Commit 13aa693f authored by Jeremy Allison's avatar Jeremy Allison Committed by Gerald (Jerry) Carter
Browse files

r533: More memory leak fixes from kawasa_r@itg.hitachi.co.jp. I need to 

valgrind winbindd with these in....
Jeremy.
(This used to be commit fa4774b73d338a0c0df09f23cd738279bf4e71a2)
parent 33ebb4be

source3/libads/sasl.c

+32 −8
Original line number Diff line number Diff line
@@ -29,12 +29,12 @@ 
static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)

{

	const char *mechs[] = {OID_NTLMSSP, NULL};

	DATA_BLOB msg1;

	DATA_BLOB msg1 = data_blob(NULL, 0);

	DATA_BLOB blob, chal1, chal2, auth;

	uint8 challenge[8];

	uint8 nthash[24], lmhash[24], sess_key[16];

	uint32 neg_flags;

	struct berval cred, *scred;

	struct berval cred, *scred = NULL;

	ADS_STATUS status;

	int rc;
@@ -70,6 +70,7 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) 
	}



	blob = data_blob(scred->bv_val, scred->bv_len);

	ber_bvfree(scred);



	/* the server gives us back two challenges */

	if (!spnego_parse_challenge(blob, &chal1, &chal2)) {
@@ -105,15 +106,29 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) 


	data_blob_free(&blob);



	/* Remember to free the msg1 blob. The contents of this

	   have been copied into cred and need freeing before reassignment. */

	data_blob_free(&msg1);



	/* now send the auth packet and we should be done */

	cred.bv_val = (char *)auth.data;

	cred.bv_len = auth.length;



	rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);



	ber_bvfree(scred);

	data_blob_free(&auth);

	

	return ADS_ERROR(rc);



failed:



	/* Remember to free the msg1 blob. The contents of this

	   have been copied into cred and need freeing. */

	data_blob_free(&msg1);



	if(scred)

		ber_bvfree(scred);

	return status;

}
@@ -122,9 +137,9 @@ failed: 
*/

static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *principal)

{

	DATA_BLOB blob;

	struct berval cred, *scred;

	DATA_BLOB session_key;

	DATA_BLOB blob = data_blob(NULL, 0);

	struct berval cred, *scred = NULL;

	DATA_BLOB session_key = data_blob(NULL, 0);

	int rc;



	rc = spnego_gen_negTokenTarg(principal, ads->auth.time_offset, &blob, &session_key);
@@ -141,6 +156,8 @@ static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *princip 


	data_blob_free(&blob);

	data_blob_free(&session_key);

	if(scred)

		ber_bvfree(scred);



	return ADS_ERROR(rc);

}
@@ -154,7 +171,7 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) 
	int rc, i;

	ADS_STATUS status;

	DATA_BLOB blob;

	char *principal;

	char *principal = NULL;

	char *OIDs[ASN1_MAX_OIDS];

	BOOL got_kerberos_mechanism = False;
@@ -197,8 +214,10 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) 
	if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&

	    got_kerberos_mechanism) {

		status = ads_sasl_spnego_krb5_bind(ads, principal);

		if (ADS_ERR_OK(status))

		if (ADS_ERR_OK(status)) {

			SAFE_FREE(principal);

			return status;

		}



		status = ADS_ERROR_KRB5(ads_kinit_password(ads));
@@ -209,11 +228,14 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) 
		/* only fallback to NTLMSSP if allowed */

		if (ADS_ERR_OK(status) || 

		    !(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {

			SAFE_FREE(principal);

			return status;

		}

	}

#endif



	SAFE_FREE(principal);



	/* lets do NTLMSSP ... this has the big advantage that we don't need

	   to sync clocks, and we don't rely on special versions of the krb5 

	   library for HMAC_MD4 encryption */
@@ -242,7 +264,7 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) 
	gss_buffer_desc output_token, input_token;

	uint32 ret_flags, conf_state;

	struct berval cred;

	struct berval *scred;

	struct berval *scred = NULL;

	int i=0;

	int gss_rc, rc;

	uint8 *p;
@@ -385,6 +407,8 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) 
	gss_release_buffer(&minor_status, &input_token);



failed:

	if(scred)

		ber_bvfree(scred);

	return status;

}

#endif