diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2009-03-18 16:23:27 +1100 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2009-04-07 13:30:16 +0200 |
| commit | 7e6d6eeff3e082d7223264c17cb27c2ab89df9aa (patch) | |
| tree | 3d6df266000917db91de9ea1fce5daf1c8a8558c /source3 | |
| parent | 33eaa9accb90824ecc5c688326ba4c3c054f7e4a (diff) | |
| download | samba-7e6d6eeff3e082d7223264c17cb27c2ab89df9aa.tar.gz | |
s3:kerberos Rework smb_krb5_unparse_name() to take a talloc context
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 574a6a8c350a4bab3f42f3f9cfb382db721d69b5)
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/include/includes.h | 7 | ||||
| -rw-r--r-- | source3/libads/authdata.c | 2 | ||||
| -rw-r--r-- | source3/libads/kerberos.c | 8 | ||||
| -rw-r--r-- | source3/libads/kerberos_keytab.c | 27 | ||||
| -rw-r--r-- | source3/libads/kerberos_verify.c | 6 | ||||
| -rw-r--r-- | source3/libnet/libnet_keytab.c | 32 | ||||
| -rw-r--r-- | source3/libsmb/clikrb5.c | 23 | ||||
| -rw-r--r-- | source3/smbd/sesssetup.c | 8 | ||||
| -rw-r--r-- | source3/utils/ntlm_auth.c | 6 |
9 files changed, 54 insertions, 65 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h index 4bf4b5c7357..248c326e8f9 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -900,9 +900,10 @@ krb5_error_code smb_krb5_parse_name(krb5_context context, const char *name, /* in unix charset */ krb5_principal *principal); -krb5_error_code smb_krb5_unparse_name(krb5_context context, - krb5_const_principal principal, - char **unix_name); +krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, + krb5_context context, + krb5_const_principal principal, + char **unix_name); #ifndef HAVE_KRB5_SET_REAL_TIME krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds); diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 9f0f68ed7b5..0032e9e4f65 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -469,7 +469,7 @@ out: data_blob_free(&sesskey1); data_blob_free(&sesskey2); - SAFE_FREE(client_princ_out); + TALLOC_FREE(client_princ_out); return status; } diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 52cb975a6c5..c476f59ff52 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -545,7 +545,7 @@ krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, /* look under the old key. If this fails, just use the standard key */ - if (smb_krb5_unparse_name(context, host_princ, &unparsed_name) != 0) { + if (smb_krb5_unparse_name(talloc_tos(), context, host_princ, &unparsed_name) != 0) { return (krb5_principal)NULL; } if ((salt_princ_s = kerberos_secrets_fetch_salting_principal(unparsed_name, enctype)) == NULL) { @@ -558,7 +558,7 @@ krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, ret_princ = NULL; } - SAFE_FREE(unparsed_name); + TALLOC_FREE(unparsed_name); SAFE_FREE(salt_princ_s); return ret_princ; @@ -603,7 +603,7 @@ bool kerberos_secrets_store_salting_principal(const char *service, goto out; } - if (smb_krb5_unparse_name(context, princ, &unparsed_name) != 0) { + if (smb_krb5_unparse_name(talloc_tos(), context, princ, &unparsed_name) != 0) { goto out; } @@ -623,7 +623,7 @@ bool kerberos_secrets_store_salting_principal(const char *service, SAFE_FREE(key); SAFE_FREE(princ_s); - SAFE_FREE(unparsed_name); + TALLOC_FREE(unparsed_name); if (princ) { krb5_free_principal(context, princ); diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index 7c028cb78fe..4fede259ab7 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -64,7 +64,7 @@ int smb_krb5_kt_add_entry_ext(krb5_context context, while(!krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) { bool compare_name_ok = False; - ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc); + ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal, &ktprinc); if (ret) { DEBUG(1,("smb_krb5_kt_add_entry_ext: smb_krb5_unparse_name failed (%s)\n", error_message(ret))); @@ -91,7 +91,7 @@ int smb_krb5_kt_add_entry_ext(krb5_context context, ktprinc, kt_entry.vno)); } - SAFE_FREE(ktprinc); + TALLOC_FREE(ktprinc); if (compare_name_ok) { if (kt_entry.vno == kvno - 1) { @@ -549,13 +549,12 @@ int ads_keytab_create_default(ADS_STRUCT *ads) } } - TALLOC_FREE( ctx ); - /* Now loop through the keytab and update any other existing entries... */ kvno = (krb5_kvno) ads_get_machine_kvno(ads, machine_name); if (kvno == -1) { DEBUG(1,("ads_keytab_create_default: ads_get_machine_kvno failed to determine the system's kvno.\n")); + TALLOC_FREE(ctx); return -1; } @@ -569,6 +568,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads) ret = krb5_init_context(&context); if (ret) { DEBUG(1,("ads_keytab_create_default: could not krb5_init_context: %s\n",error_message(ret))); + TALLOC_FREE(ctx); return ret; } @@ -599,7 +599,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads) if (!found) { goto done; } - oldEntries = SMB_MALLOC_ARRAY(char *, found ); + oldEntries = talloc_array(ctx, char *, found ); if (!oldEntries) { DEBUG(1,("ads_keytab_create_default: Failed to allocate space to store the old keytab entries (malloc failed?).\n")); ret = -1; @@ -615,7 +615,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads) char *p; /* This returns a malloc'ed string in ktprinc. */ - ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc); + ret = smb_krb5_unparse_name(oldEntries, context, kt_entry.principal, &ktprinc); if (ret) { DEBUG(1,("smb_krb5_unparse_name failed (%s)\n", error_message(ret))); goto done; @@ -640,12 +640,12 @@ int ads_keytab_create_default(ADS_STRUCT *ads) break; } if (!strcmp(oldEntries[i], ktprinc)) { - SAFE_FREE(ktprinc); + TALLOC_FREE(ktprinc); break; } } if (i == found) { - SAFE_FREE(ktprinc); + TALLOC_FREE(ktprinc); } } smb_krb5_kt_free_entry(context, &kt_entry); @@ -654,7 +654,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads) ret = 0; for (i = 0; oldEntries[i]; i++) { ret |= ads_keytab_add_entry(ads, oldEntries[i]); - SAFE_FREE(oldEntries[i]); + TALLOC_FREE(oldEntries[i]); } krb5_kt_end_seq_get(context, keytab, &cursor); } @@ -662,7 +662,8 @@ int ads_keytab_create_default(ADS_STRUCT *ads) done: - SAFE_FREE(oldEntries); + TALLOC_FREE(oldEntries); + TALLOC_FREE(ctx); { krb5_keytab_entry zero_kt_entry; @@ -728,7 +729,7 @@ int ads_keytab_list(const char *keytab_name) char *etype_s = NULL; krb5_enctype enctype = 0; - ret = smb_krb5_unparse_name(context, kt_entry.principal, &princ_s); + ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal, &princ_s); if (ret) { goto out; } @@ -739,14 +740,14 @@ int ads_keytab_list(const char *keytab_name) if (ret) { if (asprintf(&etype_s, "UNKNOWN: %d\n", enctype) == -1) { - SAFE_FREE(princ_s); + TALLOC_FREE(princ_s); goto out; } } printf("%3d %s\t\t %s\n", kt_entry.vno, etype_s, princ_s); - SAFE_FREE(princ_s); + TALLOC_FREE(princ_s); SAFE_FREE(etype_s); ret = smb_krb5_kt_free_entry(context, &kt_entry); diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index b903b2a6eb8..85029029631 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -192,7 +192,7 @@ static bool ads_keytab_verify_ticket(krb5_context context, } while (!auth_ok && (krb5_kt_next_entry(context, keytab, &kt_entry, &kt_cursor) == 0)) { - ret = smb_krb5_unparse_name(context, kt_entry.principal, &entry_princ_s); + ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal, &entry_princ_s); if (ret) { DEBUG(1, ("ads_keytab_verify_ticket: smb_krb5_unparse_name failed (%s)\n", error_message(ret))); @@ -242,7 +242,7 @@ static bool ads_keytab_verify_ticket(krb5_context context, } /* Free