diff options
| author | Günther Deschner <gd@samba.org> | 2005-11-22 10:22:59 +0000 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2005-11-22 10:22:59 +0000 |
| commit | 36a460464a9a58eba2325311cdb627d33f8cc21f (patch) | |
| tree | 45b1702e3bb7afb56c5151f95f0e6d8e6fdddb00 | |
| parent | c9fa47bb75a5bd3b8fca2f3103366a1e77e5e695 (diff) | |
| download | samba-36a460464a9a58eba2325311cdb627d33f8cc21f.tar.gz samba-36a460464a9a58eba2325311cdb627d33f8cc21f.tar.xz samba-36a460464a9a58eba2325311cdb627d33f8cc21f.zip | |
r11846: Destroy the TALLOC_CTX on error in the Kerberos session setup and give a
more precise inline comment why PAC verification may fail.
Guenther
| -rw-r--r-- | source/libads/kerberos_verify.c | 6 | ||||
| -rw-r--r-- | source/smbd/sesssetup.c | 7 |
2 files changed, 10 insertions, 3 deletions
diff --git a/source/libads/kerberos_verify.c b/source/libads/kerberos_verify.c index f21577d0802..220bf14e32c 100644 --- a/source/libads/kerberos_verify.c +++ b/source/libads/kerberos_verify.c @@ -400,9 +400,9 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx, file_save("/tmp/ticket.dat", ticket->data, ticket->length); #endif - /* continue when no PAC is retrieved - (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, - or Kerberos tickets encryped using a DES key) - Guenther */ + /* continue when no PAC is retrieved or we couldn't decode the PAC + (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, or + Kerberos tickets encrypted using a DES key) - Guenther */ got_auth_data = get_auth_data_from_tkt(mem_ctx, &auth_data, tkt); if (!got_auth_data) { diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c index 2c967601678..8aa046b85a6 100644 --- a/source/smbd/sesssetup.c +++ b/source/smbd/sesssetup.c @@ -168,6 +168,7 @@ static int reply_spnego_kerberos(connection_struct *conn, return ERROR_NT(NT_STATUS_NO_MEMORY); if (!spnego_parse_krb5_wrap(*secblob, &ticket, tok_id)) { + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -177,6 +178,7 @@ static int reply_spnego_kerberos(connection_struct *conn, if (!NT_STATUS_IS_OK(ret)) { DEBUG(1,("Failed to verify incoming ticket!\n")); + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -188,6 +190,7 @@ static int reply_spnego_kerberos(connection_struct *conn, data_blob_free(&ap_rep); data_blob_free(&session_key); SAFE_FREE(client); + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -206,6 +209,7 @@ static int reply_spnego_kerberos(connection_struct *conn, data_blob_free(&ap_rep); data_blob_free(&session_key); SAFE_FREE(client); + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } } @@ -283,6 +287,7 @@ static int reply_spnego_kerberos(connection_struct *conn, SAFE_FREE(client); data_blob_free(&ap_rep); data_blob_free(&session_key); + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } } @@ -302,6 +307,7 @@ static int reply_spnego_kerberos(connection_struct *conn, data_blob_free(&ap_rep); data_blob_free(&session_key); passwd_free(&pw); + talloc_destroy(mem_ctx); return ERROR_NT(ret); } @@ -314,6 +320,7 @@ static int reply_spnego_kerberos(connection_struct *conn, data_blob_free(&ap_rep); data_blob_free(&session_key); passwd_free(&pw); + talloc_destroy(mem_ctx); return ERROR_NT(ret); } |