mirror of
https://github.com/samba-team/samba.git
synced 2025-03-24 10:50:22 +03:00
gensec: clarify memory ownership for gensec_session_info() and gensec_session_key()
This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
This commit is contained in:
Andrew Bartlett
parent
d3fe48ba48
commit
35b309fa0c
@ -148,7 +148,8 @@ _PUBLIC_ NTSTATUS gensec_unwrap(struct gensec_security *gensec_security,
|
||||
}
|
||||
|
||||
_PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
|
||||
DATA_BLOB *session_key)
|
||||
TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB *session_key)
|
||||
{
|
||||
if (!gensec_security->ops->session_key) {
|
||||
return NT_STATUS_NOT_IMPLEMENTED;
|
||||
@ -157,7 +158,7 @@ _PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
|
||||
return NT_STATUS_NO_USER_SESSION_KEY;
|
||||
}
|
||||
|
||||
return gensec_security->ops->session_key(gensec_security, session_key);
|
||||
return gensec_security->ops->session_key(gensec_security, mem_ctx, session_key);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -171,12 +172,13 @@ _PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
|
||||
*/
|
||||
|
||||
_PUBLIC_ NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
|
||||
struct auth_session_info **session_info)
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct auth_session_info **session_info)
|
||||
{
|
||||
if (!gensec_security->ops->session_info) {
|
||||
return NT_STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
return gensec_security->ops->session_info(gensec_security, session_info);
|
||||
return gensec_security->ops->session_info(gensec_security, mem_ctx, session_info);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -132,8 +132,9 @@ struct gensec_security_ops {
|
||||
size_t *len_processed);
|
||||
NTSTATUS (*packet_full_request)(struct gensec_security *gensec_security,
|
||||
DATA_BLOB blob, size_t *size);
|
||||
NTSTATUS (*session_key)(struct gensec_security *gensec_security, DATA_BLOB *session_key);
|
||||
NTSTATUS (*session_info)(struct gensec_security *gensec_security,
|
||||
NTSTATUS (*session_key)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB *session_key);
|
||||
NTSTATUS (*session_info)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
|
||||
struct auth_session_info **session_info);
|
||||
void (*want_feature)(struct gensec_security *gensec_security,
|
||||
uint32_t feature);
|
||||
@ -233,6 +234,7 @@ const char *gensec_get_target_service(struct gensec_security *gensec_security);
|
||||
NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_security, const char *hostname);
|
||||
const char *gensec_get_target_hostname(struct gensec_security *gensec_security);
|
||||
NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB *session_key);
|
||||
NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
|
||||
const char *mech_oid);
|
||||
@ -269,6 +271,7 @@ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
|
||||
struct auth4_context *auth_context,
|
||||
struct gensec_security **gensec_security);
|
||||
NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct auth_session_info **session_info);
|
||||
|
||||
NTSTATUS gensec_set_local_address(struct gensec_security *gensec_security,
|
||||
|
||||
@ -169,9 +169,6 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
|
||||
break;
|
||||
}
|
||||
|
||||
gensec_gssapi_state->session_key = data_blob(NULL, 0);
|
||||
gensec_gssapi_state->pac = data_blob(NULL, 0);
|
||||
|
||||
ret = smb_krb5_init_context(gensec_gssapi_state,
|
||||
NULL,
|
||||
gensec_security->settings->lp_ctx,
|
||||
@ -1242,6 +1239,7 @@ static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security,
|
||||
* This breaks all the abstractions, but what do you expect...
