1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

r533: More memory leak fixes from kawasa_r@itg.hitachi.co.jp. I need to

valgrind winbindd with these in....
Jeremy.
This commit is contained in:
Jeremy Allison 2004-05-06 23:08:56 +00:00 committed by Gerald (Jerry) Carter
parent b2ba4d5c1b
commit fa4774b73d

View File

@ -29,12 +29,12 @@
static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
{
const char *mechs[] = {OID_NTLMSSP, NULL};
DATA_BLOB msg1;
DATA_BLOB msg1 = data_blob(NULL, 0);
DATA_BLOB blob, chal1, chal2, auth;
uint8 challenge[8];
uint8 nthash[24], lmhash[24], sess_key[16];
uint32 neg_flags;
struct berval cred, *scred;
struct berval cred, *scred = NULL;
ADS_STATUS status;
int rc;
@ -70,6 +70,7 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
}
blob = data_blob(scred->bv_val, scred->bv_len);
ber_bvfree(scred);
/* the server gives us back two challenges */
if (!spnego_parse_challenge(blob, &chal1, &chal2)) {
@ -105,15 +106,29 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
data_blob_free(&blob);
/* Remember to free the msg1 blob. The contents of this
have been copied into cred and need freeing before reassignment. */
data_blob_free(&msg1);
/* now send the auth packet and we should be done */
cred.bv_val = (char *)auth.data;
cred.bv_len = auth.length;
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
ber_bvfree(scred);
data_blob_free(&auth);
return ADS_ERROR(rc);
failed:
/* Remember to free the msg1 blob. The contents of this
have been copied into cred and need freeing. */
data_blob_free(&msg1);
if(scred)
ber_bvfree(scred);
return status;
}
@ -122,9 +137,9 @@ failed:
*/
static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *principal)
{
DATA_BLOB blob;
struct berval cred, *scred;
DATA_BLOB session_key;
DATA_BLOB blob = data_blob(NULL, 0);
struct berval cred, *scred = NULL;
DATA_BLOB session_key = data_blob(NULL, 0);
int rc;
rc = spnego_gen_negTokenTarg(principal, ads->auth.time_offset, &blob, &session_key);
@ -141,6 +156,8 @@ static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *princip
data_blob_free(&blob);
data_blob_free(&session_key);
if(scred)
ber_bvfree(scred);
return ADS_ERROR(rc);
}
@ -154,7 +171,7 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
int rc, i;
ADS_STATUS status;
DATA_BLOB blob;
char *principal;
char *principal = NULL;
char *OIDs[ASN1_MAX_OIDS];
BOOL got_kerberos_mechanism = False;
@ -197,8 +214,10 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
got_kerberos_mechanism) {
status = ads_sasl_spnego_krb5_bind(ads, principal);
if (ADS_ERR_OK(status))
if (ADS_ERR_OK(status)) {
SAFE_FREE(principal);
return status;
}
status = ADS_ERROR_KRB5(ads_kinit_password(ads));
@ -209,11 +228,14 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
/* only fallback to NTLMSSP if allowed */
if (ADS_ERR_OK(status) ||
!(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
SAFE_FREE(principal);
return status;
}
}
#endif
SAFE_FREE(principal);
/* lets do NTLMSSP ... this has the big advantage that we don't need
to sync clocks, and we don't rely on special versions of the krb5
library for HMAC_MD4 encryption */
@ -242,7 +264,7 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
gss_buffer_desc output_token, input_token;
uint32 ret_flags, conf_state;
struct berval cred;
struct berval *scred;
struct berval *scred = NULL;
int i=0;
int gss_rc, rc;
uint8 *p;
@ -385,6 +407,8 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
gss_release_buffer(&minor_status, &input_token);
failed:
if(scred)
ber_bvfree(scred);
return status;
}
#endif