2025-01-12 09:18:10 +03:00 · 2005-11-22 10:22:59 +00:00 · 2005-11-22 10:22:59 +00:00 · 90603cb3cd
commit 90603cb3cd
parent e98a396b76
2 changed files with 10 additions and 3 deletions
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@ -400,9 +400,9 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
 	file_save("/tmp/ticket.dat", ticket->data, ticket->length);
 #endif

-	/* continue when no PAC is retrieved 
-	   (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, 
-	   or Kerberos tickets encryped using a DES key) - Guenther */
+	/* continue when no PAC is retrieved or we couldn't decode the PAC 
+	   (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, or
+	   Kerberos tickets encrypted using a DES key) - Guenther */

 	got_auth_data = get_auth_data_from_tkt(mem_ctx, &auth_data, tkt);
 	if (!got_auth_data) {
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@ -168,6 +168,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 		return ERROR_NT(NT_STATUS_NO_MEMORY);

 	if (!spnego_parse_krb5_wrap(*secblob, &ticket, tok_id)) {
+		talloc_destroy(mem_ctx);
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}

@ -177,6 +178,7 @@ static int reply_spnego_kerberos(connection_struct *conn,

 	if (!NT_STATUS_IS_OK(ret)) {
 		DEBUG(1,("Failed to verify incoming ticket!\n"));	
+		talloc_destroy(mem_ctx);
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}

@ -188,6 +190,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 		data_blob_free(&ap_rep);
 		data_blob_free(&session_key);
 		SAFE_FREE(client);
+		talloc_destroy(mem_ctx);
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}

@ -206,6 +209,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 			data_blob_free(&ap_rep);
 			data_blob_free(&session_key);
 			SAFE_FREE(client);
+			talloc_destroy(mem_ctx);
 			return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 		}
 	}
@ -283,6 +287,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 			SAFE_FREE(client);
 			data_blob_free(&ap_rep);
 			data_blob_free(&session_key);
+			talloc_destroy(mem_ctx);
 			return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 		}
 	}
@ -302,6 +307,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 			data_blob_free(&ap_rep);
 			data_blob_free(&session_key);
 			passwd_free(&pw);
+			talloc_destroy(mem_ctx);
 			return ERROR_NT(ret);
 		}

@ -314,6 +320,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 			data_blob_free(&ap_rep);
 			data_blob_free(&session_key);
 			passwd_free(&pw);
+			talloc_destroy(mem_ctx);
 			return ERROR_NT(ret);
 		}