s3-auth Add TALLOC_CTX * to auth_generic_prepare()

This makes the long term owner of this memory more clear.  So far only the
clear cases have been moved from NULL however.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>

source3/auth/auth_generic.c

@@ -31,14 +31,15 @@
 #include "librpc/rpc/dcerpc.h"
 #include "lib/param/param.h"
 
-NTSTATUS auth_generic_prepare(const struct tsocket_address *remote_address,
+NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
+			      const struct tsocket_address *remote_address,
 			      struct auth_generic_state **auth_ntlmssp_state)
 {
 	struct auth_context *auth_context;
 	struct auth_generic_state *ans;
 	NTSTATUS nt_status;
 
-	ans = talloc_zero(NULL, struct auth_generic_state);
+	ans = talloc_zero(mem_ctx, struct auth_generic_state);
 	if (!ans) {
 		DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
 		return NT_STATUS_NO_MEMORY;

source3/auth/proto.h

@@ -69,7 +69,7 @@ NTSTATUS auth_netlogond_init(void);
 
 /* The following definitions come from auth/auth_ntlmssp.c  */
 
-NTSTATUS auth_generic_prepare(const struct tsocket_address *remote_address,
+NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, const struct tsocket_address *remote_address,
 			      struct auth_generic_state **auth_ntlmssp_state);
 NTSTATUS auth_generic_start(struct auth_generic_state *auth_ntlmssp_state, const char *oid);
 NTSTATUS auth_generic_authtype_start(struct auth_generic_state *auth_ntlmssp_state, 

source3/rpc_server/dcesrv_auth_generic.c

@@ -38,7 +38,7 @@ NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx,
 	struct auth_generic_state *a = NULL;
 	NTSTATUS status;
 
-	status = auth_generic_prepare(remote_address, &a);
+	status = auth_generic_prepare(talloc_tos(), remote_address, &a);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n",
 			  nt_errstr(status)));
@@ -92,7 +92,7 @@ NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
 	struct auth_generic_state *a = NULL;
 	NTSTATUS status;
 
-	status = auth_generic_prepare(remote_address, &a);
+	status = auth_generic_prepare(talloc_tos(), remote_address, &a);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n",
 			  nt_errstr(status)));

source3/smbd/negprot.c

@@ -204,7 +204,8 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 	sconn->use_gensec_hook = false;
 
 	/* See if we can get an SPNEGO blob out of the gensec hook (if auth_samba4 is loaded) */
-	status = auth_generic_prepare(sconn->remote_address,
+	status = auth_generic_prepare(talloc_tos(),
+				      sconn->remote_address,
 				      &auth_ntlmssp_state);
 	if (NT_STATUS_IS_OK(status)) {
 		status = auth_generic_start(auth_ntlmssp_state, GENSEC_OID_SPNEGO);

source3/smbd/seal.c

@@ -80,7 +80,7 @@ static NTSTATUS make_auth_ntlmssp(const struct tsocket_address *remote_address,
 				  struct smb_trans_enc_state *es)
 {
 	struct auth_generic_state *auth_ntlmssp_state;
-	NTSTATUS status = auth_generic_prepare(remote_address,
+	NTSTATUS status = auth_generic_prepare(NULL, remote_address,
 					       &auth_ntlmssp_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		return nt_status_squash(status);

source3/smbd/sesssetup.c

@@ -625,7 +625,7 @@ static void reply_spnego_negotiate(struct smb_request *req,
 		return;
 	}
 
-	status = auth_generic_prepare(sconn->remote_address,
+	status = auth_generic_prepare(NULL, sconn->remote_address,
 				      auth_ntlmssp_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		/* Kill the intermediate vuid */
@@ -737,7 +737,7 @@ static void reply_spnego_auth(struct smb_request *req,
 	data_blob_free(&secblob);
 
 	if (!*auth_ntlmssp_state) {
-		status = auth_generic_prepare(sconn->remote_address,
+		status = auth_generic_prepare(NULL, sconn->remote_address,
 					      auth_ntlmssp_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			/* Kill the intermediate vuid */
@@ -1145,7 +1145,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 		DATA_BLOB chal;
 
 		if (!vuser->auth_ntlmssp_state) {
-			status = auth_generic_prepare(sconn->remote_address,
+			status = auth_generic_prepare(vuser, sconn->remote_address,
 						      &vuser->auth_ntlmssp_state);
 			if (!NT_STATUS_IS_OK(status)) {
 				/* Kill the intermediate vuid */

source3/smbd/smb2_sesssetup.c

@@ -375,7 +375,7 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
 		status = NT_STATUS_MORE_PROCESSING_REQUIRED;
 	} else {
 		/* Fall back to NTLMSSP. */
-		status = auth_generic_prepare(session->sconn->remote_address,
+		status = auth_generic_prepare(session, session->sconn->remote_address,
 					    &session->auth_ntlmssp_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			goto out;
@@ -418,7 +418,6 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
 	if (!NT_STATUS_IS_OK(status) &&
 			!NT_STATUS_EQUAL(status,
 				NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 	}
 	return status;
@@ -451,7 +450,6 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 
 	session->compat_vuser = talloc_zero(session, user_struct);
 	if (session->compat_vuser == NULL) {
-		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -471,7 +469,6 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 		DEBUG(1, ("smb2: Failed to claim session "
 			"for vuid=%d\n",
 			session->compat_vuser->vuid));
-		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 		return NT_STATUS_LOGON_FAILURE;
 	}
@@ -564,7 +561,7 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
 	}
 
 	if (session->auth_ntlmssp_state == NULL) {
-		status = auth_generic_prepare(session->sconn->remote_address,
+		status = auth_generic_prepare(session, session->sconn->remote_address,
 					    &session->auth_ntlmssp_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			data_blob_free(&auth);
@@ -596,7 +593,6 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
 
 	if (!NT_STATUS_IS_OK(status) &&
 			!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		TALLOC_FREE(session->auth_ntlmssp_state);
 		data_blob_free(&auth);
 		TALLOC_FREE(session);
 		return status;
@@ -608,7 +604,6 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
 				&auth_out, status, NULL);
 
 	if (out_security_buffer->data == NULL) {
-		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -641,7 +636,7 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
 	*out_security_buffer = data_blob_null;
 
 	if (session->auth_ntlmssp_state == NULL) {
-		status = auth_generic_prepare(session->sconn->remote_address,
+		status = auth_generic_prepare(session, session->sconn->remote_address,
 					    &session->auth_ntlmssp_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			TALLOC_FREE(session);
@@ -677,7 +672,6 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
 				     &session->session_info);
 
 	if (!NT_STATUS_IS_OK(status)) {
-		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 		return status;
 	}
@@ -782,7 +776,6 @@ static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
 	/* Unknown packet type. */
 	DEBUG(1,("Unknown packet type %u in smb2 sessionsetup\n",
 		(unsigned int)in_security_buffer.data[0] ));
-	TALLOC_FREE(session->auth_ntlmssp_state);
 	TALLOC_FREE(session);
 	return NT_STATUS_LOGON_FAILURE;
 }