Fix one more data_blob -> data_blob_talloc. Move away from implicit NULL context tallocs.

Jeremy.

source3/include/proto.h

@@ -2796,7 +2796,8 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr
 
 /* The following definitions come from libsmb/clispnego.c  */
 
-DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+DATA_BLOB spnego_gen_negTokenInit(TALLOC_CTX *ctx,
+				  const char *OIDs[],
 				  DATA_BLOB *psecblob,
 				  const char *principal);
 bool spnego_parse_negTokenInit(TALLOC_CTX *ctx,
@@ -2807,8 +2808,9 @@ bool spnego_parse_negTokenInit(TALLOC_CTX *ctx,
 DATA_BLOB gen_negTokenTarg(const char *OIDs[], DATA_BLOB blob);
 DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2]);
 bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]);
-int spnego_gen_krb5_negTokenInit(const char *principal, int time_offset, 
-			    DATA_BLOB *targ, 
+int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx,
+			    const char *principal, int time_offset,
+			    DATA_BLOB *targ,
 			    DATA_BLOB *session_key_krb5, uint32 extra_ap_opts,
 			    time_t *expire_time);
 bool spnego_parse_challenge(const DATA_BLOB blob,

source3/libads/sasl.c

@@ -192,7 +192,8 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
 			if (turn == 1) {
 				const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
 				/* and wrap it in a SPNEGO wrapper */
-				msg1 = spnego_gen_negTokenInit(OIDs_ntlm, &blob_out, NULL);
+				msg1 = spnego_gen_negTokenInit(talloc_tos(),
+						OIDs_ntlm, &blob_out, NULL);
 			} else {
 				/* wrap it in SPNEGO */
 				msg1 = spnego_gen_auth(blob_out);
@@ -508,7 +509,8 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t
 
 	/* and wrap that in a shiny SPNEGO wrapper */
 	unwrapped = data_blob_const(output_token.value, output_token.length);
-	wrapped = spnego_gen_negTokenInit(spnego_mechs, &unwrapped, NULL);
+	wrapped = spnego_gen_negTokenInit(talloc_tos(),
+			spnego_mechs, &unwrapped, NULL);
 	gss_release_buffer(&minor_status, &output_token);
 	if (unwrapped.length > wrapped.length) {
 		status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -705,7 +707,8 @@ static ADS_STATUS ads_sasl_spnego_rawkrb5_bind(ADS_STRUCT *ads, const char *prin
 		return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
 	}
 
-	rc = spnego_gen_krb5_negTokenInit(principal, ads->auth.time_offset, &blob, &session_key, 0,
+	rc = spnego_gen_krb5_negTokenInit(talloc_tos(), principal,
+				     ads->auth.time_offset, &blob, &session_key, 0,
 				     &ads->auth.tgs_expire);
 
 	if (rc) {

source3/libsmb/cliconnect.c

@@ -857,7 +857,7 @@ static struct tevent_req *cli_session_setup_kerberos_send(
 	 * Ok, this is cheating: spnego_gen_krb5_negTokenInit can block if
 	 * we have to acquire a ticket. To be fixed later :-)
 	 */
-	rc = spnego_gen_krb5_negTokenInit(principal, 0, &state->negTokenTarg,
+	rc = spnego_gen_krb5_negTokenInit(state, principal, 0, &state->negTokenTarg,
 				     &state->session_key_krb5, 0, NULL);
 	if (rc) {
 		DEBUG(1, ("cli_session_setup_kerberos: "
@@ -1033,7 +1033,7 @@ static struct tevent_req *cli_session_setup_ntlmssp_send(
 		goto fail;
 	}
 
-	state->blob_out = spnego_gen_negTokenInit(OIDs_ntlm, &blob_out, NULL);
+	state->blob_out = spnego_gen_negTokenInit(state, OIDs_ntlm, &blob_out, NULL);
 	data_blob_free(&blob_out);
 
 	subreq = cli_sesssetup_blob_send(state, ev, cli, state->blob_out);

source3/libsmb/clifsinfo.c

@@ -716,7 +716,8 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli,
  Get client gss blob to send to a server.
 ******************************************************************************/
 
-static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es,
+static NTSTATUS make_cli_gss_blob(TALLOC_CTX *ctx,
+				struct smb_trans_enc_state *es,
 				const char *service,
 				const char *host,
 				NTSTATUS status_in,
@@ -798,10 +799,10 @@ static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es,
 		status = NT_STATUS_ACCESS_DENIED;
 	}
 
