From 6d7ac4f1ad364cac6266bd3e88d141a7517a7d15 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 26 Jul 2011 17:20:35 +1000 Subject: [PATCH] s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_update This clarifies the lifetime of the returned token. Andrew Bartlett Signed-off-by: Andrew Tridgell --- source3/include/ntlmssp_wrap.h | 1 + source3/librpc/crypto/cli_spnego.c | 2 +- source3/libsmb/clifsinfo.c | 3 ++- source3/libsmb/ntlmssp_wrap.c | 11 +++++++++-- source3/rpc_client/cli_pipe.c | 7 ++++--- source3/rpc_server/dcesrv_ntlmssp.c | 9 ++------- source3/smbd/seal.c | 10 +++++++--- source3/smbd/sesssetup.c | 11 ++++++----- source3/smbd/smb2_sesssetup.c | 19 ++++--------------- 9 files changed, 36 insertions(+), 37 deletions(-) diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h index ff534da46fe..7cdc2d90206 100644 --- a/source3/include/ntlmssp_wrap.h +++ b/source3/include/ntlmssp_wrap.h @@ -79,6 +79,7 @@ DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, TALLOC_CTX *mem_ctx); NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans, + TALLOC_CTX *mem_ctx, const DATA_BLOB request, DATA_BLOB *reply); NTSTATUS auth_ntlmssp_client_start(TALLOC_CTX *mem_ctx, diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c index f2454846530..3e40d15569f 100644 --- a/source3/librpc/crypto/cli_spnego.c +++ b/source3/librpc/crypto/cli_spnego.c @@ -217,7 +217,7 @@ NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx, case SPNEGO_NTLMSSP: ntlmssp_ctx = sp_ctx->mech_ctx.ntlmssp_state; - status = auth_ntlmssp_update(ntlmssp_ctx, + status = auth_ntlmssp_update(ntlmssp_ctx, mem_ctx, token_in, &token_out); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index db6260efc77..3e268b5e6f8 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -636,7 +636,8 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, } do { - status = auth_ntlmssp_update(es->s.auth_ntlmssp_state, blob_in, &blob_out); + status = auth_ntlmssp_update(es->s.auth_ntlmssp_state, es->s.auth_ntlmssp_state, + blob_in, &blob_out); data_blob_free(&blob_in); data_blob_free(¶m_out); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) { diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c index 43cde19b3b7..454720423aa 100644 --- a/source3/libsmb/ntlmssp_wrap.c +++ b/source3/libsmb/ntlmssp_wrap.c @@ -186,12 +186,19 @@ DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, TALLOC_CT } NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans, + TALLOC_CTX *mem_ctx, const DATA_BLOB request, DATA_BLOB *reply) { + NTSTATUS status; if (ans->gensec_security) { - return gensec_update(ans->gensec_security, ans, request, reply); + return gensec_update(ans->gensec_security, mem_ctx, request, reply); + } + status = ntlmssp_update(ans->ntlmssp_state, request, reply); + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + return status; } - return ntlmssp_update(ans->ntlmssp_state, request, reply); + talloc_steal(mem_ctx, reply->data); + return status; } NTSTATUS auth_ntlmssp_client_start(TALLOC_CTX *mem_ctx, diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 9d0abfc6127..3224f09e279 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1037,6 +1037,7 @@ static NTSTATUS create_gssapi_auth_bind_req(TALLOC_CTX *mem_ctx, ********************************************************************/ static NTSTATUS create_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, DATA_BLOB *auth_token) { struct auth_ntlmssp_state *ntlmssp_ctx; @@ -1047,7 +1048,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *cli, struct auth_ntlmssp_state); DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n")); - status = auth_ntlmssp_update(ntlmssp_ctx, null_blob, auth_token); + status = auth_ntlmssp_update(ntlmssp_ctx, mem_ctx, null_blob, auth_token); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { data_blob_free(auth_token); @@ -1171,7 +1172,7 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX *mem_ctx, break; case DCERPC_AUTH_TYPE_NTLMSSP: - ret = create_ntlmssp_auth_rpc_bind_req(cli, &auth_token); + ret = create_ntlmssp_auth_rpc_bind_req(cli, mem_ctx, &auth_token); if (!NT_STATUS_IS_OK(ret)) { return ret; } @@ -1772,7 +1773,7 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) case DCERPC_AUTH_TYPE_NTLMSSP: ntlmssp_ctx = talloc_get_type_abort(pauth->auth_ctx, struct auth_ntlmssp_state); - status = auth_ntlmssp_update(ntlmssp_ctx, + status = auth_ntlmssp_update(ntlmssp_ctx, state, auth.credentials, &auth_token); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { diff --git a/source3/rpc_server/dcesrv_ntlmssp.c b/source3/rpc_server/dcesrv_ntlmssp.c index 26f924eedfb..87c8e0becea 100644 --- a/source3/rpc_server/dcesrv_ntlmssp.c +++ b/source3/rpc_server/dcesrv_ntlmssp.c @@ -56,15 +56,13 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx, NTLMSSP_NEGOTIATE_SEAL); } - status = auth_ntlmssp_update(a, *token_in, token_out); + status = auth_ntlmssp_update(a, mem_ctx, *token_in, token_out); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { DEBUG(0, (__location__ ": auth_ntlmssp_update failed: %s\n", nt_errstr(status))); goto done; } - /* Make sure data is bound to the memctx, to be freed the caller */ - talloc_steal(mem_ctx, token_out->data); /* steal ntlmssp context too */ *ctx = talloc_move(mem_ctx, &a); @@ -87,12 +85,9 @@ NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx, /* this has to be done as root in order to verify the password */ become_root(); - status = auth_ntlmssp_update(ctx, *token_in, token_out); + status = auth_ntlmssp_update(ctx, mem_ctx, *token_in, token_out); unbecome_root(); - /* put the output token data on the given mem_ctx */ - talloc_steal(mem_ctx, token_out->data); - return status; } diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index e6b683d97fc..5481e52fe04 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -478,7 +478,9 @@ static NTSTATUS srv_enc_ntlm_negotiate(const struct tsocket_address *remote_addr return status; } - status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state, secblob, &chal); + status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state, + partial_srv_trans_enc_ctx->auth_ntlmssp_state, + secblob, &chal); /* status here should be NT_STATUS_MORE_PROCESSING_REQUIRED * for success ... */ @@ -601,7 +603,7 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn, return NT_STATUS_INVALID_PARAMETER; } - status = auth_ntlmssp_update(ec->auth_ntlmssp_state, auth, &auth_reply); + status = auth_ntlmssp_update(ec->auth_ntlmssp_state, talloc_tos(), auth, &auth_reply); data_blob_free(&auth); /* From RFC4178. @@ -671,7 +673,9 @@ static NTSTATUS srv_enc_raw_ntlm_auth(connection_struct *conn, } /* Second step. */ - status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state, blob, &response); + status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state, + talloc_tos(), + blob, &response); if (NT_STATUS_IS_OK(status)) { /* Return the context we're using for this encryption state. */ diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 329b8b6aa52..b1fed41e8e5 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -633,8 +633,8 @@ static void reply_spnego_negotiate(struct smb_request *req, return; } - status = auth_ntlmssp_update(*auth_ntlmssp_state, - secblob, &chal); + status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(), + secblob, &chal); data_blob_free(&secblob); @@ -736,8 +736,8 @@ static void reply_spnego_auth(struct smb_request *req, } } - status = auth_ntlmssp_update(*auth_ntlmssp_state, - auth, &auth_reply); + status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(), + auth, &auth_reply); data_blob_free(&auth); @@ -1151,7 +1151,8 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) } status = auth_ntlmssp_update(vuser->auth_ntlmssp_state, - blob1, &chal); + talloc_tos(), + blob1, &chal); data_blob_free(&blob1); diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 511df8639dd..320a7077581 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -393,6 +393,7 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session, } status = auth_ntlmssp_update(session->auth_ntlmssp_state, + talloc_tos(), secblob_in, &chal_out); } @@ -584,7 +585,7 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session, } status = auth_ntlmssp_update(session->auth_ntlmssp_state, - auth, + talloc_tos(), auth, &auth_out); /* If status is NT_STATUS_OK then we need to get the token. * Map to guest is now internal to auth_ntlmssp */ @@ -637,7 +638,6 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session, uint64_t *out_session_id) { NTSTATUS status; - DATA_BLOB secblob_out = data_blob_null; if (session->auth_ntlmssp_state == NULL) { status = auth_ntlmssp_start(session->sconn->remote_address, @@ -650,20 +650,9 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session, /* RAW NTLMSSP */ status = auth_ntlmssp_update(session->auth_ntlmssp_state, + smb2req, in_security_buffer, - &secblob_out); - - if (NT_STATUS_IS_OK(status) || - NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - *out_security_buffer = data_blob_talloc(smb2req, - secblob_out.data, - secblob_out.length); - if (secblob_out.data && out_security_buffer->data == NULL) { - TALLOC_FREE(session->auth_ntlmssp_state); - TALLOC_FREE(session); - return NT_STATUS_NO_MEMORY; - } - } + out_security_buffer); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { *out_session_id = session->vuid; -- 2.34.1