|
||||
*/
|
||||
static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB *session_key)
|
||||
{
|
||||
struct gensec_gssapi_state *gensec_gssapi_state
|
||||
@ -1253,11 +1251,6 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit
|
||||
return NT_STATUS_NO_USER_SESSION_KEY;
|
||||
}
|
||||
|
||||
if (gensec_gssapi_state->session_key.data) {
|
||||
*session_key = gensec_gssapi_state->session_key;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
maj_stat = gsskrb5_get_subkey(&min_stat,
|
||||
gensec_gssapi_state->gssapi_context,
|
||||
&subkey);
|
||||
@ -1269,10 +1262,9 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit
|
||||
DEBUG(10, ("Got KRB5 session key of length %d%s\n",
|
||||
(int)KRB5_KEY_LENGTH(subkey),
|
||||
(gensec_gssapi_state->sasl_state == STAGE_DONE)?" (done)":""));
|
||||
*session_key = data_blob_talloc(gensec_gssapi_state,
|
||||
*session_key = data_blob_talloc(mem_ctx,
|
||||
KRB5_KEY_DATA(subkey), KRB5_KEY_LENGTH(subkey));
|
||||
krb5_free_keyblock(gensec_gssapi_state->smb_krb5_context->krb5_context, subkey);
|
||||
gensec_gssapi_state->session_key = *session_key;
|
||||
dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length);
|
||||
|
||||
return NT_STATUS_OK;
|
||||
@ -1282,6 +1274,7 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit
|
||||
* this session. This uses either the PAC (if present) or a local
|
||||
* database lookup */
|
||||
static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *mem_ctx_out,
|
||||
struct auth_session_info **_session_info)
|
||||
{
|
||||
NTSTATUS nt_status;
|
||||
@ -1302,7 +1295,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
mem_ctx = talloc_named(gensec_gssapi_state, 0, "gensec_gssapi_session_info context");
|
||||
mem_ctx = talloc_named(mem_ctx_out, 0, "gensec_gssapi_session_info context");
|
||||
NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
|
||||
|
||||
nt_status = gssapi_obtain_pac_blob(mem_ctx, gensec_gssapi_state->gssapi_context,
|
||||
@ -1391,7 +1384,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
nt_status = gensec_gssapi_session_key(gensec_security, &session_info->session_key);
|
||||
nt_status = gensec_gssapi_session_key(gensec_security, session_info, &session_info->session_key);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
talloc_free(mem_ctx);
|
||||
return nt_status;
|
||||
@ -1436,9 +1429,8 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
|
||||
/* It has been taken from this place... */
|
||||
gensec_gssapi_state->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
|
||||
}
|
||||
talloc_steal(gensec_gssapi_state, session_info);
|
||||
*_session_info = talloc_steal(mem_ctx_out, session_info);
|
||||
talloc_free(mem_ctx);
|
||||
*_session_info = session_info;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
@ -43,9 +43,6 @@ struct gensec_gssapi_state {
|
||||
OM_uint32 want_flags, got_flags;
|
||||
gss_OID gss_oid;
|
||||
|
||||
DATA_BLOB session_key;
|
||||
DATA_BLOB pac;
|
||||
|
||||
struct smb_krb5_context *smb_krb5_context;
|
||||
struct gssapi_creds_container *client_cred;
|
||||
struct gssapi_creds_container *server_cred;
|
||||
|
||||
@ -50,8 +50,6 @@ enum GENSEC_KRB5_STATE {
|
||||
};
|
||||
|
||||
struct gensec_krb5_state {
|
||||
DATA_BLOB session_key;
|
||||
DATA_BLOB pac;
|
||||
enum GENSEC_KRB5_STATE state_position;
|
||||
struct smb_krb5_context *smb_krb5_context;
|
||||
krb5_auth_context auth_context;
|
||||
@ -115,8 +113,6 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool
|
||||
gensec_krb5_state->ticket = NULL;
|
||||
ZERO_STRUCT(gensec_krb5_state->enc_ticket);
|
||||
gensec_krb5_state->keyblock = NULL;
|
||||
gensec_krb5_state->session_key = data_blob(NULL, 0);
|
||||
