mirror of
https://github.com/samba-team/samba.git
synced 2025-01-26 10:04:02 +03:00
r11846: Destroy the TALLOC_CTX on error in the Kerberos session setup and give a
more precise inline comment why PAC verification may fail. Guenther (This used to be commit 43b57715e9b44a0a0c7cc7fe3674a5fd4369e78b)
This commit is contained in:
parent
e98a396b76
commit
90603cb3cd
@ -400,9 +400,9 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
|
||||
file_save("/tmp/ticket.dat", ticket->data, ticket->length);
|
||||
#endif
|
||||
|
||||
/* continue when no PAC is retrieved
|
||||
(like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set,
|
||||
or Kerberos tickets encryped using a DES key) - Guenther */
|
||||
/* continue when no PAC is retrieved or we couldn't decode the PAC
|
||||
(like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, or
|
||||
Kerberos tickets encrypted using a DES key) - Guenther */
|
||||
|
||||
got_auth_data = get_auth_data_from_tkt(mem_ctx, &auth_data, tkt);
|
||||
if (!got_auth_data) {
|
||||
|
@ -168,6 +168,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
|
||||
return ERROR_NT(NT_STATUS_NO_MEMORY);
|
||||
|
||||
if (!spnego_parse_krb5_wrap(*secblob, &ticket, tok_id)) {
|
||||
talloc_destroy(mem_ctx);
|
||||
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
|
||||
}
|
||||
|
||||
@ -177,6 +178,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
|
||||
|
||||
if (!NT_STATUS_IS_OK(ret)) {
|
||||
DEBUG(1,("Failed to verify incoming ticket!\n"));
|
||||
talloc_destroy(mem_ctx);
|
||||
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
|
||||
}
|
||||
|
||||
@ -188,6 +190,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
|
||||
data_blob_free(&ap_rep);
|
||||
data_blob_free(&session_key);
|
||||
SAFE_FREE(client);
|
||||
talloc_destroy(mem_ctx);
|
||||
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
|
||||
}
|
||||
|
||||
@ -206,6 +209,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
|
||||
data_blob_free(&ap_rep);
|
||||
data_blob_free(&session_key);
|
||||
SAFE_FREE(client);
|
||||
talloc_destroy(mem_ctx);
|
||||
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
|
||||
}
|
||||
}
|
||||
@ -283,6 +287,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
|
||||
SAFE_FREE(client);
|
||||
data_blob_free(&ap_rep);
|
||||
data_blob_free(&session_key);
|
||||
talloc_destroy(mem_ctx);
|
||||
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
|
||||
}
|
||||
}
|
||||
@ -302,6 +307,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
|
||||
data_blob_free(&ap_rep);
|
||||
data_blob_free(&session_key);
|
||||
passwd_free(&pw);
|
||||
talloc_destroy(mem_ctx);
|
||||
return ERROR_NT(ret);
|
||||
}
|
||||
|
||||
@ -314,6 +320,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
|
||||
data_blob_free(&ap_rep);
|
||||
data_blob_free(&session_key);
|
||||
passwd_free(&pw);
|
||||
talloc_destroy(mem_ctx);
|
||||
return ERROR_NT(ret);
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user