sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-22 05:57:43 +03:00
Code

gensec: Remove mem_ctx from calls that do not return memory

Browse Source 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This commit is contained in:
Andrew Bartlett 2011-07-21 19:10:15 +10:00
parent 16b2118b43
commit d3fe48ba48
12 changed files with 21 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
auth/gensec/gensec.c
View File

@ -31,7 +31,6 @@
wrappers for the gensec function pointers
*/
_PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig)
@ -43,14 +42,13 @@ _PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
return NT_STATUS_INVALID_PARAMETER;
}
return gensec_security->ops->unseal_packet(gensec_security, mem_ctx,
return gensec_security->ops->unseal_packet(gensec_security,
data, length,
whole_pdu, pdu_length,
sig);
}
_PUBLIC_ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig)
@ -62,7 +60,7 @@ _PUBLIC_ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
return NT_STATUS_INVALID_PARAMETER;
}
return gensec_security->ops->check_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
return gensec_security->ops->check_packet(gensec_security, data, length, whole_pdu, pdu_length, sig);
}
_PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,

6
auth/gensec/gensec.h
View File

@ -104,11 +104,11 @@ struct gensec_security_ops {
size_t (*sig_size)(struct gensec_security *gensec_security, size_t data_size);
size_t (*max_input_size)(struct gensec_security *gensec_security);
size_t (*max_wrapped_size)(struct gensec_security *gensec_security);
NTSTATUS (*check_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
NTSTATUS (*check_packet)(struct gensec_security *gensec_security,
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig);
NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
NTSTATUS (*unseal_packet)(struct gensec_security *gensec_security,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig);
@ -241,12 +241,10 @@ struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_se
NTSTATUS gensec_init(void);
size_t gensec_max_input_size(struct gensec_security *gensec_security);
NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig);
NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig);

1
libcli/auth/schannel_proto.h
View File

@ -29,7 +29,6 @@ struct tdb_wrap *open_schannel_session_store(TALLOC_CTX *mem_ctx,
const char *private_dir);
NTSTATUS netsec_incoming_packet(struct schannel_state *state,
TALLOC_CTX *mem_ctx,
bool do_unseal,
uint8_t *data, size_t length,
const DATA_BLOB *sig);

1
libcli/auth/schannel_sign.c
View File

@ -139,7 +139,6 @@ static void netsec_do_sign(struct schannel_state *state,
}
NTSTATUS netsec_incoming_packet(struct schannel_state *state,
TALLOC_CTX *mem_ctx,
bool do_unseal,
uint8_t *data, size_t length,
const DATA_BLOB *sig)

4
source3/librpc/rpc/dcerpc_helpers.c
View File

@ -553,7 +553,7 @@ static NTSTATUS get_schannel_auth_footer(TALLOC_CTX *mem_ctx,
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
return netsec_incoming_packet(auth_state,
mem_ctx, true,
true,
data->data,
data->length,
auth_token);
@ -561,7 +561,7 @@ static NTSTATUS get_schannel_auth_footer(TALLOC_CTX *mem_ctx,
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
return netsec_incoming_packet(auth_state,
mem_ctx, false,
false,
data->data,
data->length,
auth_token);

15
source4/auth/gensec/gensec_gssapi.c
View File

@ -1038,7 +1038,6 @@ static NTSTATUS gensec_gssapi_seal_packet(struct gensec_security *gensec_securit
}
static NTSTATUS gensec_gssapi_unseal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig)
@ -1053,7 +1052,7 @@ static NTSTATUS gensec_gssapi_unseal_packet(struct gensec_security *gensec_secur
dump_data_pw("gensec_gssapi_unseal_packet: sig\n", sig->data, sig->length);
in = data_blob_talloc(mem_ctx, NULL, sig->length + length);
in = data_blob_talloc(gensec_security, NULL, sig->length + length);
memcpy(in.data, sig->data, sig->length);
memcpy(in.data + sig->length, data, length);
@ -1067,9 +1066,12 @@ static NTSTATUS gensec_gssapi_unseal_packet(struct gensec_security *gensec_secur
&output_token,
&conf_state,
&qop_state);
talloc_free(in.data);
if (GSS_ERROR(maj_stat)) {
char *error_string = gssapi_error_string(NULL, maj_stat, min_stat, gensec_gssapi_state->gss_oid);
DEBUG(1, ("gensec_gssapi_unseal_packet: GSS UnWrap failed: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
error_string));
talloc_free(error_string);
return NT_STATUS_ACCESS_DENIED;
}
@ -1128,7 +1130,6 @@ static NTSTATUS gensec_gssapi_sign_packet(struct gensec_security *gensec_securit
}
static NTSTATUS gensec_gssapi_check_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig)
@ -1159,8 +1160,10 @@ static NTSTATUS gensec_gssapi_check_packet(struct gensec_security *gensec_securi
&input_token,
&qop_state);
if (GSS_ERROR(maj_stat)) {
DEBUG(1, ("GSS VerifyMic failed: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
char *error_string = gssapi_error_string(NULL, maj_stat, min_stat, gensec_gssapi_state->gss_oid);
DEBUG(1, ("GSS VerifyMic failed: %s\n", error_string));
talloc_free(error_string);
return NT_STATUS_ACCESS_DENIED;
}