gensec_krb5_state->pac = data_blob(NULL, 0);
|
||||
gensec_krb5_state->gssapi = gssapi;
|
||||
|
||||
talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy);
|
||||
@ -559,6 +555,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
|
||||
}
|
||||
|
||||
static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB *session_key)
|
||||
{
|
||||
struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
|
||||
@ -571,11 +568,6 @@ static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security,
|
||||
return NT_STATUS_NO_USER_SESSION_KEY;
|
||||
}
|
||||
|
||||
if (gensec_krb5_state->session_key.data) {
|
||||
*session_key = gensec_krb5_state->session_key;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
switch (gensec_security->gensec_role) {
|
||||
case GENSEC_CLIENT:
|
||||
err = krb5_auth_con_getlocalsubkey(context, auth_context, &skey);
|
||||
@ -587,9 +579,8 @@ static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security,
|
||||
if (err == 0 && skey != NULL) {
|
||||
DEBUG(10, ("Got KRB5 session key of length %d\n",
|
||||
(int)KRB5_KEY_LENGTH(skey)));
|
||||
gensec_krb5_state->session_key = data_blob_talloc(gensec_krb5_state,
|
||||
KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey));
|
||||
*session_key = gensec_krb5_state->session_key;
|
||||
*session_key = data_blob_talloc(mem_ctx,
|
||||
KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey));
|
||||
dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length);
|
||||
|
||||
krb5_free_keyblock(context, skey);
|
||||
@ -601,6 +592,7 @@ static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security,
|
||||
}
|
||||
|
||||
static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *mem_ctx_out,
|
||||
struct auth_session_info **_session_info)
|
||||
{
|
||||
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
|
||||
@ -618,7 +610,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
|
||||
|
||||
krb5_error_code ret;
|
||||
|
||||
TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
|
||||
TALLOC_CTX *mem_ctx = talloc_new(mem_ctx_out);
|
||||
if (!mem_ctx) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -736,16 +728,15 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
nt_status = gensec_krb5_session_key(gensec_security, &session_info->session_key);
|
||||
nt_status = gensec_krb5_session_key(gensec_security, session_info, &session_info->session_key);
|
||||
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
talloc_free(mem_ctx);
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
*_session_info = session_info;
|
||||
*_session_info = talloc_steal(mem_ctx_out, session_info);
|
||||
|
||||
talloc_steal(gensec_krb5_state, session_info);
|
||||
talloc_free(mem_ctx);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
@ -257,6 +257,7 @@ static PyObject *py_gensec_set_credentials(PyObject *self, PyObject *args)
|
||||
|
||||
static PyObject *py_gensec_session_info(PyObject *self)
|
||||
{
|
||||
TALLOC_CTX *mem_ctx;
|
||||
NTSTATUS status;
|
||||
PyObject *py_session_info;
|
||||
struct gensec_security *security = py_talloc_get_type(self, struct gensec_security);
|
||||
@ -265,7 +266,9 @@ static PyObject *py_gensec_session_info(PyObject *self)
|
||||
PyErr_SetString(PyExc_RuntimeError, "no mechanism selected");
|
||||
return NULL;
|
||||
}
|
||||
status = gensec_session_info(security, &info);
|
||||
mem_ctx = talloc_new(NULL);
|
||||
|
||||
status = gensec_session_info(security, mem_ctx, &info);
|
||||
if (NT_STATUS_IS_ERR(status)) {
|
||||
PyErr_SetNTSTATUS(status);
|
||||
return NULL;
|
||||
@ -273,6 +276,7 @@ static PyObject *py_gensec_session_info(PyObject *self)
|
||||
|
||||
py_session_info = py_return_ndr_struct("samba.dcerpc.auth", "session_info",