the name we parsed. */ - SAFE_FREE(entry_princ_s); + TALLOC_FREE(entry_princ_s); /* Free the entry we just read. */ smb_krb5_kt_free_entry(context, &kt_entry); @@ -636,7 +636,7 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx, #endif #endif - if ((ret = smb_krb5_unparse_name(context, client_principal, principal))) { + if ((ret = smb_krb5_unparse_name(mem_ctx, context, client_principal, principal))) { DEBUG(3,("ads_verify_ticket: smb_krb5_unparse_name failed (%s)\n", error_message(ret))); sret = NT_STATUS_LOGON_FAILURE; diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 81956942caf..589d4c25254 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -144,7 +144,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, goto cont; } - ret = smb_krb5_unparse_name(context, kt_entry.principal, + ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal, &princ_s); if (ret) { DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n", @@ -190,7 +190,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, cont: smb_krb5_kt_free_entry(context, &kt_entry); - SAFE_FREE(princ_s); + TALLOC_FREE(princ_s); } ret = krb5_kt_end_seq_get(context, keytab, &cursor); @@ -334,6 +334,8 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c krb5_keyblock *keyp; char *princ_s = NULL; + entry = NULL; + if (kt_entry.vno != kvno) { goto cont; } @@ -344,7 +346,13 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c goto cont; } - ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, + entry = talloc_zero(mem_ctx, struct libnet_keytab_entry); + if (!entry) { + DEBUG(3, ("talloc failed\n")); + goto fail; + } + + ret = smb_krb5_unparse_name(entry, ctx->context, kt_entry.principal, &princ_s); if (ret) { goto cont; @@ -354,24 +362,14 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c goto cont; } - entry = talloc_zero(mem_ctx, struct libnet_keytab_entry); - if (!entry) { - DEBUG(3, ("talloc failed\n")); - goto fail; - } - - entry->name = talloc_strdup(entry, princ_s); - if (!entry->name) { - DEBUG(3, ("talloc_strdup_failed\n")); - goto fail; - } - entry->principal = talloc_strdup(entry, princ_s); if (!entry->principal) { DEBUG(3, ("talloc_strdup_failed\n")); goto fail; } + entry->name = talloc_move(entry, &princ_s); + entry->password = data_blob_talloc(entry, KRB5_KEY_DATA(keyp), KRB5_KEY_LENGTH(keyp)); if (!entry->password.data) { @@ -382,18 +380,16 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c DEBUG(10, ("found entry\n")); smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); break; fail: smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); TALLOC_FREE(entry); break; cont: smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); + TALLOC_FREE(entry); continue; } diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 4ab31374e2c..aa98d7668f1 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -56,12 +56,12 @@ static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context, char *utf8_name; size_t converted_size; - if (!push_utf8_allocate(&utf8_name, name, &converted_size)) { + if (!push_utf8_talloc(talloc_tos(), &utf8_name, name, &converted_size)) { return ENOMEM; } ret = krb5_parse_name(context, utf8_name, principal); - SAFE_FREE(utf8_name); + TALLOC_FREE(utf8_name); return ret; } @@ -79,24 +79,25 @@ static krb5_error_code smb_krb5_parse_name_norealm_conv(krb5_context context, size_t converted_size; *principal = NULL; - if (!push_utf8_allocate(&utf8_name, name, &converted_size)) { + if (!push_utf8_talloc(talloc_tos(), &utf8_name, name, &converted_size)) { return ENOMEM; } ret = krb5_parse_name_norealm(context, utf8_name, principal); - SAFE_FREE(utf8_name); + TALLOC_FREE(utf8_name); return ret; } #endif /************************************************************** krb5_parse_name