The branch, master has been updated
via 0d95cee... s3:auth Change auth_ntlmssp_server_info API to return
NTSTATUS
via 1debe30... s3:smbd Give the kerberos session key a parent
via 39d1a52... s3:smbd Fix segfault if register_existing_vuid() fails
from bfdd85d... s3-selftest: enable RPC-BIND against s3.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0d95cee58f80e46636fa4b826d248c9ce9983c9b
Author: Andrew Bartlett <[email protected]>
Date: Mon Jul 12 14:26:34 2010 +1000
s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS
This fixes a bug where register_existing_vuid() could be called with a
NULL server_info if the alloction failed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <[email protected]>
commit 1debe30689e75023fab44028ef6942a692e37e95
Author: Andrew Bartlett <[email protected]>
Date: Mon Jul 12 14:25:28 2010 +1000
s3:smbd Give the kerberos session key a parent
Nothing will free this, so this prevents a memory leak.
Andrew Bartlett
Signed-off-by: Jelmer Vernooij <[email protected]>
Signed-off-by: Andrew Tridgell <[email protected]>
commit 39d1a525d1bb658bd0a666c3f630a669b5399ef1
Author: Andrew Bartlett <[email protected]>
Date: Mon Jul 12 14:21:34 2010 +1000
s3:smbd Fix segfault if register_existing_vuid() fails
The register_existing_vuid() call will handle both the ntlmssp_end and
vuid invalidation internally, so we don't want to do it again.
Andrew Bartlett
Signed-off-by: Jelmer Vernooij <[email protected]>
Signed-off-by: Andrew Tridgell <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_ntlmssp.c | 11 +++++++----
source3/include/proto.h | 5 +++--
source3/rpc_server/srv_pipe.c | 7 ++++---
source3/smbd/sesssetup.c | 20 +++++++++++++++-----
source3/smbd/smb2_sesssetup.c | 7 ++++---
5 files changed, 33 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index df4666a..ba7efbf 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -84,8 +84,9 @@ void auth_ntlmssp_want_seal(struct auth_ntlmssp_state
*auth_ntlmssp_state)
}
-struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
- struct
auth_ntlmssp_state *auth_ntlmssp_state)
+NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
+ struct auth_ntlmssp_state *auth_ntlmssp_state,
+ struct auth_serversupplied_info
**_server_info)
{
struct auth_serversupplied_info *server_info =
auth_ntlmssp_state->server_info;
data_blob_free(&server_info->user_session_key);
@@ -95,10 +96,12 @@ struct auth_serversupplied_info
*auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
auth_ntlmssp_state->ntlmssp_state->session_key.data,
auth_ntlmssp_state->ntlmssp_state->session_key.length);
if (auth_ntlmssp_state->ntlmssp_state->session_key.length &&
!server_info->user_session_key.data) {
- return NULL;
+ *_server_info = NULL;
+ return NT_STATUS_NO_MEMORY;
}
auth_ntlmssp_state->server_info = NULL;
- return talloc_steal(mem_ctx, server_info);
+ *_server_info = talloc_steal(mem_ctx, server_info);
+ return NT_STATUS_OK;
}
struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state
*auth_ntlmssp_state)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index d7b70cb..cfa68da 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -54,8 +54,9 @@ NTSTATUS auth_netlogond_init(void);
/* The following definitions come from auth/auth_ntlmssp.c */
-struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
- struct
auth_ntlmssp_state *auth_ntlmssp_state);
+NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
+ struct auth_ntlmssp_state *auth_ntlmssp_state,
+ struct auth_serversupplied_info
**_server_info);
struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state
*auth_ntlmssp_state);
const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state
*auth_ntlmssp_state);
const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state
*auth_ntlmssp_state);
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 34587f8..85c212a 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -736,9 +736,10 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p,
DATA_BLOB *p_resp_blob)
TALLOC_FREE(p->server_info);
- p->server_info = auth_ntlmssp_server_info(p, a);
- if (p->server_info == NULL) {
- DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server
info for authenticated user\n"));
+ status = auth_ntlmssp_server_info(p, a, &p->server_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server
info for authenticated user: %s\n",
+ nt_errstr(status)));
return false;
}
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index b296a1f..80a5239 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -561,6 +561,8 @@ static void reply_spnego_kerberos(struct smb_request *req,
data_blob_free(&server_info->user_session_key);
server_info->user_session_key = session_key;
+ talloc_steal(server_info, session_key.data);
+
session_key = data_blob_null;
/* register_existing_vuid keeps the server info */
@@ -629,12 +631,13 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
const char *OID,
bool wrap)
{
+ bool do_invalidate = true;
DATA_BLOB response;
struct auth_serversupplied_info *server_info = NULL;
struct smbd_server_connection *sconn = req->sconn;
if (NT_STATUS_IS_OK(nt_status)) {
- server_info = auth_ntlmssp_server_info(talloc_tos(),
(*auth_ntlmssp_state));
+ nt_status = auth_ntlmssp_server_info(talloc_tos(),
(*auth_ntlmssp_state), &server_info);
} else {
/* Note that this server_info won't have a session
* key. But for map to guest, that's exactly the right
@@ -663,6 +666,11 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
server_info, nullblob,
auth_ntlmssp_get_username(*auth_ntlmssp_state)) !=
vuid) {
+ /* The problem is, *auth_ntlmssp_state points
+ * into the vuser this will have
+ * talloc_free()'ed in
+ * register_existing_vuid() */
+ do_invalidate = false;
nt_status = NT_STATUS_LOGON_FAILURE;
goto out;
}
@@ -696,10 +704,12 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
/* NB. This is *NOT* an error case. JRA */
- auth_ntlmssp_end(auth_ntlmssp_state);
- if (!NT_STATUS_IS_OK(nt_status)) {
- /* Kill the intermediate vuid */
- invalidate_vuid(sconn, vuid);
+ if (do_invalidate) {
+ auth_ntlmssp_end(auth_ntlmssp_state);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ /* Kill the intermediate vuid */
+ invalidate_vuid(sconn, vuid);
+ }
}
}
}
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 56aa2b8..6586a45 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -615,11 +615,12 @@ static NTSTATUS
smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
uint64_t *out_session_id)
{
fstring tmp;
- session->server_info = auth_ntlmssp_server_info(session,
session->auth_ntlmssp_state);
- if (!session->server_info) {
+ NTSTATUS status = auth_ntlmssp_server_info(session,
session->auth_ntlmssp_state,
+ &session->server_info);
+ if (!NT_STATUS_IS_OK(status)) {
auth_ntlmssp_end(&session->auth_ntlmssp_state);
TALLOC_FREE(session);
- return NT_STATUS_NO_MEMORY;
+ return status;
}
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
--
Samba Shared Repository