|
||||
info, info);
|
||||
talloc_free(mem_ctx);
|
||||
return py_session_info;
|
||||
}
|
||||
|
||||
|
||||
@ -43,7 +43,8 @@ static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t
|
||||
}
|
||||
|
||||
static NTSTATUS schannel_session_key(struct gensec_security *gensec_security,
|
||||
DATA_BLOB *session_key)
|
||||
TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB *session_key)
|
||||
{
|
||||
return NT_STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
@ -215,10 +216,11 @@ _PUBLIC_ NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
|
||||
*/
|
||||
|
||||
static NTSTATUS schannel_session_info(struct gensec_security *gensec_security,
|
||||
struct auth_session_info **_session_info)
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct auth_session_info **_session_info)
|
||||
{
|
||||
struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
|
||||
return auth_anonymous_session_info(state, gensec_security->settings->lp_ctx, _session_info);
|
||||
return auth_anonymous_session_info(mem_ctx, gensec_security->settings->lp_ctx, _session_info);
|
||||
}
|
||||
|
||||
static NTSTATUS schannel_start(struct gensec_security *gensec_security)
|
||||
|
||||
@ -295,6 +295,7 @@ static size_t gensec_spnego_max_wrapped_size(struct gensec_security *gensec_secu
|
||||
}
|
||||
|
||||
static NTSTATUS gensec_spnego_session_key(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB *session_key)
|
||||
{
|
||||
struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
|
||||
@ -303,11 +304,13 @@ static NTSTATUS gensec_spnego_session_key(struct gensec_security *gensec_securit
|
||||
}
|
||||
|
||||
return gensec_session_key(spnego_state->sub_sec_security,
|
||||
mem_ctx,
|
||||
session_key);
|
||||
}
|
||||
|
||||
static NTSTATUS gensec_spnego_session_info(struct gensec_security *gensec_security,
|
||||
struct auth_session_info **session_info)
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct auth_session_info **session_info)
|
||||
{
|
||||
struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
|
||||
if (!spnego_state->sub_sec_security) {
|
||||
@ -315,6 +318,7 @@ static NTSTATUS gensec_spnego_session_info(struct gensec_security *gensec_securi
|
||||
}
|
||||
|
||||
return gensec_session_info(spnego_state->sub_sec_security,
|
||||
mem_ctx,
|
||||
session_info);
|
||||
}
|
||||
|
||||
|
||||
@ -181,6 +181,7 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
|
||||
*/
|
||||
|
||||
NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB *session_key)
|
||||
{
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
@ -195,7 +196,10 @@ NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security,
|
||||
if (!ntlmssp_state->session_key.data) {
|
||||
return NT_STATUS_NO_USER_SESSION_KEY;
|
||||
}
|
||||
*session_key = ntlmssp_state->session_key;
|
||||
*session_key = data_blob_talloc(mem_ctx, ntlmssp_state->session_key.data, ntlmssp_state->session_key.length);
|
||||
if (!session_key->data) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
@ -213,6 +213,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
|
||||
*/
|
||||
|
||||
NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct auth_session_info **session_info)
|
||||
{
|
||||
NTSTATUS nt_status;
|
||||
@ -221,17 +222,14 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
|
||||
nt_status = gensec_generate_session_info(ntlmssp_state,
|
||||
nt_status = gensec_generate_session_info(mem_ctx,
|
||||
gensec_security,
|
||||
gensec_ntlmssp->user_info_dc,
|
||||
session_info);
|
||||
NT_STATUS_NOT_OK_RETURN(nt_status);
|
||||
|
||||
(*session_info)->session_key = data_blob_talloc(*session_info,
|
||||
ntlmssp_state->session_key.data,
|
||||
