}
if (conn->smb1.trans_enc) {
- common_free_encryption_state(&conn->smb1.trans_enc);
+ TALLOC_FREE(conn->smb1.trans_enc);
}
return 0;
{
/* Replace the old state, if any. */
if (conn->smb1.trans_enc) {
- common_free_encryption_state(&conn->smb1.trans_enc);
+ TALLOC_FREE(conn->smb1.trans_enc);
}
conn->smb1.trans_enc = es;
}
return common_gensec_decrypt_buffer(es->gensec_security, buf);
}
-/******************************************************************************
- Shutdown an encryption state.
-******************************************************************************/
-
-void common_free_encryption_state(struct smb_trans_enc_state **pp_es)
-{
- struct smb_trans_enc_state *es = *pp_es;
-
- if (es == NULL) {
- return;
- }
-
- if (es->gensec_security) {
- TALLOC_FREE(es->gensec_security);
- }
- SAFE_FREE(es);
- *pp_es = NULL;
-}
-
/******************************************************************************
Free an encryption-allocated buffer.
******************************************************************************/
bool common_encryption_on(struct smb_trans_enc_state *es);
NTSTATUS common_encrypt_buffer(struct smb_trans_enc_state *es, char *buffer, char **buf_out);
NTSTATUS common_decrypt_buffer(struct smb_trans_enc_state *es, char *buf);
-void common_free_encryption_state(struct smb_trans_enc_state **pp_es);
void common_free_enc_buffer(struct smb_trans_enc_state *es, char *buf);
#endif /* _HEADER_SMB_CRYPT_H */
return status;
}
-/******************************************************************************
- Make a client state struct.
-******************************************************************************/
-
-static struct smb_trans_enc_state *make_cli_enc_state(void)
-{
- struct smb_trans_enc_state *es = NULL;
- es = SMB_MALLOC_P(struct smb_trans_enc_state);
- if (!es) {
- return NULL;
- }
- ZERO_STRUCTP(es);
-
- return es;
-}
-
/******************************************************************************
Start a raw ntlmssp encryption.
******************************************************************************/
DATA_BLOB param_out = data_blob_null;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
struct auth_generic_state *auth_generic_state;
- struct smb_trans_enc_state *es = make_cli_enc_state();
-
+ struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state);
if (!es) {
return NT_STATUS_NO_MEMORY;
}
- status = auth_generic_client_prepare(NULL,
+ status = auth_generic_client_prepare(es,
&auth_generic_state);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
fail:
- TALLOC_FREE(auth_generic_state);
- common_free_encryption_state(&es);
+ TALLOC_FREE(es);
return status;
}
DATA_BLOB param_out = data_blob_null;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
struct auth_generic_state *auth_generic_state;
- struct smb_trans_enc_state *es = make_cli_enc_state();
+ struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state);
if (!es) {
return NT_STATUS_NO_MEMORY;
}
- status = auth_generic_client_prepare(NULL,
+ status = auth_generic_client_prepare(es,
&auth_generic_state);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
/* We only need the gensec_security part from here.
* es is a malloc()ed pointer, so we cannot make
* gensec_security a talloc child */
- es->gensec_security = talloc_move(NULL,
+ es->gensec_security = talloc_move(es,
&auth_generic_state->gensec_security);
smb1cli_conn_set_encryption(cli->conn, es);
es = NULL;
}
fail:
- common_free_encryption_state(&es);
+ TALLOC_FREE(es);
return status;
}
static NTSTATUS make_auth_gensec(const struct tsocket_address *remote_address,
struct smb_trans_enc_state *es)
{
- struct gensec_security *gensec_security;
NTSTATUS status;
- status = auth_generic_prepare(NULL, remote_address,
- &gensec_security);
+ status = auth_generic_prepare(es, remote_address,
+ &es->gensec_security);
if (!NT_STATUS_IS_OK(status)) {
return nt_status_squash(status);
}
- gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
+ gensec_want_feature(es->gensec_security, GENSEC_FEATURE_SEAL);
/*
* We could be accessing the secrets.tdb or krb5.keytab file here.
*/
become_root();
- status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
+ status = gensec_start_mech_by_oid(es->gensec_security, GENSEC_OID_SPNEGO);
unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(gensec_security);
return nt_status_squash(status);
}
- es->gensec_security = gensec_security;
-
return status;
}
-/******************************************************************************
- Shutdown a server encryption context.
-******************************************************************************/
-
-static void srv_free_encryption_context(struct smb_trans_enc_state **pp_es)
-{
- struct smb_trans_enc_state *es = *pp_es;
-
- if (!es) {
- return;
- }
-
- common_free_encryption_state(&es);
-
- SAFE_FREE(es);
- *pp_es = NULL;
-}
-
/******************************************************************************
Create a server encryption context.
******************************************************************************/
*pp_es = NULL;
ZERO_STRUCTP(partial_srv_trans_enc_ctx);
- es = SMB_MALLOC_P(struct smb_trans_enc_state);
+ es = talloc_zero(NULL, struct smb_trans_enc_state);
if (!es) {
return NT_STATUS_NO_MEMORY;
}
- ZERO_STRUCTP(es);
status = make_auth_gensec(remote_address,
es);
if (!NT_STATUS_IS_OK(status)) {
- srv_free_encryption_context(&es);
+ TALLOC_FREE(es);
return status;
}
*pp_es = es;
es = partial_srv_trans_enc_ctx;
if (!es || es->gensec_security == NULL) {
- srv_free_encryption_context(&partial_srv_trans_enc_ctx);
+ TALLOC_FREE(partial_srv_trans_enc_ctx);
return NT_STATUS_INVALID_PARAMETER;
}
unbecome_root();
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
!NT_STATUS_IS_OK(status)) {
- srv_free_encryption_context(&partial_srv_trans_enc_ctx);
+ TALLOC_FREE(partial_srv_trans_enc_ctx);
return nt_status_squash(status);
}
return status;
}
/* Throw away the context we're using currently (if any). */
- srv_free_encryption_context(&srv_trans_enc_ctx);
+ TALLOC_FREE(srv_trans_enc_ctx);
/* Steal the partial pointer. Deliberate shallow copy. */
srv_trans_enc_ctx = partial_srv_trans_enc_ctx;
void server_encryption_shutdown(struct smbd_server_connection *sconn)
{
- srv_free_encryption_context(&partial_srv_trans_enc_ctx);
- srv_free_encryption_context(&srv_trans_enc_ctx);
+ TALLOC_FREE(partial_srv_trans_enc_ctx);
+ TALLOC_FREE(srv_trans_enc_ctx);
}