asn1_end_tag(&data);
asn1_end_tag(&data);
asn1_end_tag(&data);
+ asn1_free(&data);
return pac_contents;
}
prs_copy_data_in(&ps, pac_data_blob.data, pac_data_blob.length);
prs_set_offset(&ps, 0);
+ data_blob_free(&pac_data_blob);
+
pac_data = (PAC_DATA *) talloc_zero(ctx, sizeof(PAC_DATA));
pac_io_pac_data("pac data", pac_data, &ps, 0);
/* CIFS doesn't use addresses in tickets. This would breat NAT. JRA */
- if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) {
- sret = NT_STATUS_NO_MEMORY;
- goto out;
- }
-
if ((ret = get_kerberos_allowed_etypes(context, &enctypes))) {
DEBUG(1,("ads_verify_ticket: krb5_get_permitted_enctypes failed (%s)\n",
error_message(ret)));
/* We need to setup a auth context with each possible encoding type in turn. */
for (i=0;enctypes[i];i++) {
+ if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) {
+ sret = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
if (create_kerberos_key_from_string(context, host_princ, &password, key, enctypes[i])) {
continue;
}
krb5_auth_con_setuseruserkey(context, auth_context, key);
+ krb5_free_keyblock(context, key);
+
packet.length = ticket->length;
packet.data = (krb5_pointer)ticket->data;
NULL, keytab, NULL, &tkt))) {
DEBUG(10,("ads_verify_ticket: enc type [%u] decrypted message !\n",
(unsigned int)enctypes[i] ));
- free_kerberos_etypes(context, enctypes);
auth_ok = True;
break;
}
if (!NT_STATUS_IS_OK(sret))
data_blob_free(ap_rep);
- SAFE_FREE(host_princ_s);
+ krb5_free_principal(context, host_princ);
+ krb5_free_ticket(context, tkt);
+ free_kerberos_etypes(context, enctypes);
SAFE_FREE(password_s);
+ SAFE_FREE(host_princ_s);
if (auth_context)
krb5_auth_con_free(context, auth_context);
return ret;
}
krb5_use_enctype(context, &eblock, enctype);
- return krb5_string_to_key(context, &eblock, key, password, &salt);
+ ret = krb5_string_to_key(context, &eblock, key, password, &salt);
+ SAFE_FREE(salt.data);
+ return ret;
}
#elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
int create_kerberos_key_from_string(krb5_context context,
}
data_blob_free(&auth_data);
+ data_blob_free(&ticket);
DEBUG(3,("Ticket name is [%s]\n", client));
if (!p) {
DEBUG(3,("Doesn't look like a valid principal\n"));
data_blob_free(&ap_rep);
+ SAFE_FREE(client);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1));
if (!lp_allow_trusted_domains()) {
data_blob_free(&ap_rep);
+ SAFE_FREE(client);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
foreign = True;
user = smb_xstrdup(client);
}
+ SAFE_FREE(client);
+
/* setup the string used by %U */
sub_set_smb_name(user);