ntlmssp_state->session_key.length);
|
||||
|
||||
return NT_STATUS_OK;
|
||||
return gensec_ntlmssp_session_key(gensec_security, *session_info,
|
||||
&(*session_info)->session_key);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -114,6 +114,7 @@ static void dreplsrv_out_drsuapi_connect_done(struct composite_context *creq)
|
||||
state->drsuapi->drsuapi_handle = state->drsuapi->pipe->binding_handle;
|
||||
|
||||
status = gensec_session_key(state->drsuapi->pipe->conn->security_state.generic_state,
|
||||
state->drsuapi,
|
||||
&state->drsuapi->gensec_skey);
|
||||
if (tevent_req_nterror(req, status)) {
|
||||
return;
|
||||
|
||||
@ -227,6 +227,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
|
||||
size_t pw_len;
|
||||
|
||||
if (!NT_STATUS_IS_OK(gensec_session_info(gensec_security,
|
||||
mem_ctx,
|
||||
&session_info))) {
|
||||
return kpasswdd_make_error_reply(kdc, mem_ctx,
|
||||
KRB5_KPASSWD_HARDERROR,
|
||||
|
||||
@ -68,8 +68,7 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call)
|
||||
errstr = NULL;
|
||||
|
||||
talloc_unlink(call->conn, call->conn->session_info);
|
||||
call->conn->session_info = session_info;
|
||||
talloc_steal(call->conn, session_info);
|
||||
call->conn->session_info = talloc_steal(call->conn, session_info);
|
||||
|
||||
/* don't leak the old LDB */
|
||||
talloc_unlink(call->conn, call->conn->ldb);
|
||||
@ -277,7 +276,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
|
||||
|
||||
old_session_info = conn->session_info;
|
||||
conn->session_info = NULL;
|
||||
status = gensec_session_info(conn->gensec, &conn->session_info);
|
||||
status = gensec_session_info(conn->gensec, conn, &conn->session_info);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
conn->session_info = old_session_info;
|
||||
result = LDAP_OPERATIONS_ERROR;
|
||||
@ -286,7 +285,6 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
|
||||
req->creds.SASL.mechanism, nt_errstr(status));
|
||||
} else {
|
||||
talloc_unlink(conn, old_session_info);
|
||||
talloc_steal(conn, conn->session_info);
|
||||
|
||||
/* don't leak the old LDB */
|
||||
talloc_unlink(conn, conn->ldb);
|
||||
|
||||
@ -233,8 +233,6 @@ static void smb2_session_setup_spnego_handler(struct smb2_request *subreq)
|
||||
tevent_req_data(req,
|
||||
struct smb2_session_setup_spnego_state);
|
||||
struct smb2_session *session = subreq->session;
|
||||
NTSTATUS session_key_err;
|
||||
DATA_BLOB session_key;
|
||||
NTSTATUS peer_status;
|
||||
NTSTATUS status;
|
||||
|
||||
@ -267,10 +265,7 @@ static void smb2_session_setup_spnego_handler(struct smb2_request *subreq)
|
||||
return;
|
||||
}
|
||||
|
||||
session_key_err = gensec_session_key(session->gensec, &session_key);
|
||||
if (NT_STATUS_IS_OK(session_key_err)) {
|
||||
session->session_key = session_key;
|
||||
}
|
||||
gensec_session_key(session->gensec, session, &session->session_key);
|
||||
|
||||
if (session->transport->signing_required) {
|
||||
if (session->session_key.length == 0) {
|
||||
|
||||
@ -200,10 +200,9 @@ static void request_handler(struct smbcli_request *req)
|
||||
c->status = NT_STATUS_INTERNAL_ERROR;
|
||||
break;
|
||||
}
|
||||
session_key_err = gensec_session_key(session->gensec, &session_key);
|
||||
session_key_err = gensec_session_key(session->gensec, session, &session->user_session_key);
|
||||
if (NT_STATUS_IS_OK(session_key_err)) {
|
||||
set_user_session_key(session, &session_key);
|
||||
smbcli_transport_simple_set_signing(session->transport, session_key, null_data_blob);
|
||||
smbcli_transport_simple_set_signing(session->transport, session->user_session_key, null_data_blob);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1595,6 +1595,7 @@ static void becomeDC_drsuapi1_connect_recv(struct composite_context *req)
