,
auth_info);
+
if (!NT_STATUS_IS_OK(status)) {
data_blob_free(&spnego_msg);
return status;
@@ -1370,6 +1371,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *
DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate:\n"));
dump_data(5, spnego_msg.data, spnego_msg.length);
+ data_blob_free(&spnego_msg);
return NT_STATUS_OK;
}
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index c5c83ca..4ff4eee 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -211,7 +211,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
blob = data_blob(guid, 16);
#else
/* Code for standalone WXP client */
- blob = spnego_gen_negTokenInit(OIDs_ntlm, NULL, "NONE");
+ blob = spnego_gen_negTokenInit(ctx, OIDs_ntlm, NULL, "NONE");
#endif
} else {
fstring myname;
@@ -222,7 +222,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
== -1) {
return data_blob_null;
}
- blob = spnego_gen_negTokenInit(OIDs_krb5, NULL, host_princ_s);
+ blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, host_princ_s);
SAFE_FREE(host_princ_s);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list