mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
r533: More memory leak fixes from kawasa_r@itg.hitachi.co.jp. I need to
valgrind winbindd with these in.... Jeremy.
This commit is contained in:
parent
b2ba4d5c1b
commit
fa4774b73d
@ -29,12 +29,12 @@
|
||||
static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
|
||||
{
|
||||
const char *mechs[] = {OID_NTLMSSP, NULL};
|
||||
DATA_BLOB msg1;
|
||||
DATA_BLOB msg1 = data_blob(NULL, 0);
|
||||
DATA_BLOB blob, chal1, chal2, auth;
|
||||
uint8 challenge[8];
|
||||
uint8 nthash[24], lmhash[24], sess_key[16];
|
||||
uint32 neg_flags;
|
||||
struct berval cred, *scred;
|
||||
struct berval cred, *scred = NULL;
|
||||
ADS_STATUS status;
|
||||
int rc;
|
||||
|
||||
@ -70,6 +70,7 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
|
||||
}
|
||||
|
||||
blob = data_blob(scred->bv_val, scred->bv_len);
|
||||
ber_bvfree(scred);
|
||||
|
||||
/* the server gives us back two challenges */
|
||||
if (!spnego_parse_challenge(blob, &chal1, &chal2)) {
|
||||
@ -105,15 +106,29 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
|
||||
|
||||
data_blob_free(&blob);
|
||||
|
||||
/* Remember to free the msg1 blob. The contents of this
|
||||
have been copied into cred and need freeing before reassignment. */
|
||||
data_blob_free(&msg1);
|
||||
|
||||
/* now send the auth packet and we should be done */
|
||||
cred.bv_val = (char *)auth.data;
|
||||
cred.bv_len = auth.length;
|
||||
|
||||
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
|
||||
|
||||
ber_bvfree(scred);
|
||||
data_blob_free(&auth);
|
||||
|
||||
return ADS_ERROR(rc);
|
||||
|
||||
failed:
|
||||
|
||||
/* Remember to free the msg1 blob. The contents of this
|
||||
have been copied into cred and need freeing. */
|
||||
data_blob_free(&msg1);
|
||||
|
||||
if(scred)
|
||||
ber_bvfree(scred);
|
||||
return status;
|
||||
}
|
||||
|
||||
@ -122,9 +137,9 @@ failed:
|
||||
*/
|
||||
static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *principal)
|
||||
{
|
||||
DATA_BLOB blob;
|
||||
struct berval cred, *scred;
|
||||
DATA_BLOB session_key;
|
||||
DATA_BLOB blob = data_blob(NULL, 0);
|
||||
struct berval cred, *scred = NULL;
|
||||
DATA_BLOB session_key = data_blob(NULL, 0);
|
||||
int rc;
|
||||
|
||||
rc = spnego_gen_negTokenTarg(principal, ads->auth.time_offset, &blob, &session_key);
|
||||
@ -141,6 +156,8 @@ static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *princip
|
||||
|
||||
data_blob_free(&blob);
|
||||
data_blob_free(&session_key);
|
||||
if(scred)
|
||||
ber_bvfree(scred);
|
||||
|
||||
return ADS_ERROR(rc);
|
||||
}
|
||||
@ -154,7 +171,7 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
|
||||
int rc, i;
|
||||
ADS_STATUS status;
|
||||
DATA_BLOB blob;
|
||||
char *principal;
|
||||
char *principal = NULL;
|
||||
char *OIDs[ASN1_MAX_OIDS];
|
||||
BOOL got_kerberos_mechanism = False;
|
||||
|
||||
@ -197,8 +214,10 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
|
||||
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
|
||||
got_kerberos_mechanism) {
|
||||
status = ads_sasl_spnego_krb5_bind(ads, principal);
|
||||
if (ADS_ERR_OK(status))
|
||||
if (ADS_ERR_OK(status)) {
|
||||
SAFE_FREE(principal);
|
||||
return status;
|
||||
}
|
||||
|
||||
status = ADS_ERROR_KRB5(ads_kinit_password(ads));
|
||||
|
||||
@ -209,11 +228,14 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
|
||||
/* only fallback to NTLMSSP if allowed */
|
||||
if (ADS_ERR_OK(status) ||
|
||||
!(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
|
||||
SAFE_FREE(principal);
|
||||
return status;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
SAFE_FREE(principal);
|
||||
|
||||
/* lets do NTLMSSP ... this has the big advantage that we don't need
|
||||
to sync clocks, and we don't rely on special versions of the krb5
|
||||
library for HMAC_MD4 encryption */
|
||||
@ -242,7 +264,7 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
|
||||
gss_buffer_desc output_token, input_token;
|
||||
uint32 ret_flags, conf_state;
|
||||
struct berval cred;
|
||||
struct berval *scred;
|
||||
struct berval *scred = NULL;
|
||||
int i=0;
|
||||
int gss_rc, rc;
|
||||
uint8 *p;
|
||||
@ -385,6 +407,8 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
|
||||
gss_release_buffer(&minor_status, &input_token);
|
||||
|
||||
failed:
|
||||
if(scred)
|
||||
ber_bvfree(scred);
|
||||
return status;
|
||||
}
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user