that returns a UNIX charset name. Must - be freed with normal free() call. + be freed with talloc_free() call. **************************************************************/ - krb5_error_code smb_krb5_unparse_name(krb5_context context, - krb5_const_principal principal, - char **unix_name) +krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, + krb5_context context, + krb5_const_principal principal, + char **unix_name) { krb5_error_code ret; char *utf8_name; @@ -108,7 +109,7 @@ static krb5_error_code smb_krb5_parse_name_norealm_conv(krb5_context context, return ret; } - if (!pull_utf8_allocate(unix_name, utf8_name, &converted_size)) { + if (!pull_utf8_talloc(mem_ctx, unix_name, utf8_name, &converted_size)) { krb5_free_unparsed_name(context, utf8_name); return ENOMEM; } @@ -1081,10 +1082,10 @@ get_key_from_keytab(krb5_context context, } if ( DEBUGLEVEL >= 10 ) { - if (smb_krb5_unparse_name(context, server, &name) == 0) { + if (smb_krb5_unparse_name(talloc_tos(), context, server, &name) == 0) { DEBUG(10,("get_key_from_keytab: will look for kvno %d, enctype %d and name: %s\n", kvno, enctype, name)); - SAFE_FREE(name); + TALLOC_FREE(name); } } diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 2c29192220b..2c92c41b1f4 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -352,7 +352,6 @@ static void reply_spnego_kerberos(struct smb_request *req, DEBUG(3,("Doesn't look like a valid principal\n")); data_blob_free(&ap_rep); data_blob_free(&session_key); - SAFE_FREE(client); talloc_destroy(mem_ctx); reply_nterror(req,nt_status_squash(NT_STATUS_LOGON_FAILURE)); return; @@ -374,7 +373,6 @@ static void reply_spnego_kerberos(struct smb_request *req, if (!lp_allow_trusted_domains()) { data_blob_free(&ap_rep); data_blob_free(&session_key); - SAFE_FREE(client); talloc_destroy(mem_ctx); reply_nterror(req, nt_status_squash( NT_STATUS_LOGON_FAILURE)); @@ -464,7 +462,6 @@ static void reply_spnego_kerberos(struct smb_request *req, if ( !pw ) { DEBUG(1,("Username %s is invalid on this system\n", user)); - SAFE_FREE(client); data_blob_free(&ap_rep); data_blob_free(&session_key); TALLOC_FREE(mem_ctx); @@ -490,7 +487,6 @@ static void reply_spnego_kerberos(struct smb_request *req, if ( !NT_STATUS_IS_OK(ret) ) { DEBUG(1,("make_server_info_info3 failed: %s!\n", nt_errstr(ret))); - SAFE_FREE(client); data_blob_free(&ap_rep); data_blob_free(&session_key); TALLOC_FREE(mem_ctx); @@ -504,7 +500,6 @@ static void reply_spnego_kerberos(struct smb_request *req, if ( !NT_STATUS_IS_OK(ret) ) { DEBUG(1,("make_server_info_pw failed: %s!\n", nt_errstr(ret))); - SAFE_FREE(client); data_blob_free(&ap_rep); data_blob_free(&session_key); TALLOC_FREE(mem_ctx); @@ -532,7 +527,6 @@ static void reply_spnego_kerberos(struct smb_request *req, if ( !NT_STATUS_IS_OK(ret) ) { DEBUG(10,("failed to create local token: %s\n", nt_errstr(ret))); - SAFE_FREE(client); data_blob_free(&ap_rep); data_blob_free(&session_key); TALLOC_FREE( mem_ctx ); @@ -560,8 +554,6 @@ static void reply_spnego_kerberos(struct smb_request *req, nullblob, client); - SAFE_FREE(client); - reply_outbuf(req, 4, 0); SSVAL(req->outbuf,smb_uid,sess_vuid); diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 9bc0c60b7bb..7899bd0d076 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1251,8 +1251,6 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, &principal, &pac_data, &ap_rep, &session_key, True); - talloc_destroy(mem_ctx); - /* Now in "principal" we have the name we are authenticated as. */ @@ -1274,9 +1272,9 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, user = SMB_STRDUP(principal); data_blob_free(&ap_rep); - - SAFE_FREE(principal); } + + TALLOC_FREE(mem_ctx); } #endif |