From 5ad7665b6377768d3710b00b25aeb530131924cc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 14 Jan 2012 15:30:34 +1100 Subject: [PATCH] libcli/smb: Convert struct smb_trans_enc_state to talloc Signed-off-by: Stefan Metzmacher --- libcli/smb/smbXcli_base.c | 4 ++-- libcli/smb/smb_seal.c | 19 ---------------- libcli/smb/smb_seal.h | 1 - source3/libsmb/clifsinfo.c | 32 ++++++--------------------- source3/smbd/seal.c | 45 ++++++++++---------------------------- 5 files changed, 20 insertions(+), 81 deletions(-) diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 06fcb34a312..df0145718e3 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -214,7 +214,7 @@ static int smbXcli_conn_destructor(struct smbXcli_conn *conn) } if (conn->smb1.trans_enc) { - common_free_encryption_state(&conn->smb1.trans_enc); + TALLOC_FREE(conn->smb1.trans_enc); } return 0; @@ -596,7 +596,7 @@ void smb1cli_conn_set_encryption(struct smbXcli_conn *conn, { /* Replace the old state, if any. */ if (conn->smb1.trans_enc) { - common_free_encryption_state(&conn->smb1.trans_enc); + TALLOC_FREE(conn->smb1.trans_enc); } conn->smb1.trans_enc = es; } diff --git a/libcli/smb/smb_seal.c b/libcli/smb/smb_seal.c index a56dc6092e9..d5bb2388bb9 100644 --- a/libcli/smb/smb_seal.c +++ b/libcli/smb/smb_seal.c @@ -199,25 +199,6 @@ NTSTATUS common_decrypt_buffer(struct smb_trans_enc_state *es, char *buf) return common_gensec_decrypt_buffer(es->gensec_security, buf); } -/****************************************************************************** - Shutdown an encryption state. -******************************************************************************/ - -void common_free_encryption_state(struct smb_trans_enc_state **pp_es) -{ - struct smb_trans_enc_state *es = *pp_es; - - if (es == NULL) { - return; - } - - if (es->gensec_security) { - TALLOC_FREE(es->gensec_security); - } - SAFE_FREE(es); - *pp_es = NULL; -} - /****************************************************************************** Free an encryption-allocated buffer. ******************************************************************************/ diff --git a/libcli/smb/smb_seal.h b/libcli/smb/smb_seal.h index 01a61e85861..f47f904528c 100644 --- a/libcli/smb/smb_seal.h +++ b/libcli/smb/smb_seal.h @@ -32,7 +32,6 @@ NTSTATUS get_enc_ctx_num(const uint8_t *buf, uint16_t *p_enc_ctx_num); bool common_encryption_on(struct smb_trans_enc_state *es); NTSTATUS common_encrypt_buffer(struct smb_trans_enc_state *es, char *buffer, char **buf_out); NTSTATUS common_decrypt_buffer(struct smb_trans_enc_state *es, char *buf); -void common_free_encryption_state(struct smb_trans_enc_state **pp_es); void common_free_enc_buffer(struct smb_trans_enc_state *es, char *buf); #endif /* _HEADER_SMB_CRYPT_H */ diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 0b2d292d36b..ad5128e7f8b 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -572,22 +572,6 @@ static NTSTATUS enc_blob_send_receive(struct cli_state *cli, DATA_BLOB *in, DATA return status; } -/****************************************************************************** - Make a client state struct. -******************************************************************************/ - -static struct smb_trans_enc_state *make_cli_enc_state(void) -{ - struct smb_trans_enc_state *es = NULL; - es = SMB_MALLOC_P(struct smb_trans_enc_state); - if (!es) { - return NULL; - } - ZERO_STRUCTP(es); - - return es; -} - /****************************************************************************** Start a raw ntlmssp encryption. ******************************************************************************/ @@ -602,12 +586,11 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, DATA_BLOB param_out = data_blob_null; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; struct auth_generic_state *auth_generic_state; - struct smb_trans_enc_state *es = make_cli_enc_state(); - + struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state); if (!es) { return NT_STATUS_NO_MEMORY; } - status = auth_generic_client_prepare(NULL, + status = auth_generic_client_prepare(es, &auth_generic_state); if (!NT_STATUS_IS_OK(status)) { goto fail; @@ -668,8 +651,7 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, } fail: - TALLOC_FREE(auth_generic_state); - common_free_encryption_state(&es); + TALLOC_FREE(es); return status; } @@ -684,13 +666,13 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) DATA_BLOB param_out = data_blob_null; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; struct