|
||||
s->drsuapi1.drsuapi_handle = s->drsuapi1.pipe->binding_handle;
|
||||
|
||||
c->status = gensec_session_key(s->drsuapi1.pipe->conn->security_state.generic_state,
|
||||
s,
|
||||
&s->drsuapi1.gensec_skey);
|
||||
if (!composite_is_ok(c)) return;
|
||||
|
||||
@ -2475,6 +2476,7 @@ static void becomeDC_drsuapi2_connect_recv(struct composite_context *req)
|
||||
s->drsuapi2.drsuapi_handle = s->drsuapi2.pipe->binding_handle;
|
||||
|
||||
c->status = gensec_session_key(s->drsuapi2.pipe->conn->security_state.generic_state,
|
||||
s,
|
||||
&s->drsuapi2.gensec_skey);
|
||||
if (!composite_is_ok(c)) return;
|
||||
|
||||
@ -2535,6 +2537,7 @@ static void becomeDC_drsuapi3_connect_recv(struct composite_context *req)
|
||||
s->drsuapi3.drsuapi_handle = s->drsuapi3.pipe->binding_handle;
|
||||
|
||||
c->status = gensec_session_key(s->drsuapi3.pipe->conn->security_state.generic_state,
|
||||
s,
|
||||
&s->drsuapi3.gensec_skey);
|
||||
if (!composite_is_ok(c)) return;
|
||||
|
||||
|
||||
@ -434,6 +434,7 @@ static PyObject *py_net_replicate_init(py_net_Object *self, PyObject *args, PyOb
|
||||
}
|
||||
|
||||
status = gensec_session_key(s->drs_pipe->pipe->conn->security_state.generic_state,
|
||||
s,
|
||||
&s->gensec_skey);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
PyErr_Format(PyExc_RuntimeError, "Unable to get session key from drspipe: %s",
|
||||
|
||||
@ -119,6 +119,7 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct ncacn_packe
|
||||
|
||||
if (NT_STATUS_IS_OK(status)) {
|
||||
status = gensec_session_info(dce_conn->auth_state.gensec_security,
|
||||
dce_conn,
|
||||
&dce_conn->auth_state.session_info);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status)));
|
||||
@ -175,6 +176,7 @@ bool dcesrv_auth_auth3(struct dcesrv_call_state *call)
|
||||
&dce_conn->auth_state.auth_info->credentials);
|
||||
if (NT_STATUS_IS_OK(status)) {
|
||||
status = gensec_session_info(dce_conn->auth_state.gensec_security,
|
||||
dce_conn,
|
||||
&dce_conn->auth_state.session_info);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status)));
|
||||
@ -254,6 +256,7 @@ NTSTATUS dcesrv_auth_alter_ack(struct dcesrv_call_state *call, struct ncacn_pack
|
||||
|
||||
if (NT_STATUS_IS_OK(status)) {
|
||||
status = gensec_session_info(dce_conn->auth_state.gensec_security,
|
||||
dce_conn,
|
||||
&dce_conn->auth_state.session_info);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status)));
|
||||
|
||||
@ -379,10 +379,11 @@ static void sesssetup_spnego_send(struct tevent_req *subreq)
|
||||
goto failed;
|
||||
}
|
||||
|
||||
status = gensec_session_info(smb_sess->gensec_ctx, &session_info);
|
||||
status = gensec_session_info(smb_sess->gensec_ctx, smb_sess, &session_info);
|
||||
if (!NT_STATUS_IS_OK(status)) goto failed;
|
||||
|
||||
skey_status = gensec_session_key(smb_sess->gensec_ctx, &session_key);
|
||||
/* The session_key is only needed until the end of the smbsrv_setup_signing() call */
|
||||
skey_status = gensec_session_key(smb_sess->gensec_ctx, req, &session_key);
|
||||
if (NT_STATUS_IS_OK(skey_status)) {
|
||||
smbsrv_setup_signing(req->smb_conn, &session_key, NULL);
|
||||
}
|
||||
|
||||
@ -79,7 +79,7 @@ static void smb2srv_sesssetup_callback(struct tevent_req *subreq)
|
||||
goto failed;
|
||||
}
|
||||
|
||||
status = gensec_session_info(smb_sess->gensec_ctx, &session_info);
|
||||
status = gensec_session_info(smb_sess->gensec_ctx, smb_sess, &session_info);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
@ -678,7 +678,7 @@ static bool test_GetNCChanges(struct torture_context *tctx,
|
||||
}
|
||||
}
|
||||
status = gensec_session_key(ctx->new_dc.drsuapi.drs_pipe->conn->security_state.generic_state,
