auth: don't allocate session_info from pool.

source3/smbd/password.c: (register_existing_vuid)
	/* Use this to keep tabs on all our info from the authentication */
	vuser->session_info = talloc_move(vuser, &session_info);

This is flawed, since session_info is inside the talloc pool allocated
at source3/smbd/process.c:3529.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

diff --git a/auth/common_auth.h b/auth/common_auth.h
index cf21543a91922d1e8c82373b2732156df18fae63..9f654c9441fc7022d032c2d31d8660f605aa67c5 100644 (file)
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -117,6 +117,8 @@ struct auth4_context {
 
        NTSTATUS (*set_ntlm_challenge)(struct auth4_context *auth_ctx, const uint8_t chal[8], const char *set_by);
 
+       /* Subtle! mem_ctx could be a pool and we want to steal session_info,
+        * so please talloc_steal it onto mem_ctx so it's not a pool object! */
        NTSTATUS (*generate_session_info)(struct auth4_context *auth_context,
                                          TALLOC_CTX *mem_ctx,
                                          void *server_returned_info,

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index b38ee48d7f84ff615f8bfc8bb31a2e41c2ed69f2..fe28ea6c324d4c027433ca1edb39164e9f824644 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -475,10 +475,12 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
                return NT_STATUS_LOGON_FAILURE;
        }
 
-       session_info = talloc_zero(mem_ctx, struct auth_session_info);
+       /* Don't put session_info in the pool! */
+       session_info = talloc_zero(NULL, struct auth_session_info);
        if (!session_info) {
                return NT_STATUS_NO_MEMORY;
        }
+       talloc_reparent(NULL, mem_ctx, session_info);
 
        session_info->unix_token = talloc_zero(session_info, struct security_unix_token);
        if (!session_info->unix_token) {

diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 60897bf5fb5de072885e466990f15fa0a6aace36..2360ee43dfede8b25312715836c8b5c4f0deac3f 100644 (file)
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -93,11 +93,13 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
        talloc_set_name_const(logon_info, "struct PAC_LOGON_INFO");
 
        auth_ctx->private_data = talloc_steal(auth_ctx, logon_info);
-       *session_info = talloc_zero(mem_ctx, struct auth_session_info);
+       /* Don't put session_info in the pool! */
+       *session_info = talloc_zero(NULL, struct auth_session_info);
        if (!*session_info) {
                status = NT_STATUS_NO_MEMORY;
                goto done;
        }
+       talloc_reparent(NULL, mem_ctx, session_info);
        status = NT_STATUS_OK;
 
 done:

diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 5bf2a7be02c63c5ab2a19d23250eab882780e3fd..8485c6fc53b52da00d81d4053363abf2e1ba2508 100644 (file)
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -689,10 +689,12 @@ static NTSTATUS ntlm_auth_generate_session_info(struct auth4_context *auth_conte
                                                struct auth_session_info **session_info_out)
 {
        char *unix_username = (char *)server_returned_info;
-       struct auth_session_info *session_info = talloc_zero(mem_ctx, struct auth_session_info);
+       /* Don't put session_info in the pool! */
+       struct auth_session_info *session_info = talloc_zero(NULL, struct auth_session_info);
        if (!session_info) {
                return NT_STATUS_NO_MEMORY;
        }
+       talloc_reparent(NULL, mem_ctx, session_info);
 
        session_info->unix_info = talloc_zero(session_info, struct auth_user_info_unix);
        if (!session_info->unix_info) {