auth_generic_state *auth_generic_state; - struct smb_trans_enc_state *es = make_cli_enc_state(); + struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state); if (!es) { return NT_STATUS_NO_MEMORY; } - status = auth_generic_client_prepare(NULL, + status = auth_generic_client_prepare(es, &auth_generic_state); if (!NT_STATUS_IS_OK(status)) { goto fail; @@ -747,13 +729,13 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) /* We only need the gensec_security part from here. * es is a malloc()ed pointer, so we cannot make * gensec_security a talloc child */ - es->gensec_security = talloc_move(NULL, + es->gensec_security = talloc_move(es, &auth_generic_state->gensec_security); smb1cli_conn_set_encryption(cli->conn, es); es = NULL; } fail: - common_free_encryption_state(&es); + TALLOC_FREE(es); return status; } diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index 8c4ebea04a2..cdcfe06835d 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -77,16 +77,15 @@ bool is_encrypted_packet(struct smbd_server_connection *sconn, static NTSTATUS make_auth_gensec(const struct tsocket_address *remote_address, struct smb_trans_enc_state *es) { - struct gensec_security *gensec_security; NTSTATUS status; - status = auth_generic_prepare(NULL, remote_address, - &gensec_security); + status = auth_generic_prepare(es, remote_address, + &es->gensec_security); if (!NT_STATUS_IS_OK(status)) { return nt_status_squash(status); } - gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL); + gensec_want_feature(es->gensec_security, GENSEC_FEATURE_SEAL); /* * We could be accessing the secrets.tdb or krb5.keytab file here. @@ -94,38 +93,17 @@ static NTSTATUS make_auth_gensec(const struct tsocket_address *remote_address, */ become_root(); - status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO); + status = gensec_start_mech_by_oid(es->gensec_security, GENSEC_OID_SPNEGO); unbecome_root(); if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(gensec_security); return nt_status_squash(status); } - es->gensec_security = gensec_security; - return status; } -/****************************************************************************** - Shutdown a server encryption context. -******************************************************************************/ - -static void srv_free_encryption_context(struct smb_trans_enc_state **pp_es) -{ - struct smb_trans_enc_state *es = *pp_es; - - if (!es) { - return; - } - - common_free_encryption_state(&es); - - SAFE_FREE(es); - *pp_es = NULL; -} - /****************************************************************************** Create a server encryption context. ******************************************************************************/ @@ -139,15 +117,14 @@ static NTSTATUS make_srv_encryption_context(const struct tsocket_address *remote *pp_es = NULL; ZERO_STRUCTP(partial_srv_trans_enc_ctx); - es = SMB_MALLOC_P(struct smb_trans_enc_state); + es = talloc_zero(NULL, struct smb_trans_enc_state); if (!es) { return NT_STATUS_NO_MEMORY; } - ZERO_STRUCTP(es); status = make_auth_gensec(remote_address, es); if (!NT_STATUS_IS_OK(status)) { - srv_free_encryption_context(&es); + TALLOC_FREE(es); return status; } *pp_es = es; @@ -241,7 +218,7 @@ NTSTATUS srv_request_encryption_setup(connection_struct *conn, es = partial_srv_trans_enc_ctx; if (!es || es->gensec_security == NULL) { - srv_free_encryption_context(&partial_srv_trans_enc_ctx); + TALLOC_FREE(partial_srv_trans_enc_ctx); return NT_STATUS_INVALID_PARAMETER; } @@ -253,7 +230,7 @@ NTSTATUS srv_request_encryption_setup(connection_struct *conn, unbecome_root(); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) { - srv_free_encryption_context(&partial_srv_trans_enc_ctx); + TALLOC_FREE(partial_srv_trans_enc_ctx); return nt_status_squash(status); } @@ -310,7 +287,7 @@ NTSTATUS srv_encryption_start(connection_struct *conn) return status; } /* Throw away the context we're using currently (if any). */ - srv_free_encryption_context(&srv_trans_enc_ctx); + TALLOC_FREE(srv_trans_enc_ctx); /* Steal the partial pointer. Deliberate shallow copy. */ srv_trans_enc_ctx = partial_srv_trans_enc_ctx; @@ -328,6 +305,6 @@ NTSTATUS srv_encryption_start(connection_struct *conn) void server_encryption_shutdown(struct smbd_server_connection *sconn) { - srv_free_encryption_context(&partial_srv_trans_enc_ctx); - srv_free_encryption_context(&srv_trans_enc_ctx); + TALLOC_FREE(partial_srv_trans_enc_ctx); + TALLOC_FREE(srv_trans_enc_ctx); }