|
||||
&gensec_skey);
|
||||
ctx, &gensec_skey);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
printf("failed to get gensec session key: %s\n", nt_errstr(status));
|
||||
return false;
|
||||
|
||||
@ -185,7 +185,7 @@ static bool _test_DsaBind(struct torture_context *tctx,
|
||||
bi->drs_handle = bi->drs_pipe->binding_handle;
|
||||
|
||||
status = gensec_session_key(bi->drs_pipe->conn->security_state.generic_state,
|
||||
&bi->gensec_skey);
|
||||
mem_ctx, &bi->gensec_skey);
|
||||
torture_assert_ntstatus_ok(tctx, status, "failed to get gensec session key");
|
||||
|
||||
/* Bind to DRSUAPI interface */
|
||||
|
||||
@ -129,7 +129,7 @@ static bool test_PACVerify(struct torture_context *tctx,
|
||||
|
||||
/* Extract the PAC using Samba's code */
|
||||
|
||||
status = gensec_session_info(gensec_server_context, &session_info);
|
||||
status = gensec_session_info(gensec_server_context, gensec_server_context, &session_info);
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed");
|
||||
torture_assert(tctx, session_info->torture != NULL, "gensec_session_info failed to fill in torture sub struct");
|
||||
torture_assert(tctx, session_info->torture->pac_srv_sig != NULL, "pac_srv_sig not present");
|
||||
@ -468,7 +468,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
|
||||
|
||||
/* Extract the PAC using Samba's code */
|
||||
|
||||
status = gensec_session_info(gensec_server_context, &kinit_session_info);
|
||||
status = gensec_session_info(gensec_server_context, gensec_server_context, &kinit_session_info);
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed");
|
||||
|
||||
|
||||
@ -530,7 +530,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
|
||||
|
||||
/* Extract the PAC using Samba's code */
|
||||
|
||||
status = gensec_session_info(gensec_server_context, &s2u4self_session_info);
|
||||
status = gensec_session_info(gensec_server_context, gensec_server_context, &s2u4self_session_info);
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed");
|
||||
|
||||
cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
|
||||
|
||||
@ -575,7 +575,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
|
||||
char *grouplist = NULL;
|
||||
struct auth_session_info *session_info;
|
||||
|
||||
nt_status = gensec_session_info(state->gensec_state, &session_info);
|
||||
nt_status = gensec_session_info(state->gensec_state, mem_ctx, &session_info);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(1, ("gensec_session_info failed: %s\n", nt_errstr(nt_status)));
|
||||
mux_printf(mux_id, "BH %s\n", nt_errstr(nt_status));
|
||||
@ -604,7 +604,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
|
||||
if (strncmp(buf, "GK", 2) == 0) {
|
||||
char *base64_key;
|
||||
DEBUG(10, ("Requested session key\n"));
|
||||
nt_status = gensec_session_key(state->gensec_state, &session_key);
|
||||
nt_status = gensec_session_key(state->gensec_state, mem_ctx, &session_key);
|
||||
if(!NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(1, ("gensec_session_key failed: %s\n", nt_errstr(nt_status)));
|
||||
mux_printf(mux_id, "BH No session key\n");
|
||||
@ -671,7 +671,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
|
||||
} else if /* OK */ (state->gensec_state->gensec_role == GENSEC_SERVER) {
|
||||
struct auth_session_info *session_info;
|
||||
|
||||
nt_status = gensec_session_info(state->gensec_state, &session_info);
|
||||
nt_status = gensec_session_info(state->gensec_state, mem_ctx, &session_info);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
reply_code = "BH Failed to retrive session info";
|
||||
reply_arg = nt_errstr(nt_status);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user