6
source4/auth/gensec/schannel.c
View File

@ -290,7 +290,6 @@ static bool schannel_have_feature(struct gensec_security *gensec_security,
unseal a packet
*/
static NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig)
@ -299,7 +298,7 @@ static NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security,
talloc_get_type(gensec_security->private_data,
struct schannel_state);
return netsec_incoming_packet(state, mem_ctx, true,
return netsec_incoming_packet(state, true,
discard_const_p(uint8_t, data),
length, sig);
}
@ -308,7 +307,6 @@ static NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security,
check the signature on a packet
*/
static NTSTATUS schannel_check_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig)
@ -317,7 +315,7 @@ static NTSTATUS schannel_check_packet(struct gensec_security *gensec_security,
talloc_get_type(gensec_security->private_data,
struct schannel_state);
return netsec_incoming_packet(state, mem_ctx, false,
return netsec_incoming_packet(state, false,
discard_const_p(uint8_t, data),
length, sig);
}

6
source4/auth/gensec/spnego.c
View File

@ -96,7 +96,6 @@ static NTSTATUS gensec_spnego_server_start(struct gensec_security *gensec_securi
wrappers for the spnego_*() functions
*/
static NTSTATUS gensec_spnego_unseal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig)
@ -109,14 +108,12 @@ static NTSTATUS gensec_spnego_unseal_packet(struct gensec_security *gensec_secur
}
return gensec_unseal_packet(spnego_state->sub_sec_security,
mem_ctx,
data, length,
whole_pdu, pdu_length,
sig);
}
static NTSTATUS gensec_spnego_check_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig)
@ -129,7 +126,6 @@ static NTSTATUS gensec_spnego_check_packet(struct gensec_security *gensec_securi
}
return gensec_check_packet(spnego_state->sub_sec_security,
mem_ctx,
data, length,
whole_pdu, pdu_length,
sig);
@ -922,7 +918,6 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
if (NT_STATUS_IS_OK(nt_status) && spnego.negTokenTarg.mechListMIC.length > 0) {
new_spnego = true;
nt_status = gensec_check_packet(spnego_state->sub_sec_security,
out_mem_ctx,
spnego_state->mech_types.data,
spnego_state->mech_types.length,
spnego_state->mech_types.data,
@ -1029,7 +1024,6 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
}
if (NT_STATUS_IS_OK(nt_status) && spnego.negTokenTarg.mechListMIC.length > 0) {
nt_status = gensec_check_packet(spnego_state->sub_sec_security,
out_mem_ctx,
spnego_state->mech_types.data,
spnego_state->mech_types.length,
spnego_state->mech_types.data,

2
source4/auth/ntlmssp/ntlmssp_sign.c
View File

@ -45,7 +45,6 @@ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security,
}
NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
TALLOC_CTX *sig_mem_ctx,
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig)
@ -87,7 +86,6 @@ NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security,
wrappers for the ntlmssp_*() functions
*/
NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *sig_mem_ctx,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig)

2
source4/librpc/rpc/dcerpc.c
View File

@ -708,7 +708,6 @@ static NTSTATUS ncacn_pull_request_auth(struct dcecli_connection *c, TALLOC_CTX
switch (c->security_state.auth_info->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
status = gensec_unseal_packet(c->security_state.generic_state,
mem_ctx,
raw_packet->data + DCERPC_REQUEST_LENGTH,
pkt->u.response.stub_and_verifier.length,
raw_packet->data,
@ -721,7 +720,6 @@ static NTSTATUS ncacn_pull_request_auth(struct dcecli_connection *c, TALLOC_CTX
case DCERPC_AUTH_LEVEL_INTEGRITY:
status = gensec_check_packet(c->security_state.generic_state,
mem_ctx,
pkt->u.response.stub_and_verifier.data,
pkt->u.response.stub_and_verifier.length,
raw_packet->data,

2
source4/rpc_server/dcesrv_auth.c
View File

@ -328,7 +328,6 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
switch (dce_conn->auth_state.auth_info->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
status = gensec_unseal_packet(dce_conn->auth_state.gensec_security,
call,
full_packet->data + hdr_size,
pkt->u.request.stub_and_verifier.length,
full_packet->data,
@ -341,7 +340,6 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
case DCERPC_AUTH_LEVEL_INTEGRITY:
status = gensec_check_packet(dce_conn->auth_state.gensec_security,
call,
pkt->u.request.stub_and_verifier.data,
pkt->u.request.stub_and_verifier.length,
full_packet->data,

8
source4/torture/auth/ntlmssp.c
View File

@ -78,14 +78,14 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
"data mismatch");
torture_assert_ntstatus_equal(tctx,
gensec_ntlmssp_check_packet(gensec_security, gensec_security,
gensec_ntlmssp_check_packet(gensec_security,
data.data, data.length, data.data, data.length, &sig),
NT_STATUS_ACCESS_DENIED, "Check of just signed packet (should fail, wrong end)");
ntlmssp_state->session_key = data_blob(NULL, 0);
torture_assert_ntstatus_equal(tctx,
gensec_ntlmssp_check_packet(gensec_security, gensec_security,
gensec_ntlmssp_check_packet(gensec_security,
data.data, data.length, data.data, data.length, &sig),
NT_STATUS_NO_USER_SESSION_KEY, "Check of just signed packet without a session key should fail");
@ -135,14 +135,14 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
"data mismatch");
torture_assert_ntstatus_equal(tctx,
gensec_ntlmssp_check_packet(gensec_security, gensec_security,
gensec_ntlmssp_check_packet(gensec_security,
data.data, data.length, data.data, data.length, &sig),
NT_STATUS_ACCESS_DENIED, "Check of just signed packet (should fail, wrong end)");
sig.length /= 2;
torture_assert_ntstatus_equal(tctx,
gensec_ntlmssp_check_packet(gensec_security, gensec_security,
gensec_ntlmssp_check_packet(gensec_security,
data.data, data.length, data.data, data.length, &sig),
NT_STATUS_ACCESS_DENIED, "Check of just signed packet with short sig");