-	blob_out = data_blob(tok_out.value, tok_out.length);
+	blob_out = data_blob_talloc(ctx, tok_out.value, tok_out.length);
 
 	/* Wrap in an SPNEGO wrapper */
-	*p_blob_out = spnego_gen_negTokenInit(krb_mechs, &blob_out, NULL);
+	*p_blob_out = spnego_gen_negTokenInit(ctx, krb_mechs, &blob_out, NULL);
 
   fail:
 
@@ -837,10 +838,10 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
 	strlower_m(fqdn);
 
 	servicename = "cifs";
-	status = make_cli_gss_blob(es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
+	status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
 	if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		servicename = "host";
-		status = make_cli_gss_blob(es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
+		status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
 		if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 			goto fail;
 		}
@@ -853,7 +854,7 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
 			es->enc_ctx_num = SVAL(param_out.data, 0);
 		}
 		data_blob_free(&blob_send);
-		status = make_cli_gss_blob(es, servicename, fqdn, status, blob_recv, &blob_send);
+		status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, status, blob_recv, &blob_send);
 	} while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED));
 	data_blob_free(&blob_recv);
 

source3/libsmb/clispnego.c

@@ -29,7 +29,8 @@
   OIDs (the mechanisms) a blob, and a principal name string
 */
 
-DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+DATA_BLOB spnego_gen_negTokenInit(TALLOC_CTX *ctx,
+				  const char *OIDs[],
 				  DATA_BLOB *psecblob,
 				  const char *principal)
 {
@@ -81,7 +82,7 @@ DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
 		DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data->ofs));
 	}
 
-	ret = data_blob(data->data, data->length);
+	ret = data_blob_talloc(ctx, data->data, data->length);
 	asn1_free(data);
 
 	return ret;
@@ -289,8 +290,9 @@ bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2])
    generate a SPNEGO krb5 negTokenInit packet, ready for a EXTENDED_SECURITY
    kerberos session setup
 */
-int spnego_gen_krb5_negTokenInit(const char *principal, int time_offset, 
-			    DATA_BLOB *targ, 
+int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx,
+			    const char *principal, int time_offset,
+			    DATA_BLOB *targ,
 			    DATA_BLOB *session_key_krb5, uint32 extra_ap_opts,
 			    time_t *expire_time)
 {
@@ -310,7 +312,7 @@ int spnego_gen_krb5_negTokenInit(const char *principal, int time_offset,
 	tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
 
 	/* and wrap that in a shiny SPNEGO wrapper */
-	*targ = spnego_gen_negTokenInit(krb_mechs, &tkt_wrapped, NULL);
+	*targ = spnego_gen_negTokenInit(ctx, krb_mechs, &tkt_wrapped, NULL);
 
 	data_blob_free(&tkt_wrapped);
 	data_blob_free(&tkt);

source3/rpc_client/cli_pipe.c

@@ -1352,7 +1352,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *
 	}
 
 	/* Wrap this in SPNEGO. */
-	spnego_msg = spnego_gen_negTokenInit(OIDs_ntlm, &request, NULL);
+	spnego_msg = spnego_gen_negTokenInit(talloc_tos(), OIDs_ntlm, &request, NULL);
 
 	data_blob_free(&request);
 
@@ -1363,6 +1363,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *
 					 1, /* auth_context_id */
 					 &spnego_msg,
 					 auth_info);
+
 	if (!NT_STATUS_IS_OK(status)) {
 		data_blob_free(&spnego_msg);
 		return status;
@@ -1370,6 +1371,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *
 
 	DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate:\n"));
 	dump_data(5, spnego_msg.data, spnego_msg.length);
+	data_blob_free(&spnego_msg);
 
 	return NT_STATUS_OK;
 }

source3/smbd/negprot.c

@@ -211,7 +211,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 		blob = data_blob(guid, 16);
 #else
 		/* Code for standalone WXP client */
-		blob = spnego_gen_negTokenInit(OIDs_ntlm, NULL, "NONE");
+		blob = spnego_gen_negTokenInit(ctx, OIDs_ntlm, NULL, "NONE");
 #endif
 	} else {
 		fstring myname;
@@ -222,7 +222,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 		    == -1) {
 			return data_blob_null;
 		}
-		blob = spnego_gen_negTokenInit(OIDs_krb5, NULL, host_princ_s);
+		blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, host_princ_s);
 		SAFE_FREE(host_princ_s);
 	}