s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS

This fixes a bug where register_existing_vuid() could be called with a
NULL server_info if the alloction failed.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>

diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index df4666aaeee71be3ee108ae15decc853b0fe85c4..ba7efbf48eb98a9b8f8d999993d9cab7a644c2c8 100644 (file)
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -84,8 +84,9 @@ void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
 
 }
 
-struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
-                                                         struct auth_ntlmssp_state *auth_ntlmssp_state)
+NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
+                                 struct auth_ntlmssp_state *auth_ntlmssp_state,
+                                 struct auth_serversupplied_info **_server_info)
 {
        struct auth_serversupplied_info *server_info = auth_ntlmssp_state->server_info;
        data_blob_free(&server_info->user_session_key);
@@ -95,10 +96,12 @@ struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
                        auth_ntlmssp_state->ntlmssp_state->session_key.data,
                        auth_ntlmssp_state->ntlmssp_state->session_key.length);
        if (auth_ntlmssp_state->ntlmssp_state->session_key.length && !server_info->user_session_key.data) {
-               return NULL;
+               *_server_info = NULL;
+               return NT_STATUS_NO_MEMORY;
        }
        auth_ntlmssp_state->server_info = NULL;
-       return talloc_steal(mem_ctx, server_info);
+       *_server_info = talloc_steal(mem_ctx, server_info);
+       return NT_STATUS_OK;
 }
 
 struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index d7b70cb4b2f2d569751255312de1d5540f4b76d8..cfa68da72343ff02fb116f5e70f5b11feed672d6 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -54,8 +54,9 @@ NTSTATUS auth_netlogond_init(void);
 
 /* The following definitions come from auth/auth_ntlmssp.c  */
 
-struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
-                                                         struct auth_ntlmssp_state *auth_ntlmssp_state);
+NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
+                                 struct auth_ntlmssp_state *auth_ntlmssp_state,
+                                 struct auth_serversupplied_info **_server_info);
 struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state);
 const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *auth_ntlmssp_state);
 const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *auth_ntlmssp_state);

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 34587f89645d98a1a45721b3e951d0b3c4671fea..85c212aa935b7961ada207339a3fda928482201c 100644 (file)
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -736,9 +736,10 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
 
        TALLOC_FREE(p->server_info);
 
-       p->server_info = auth_ntlmssp_server_info(p, a);
-       if (p->server_info == NULL) {
-               DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server info for authenticated user\n"));
+       status = auth_ntlmssp_server_info(p, a, &p->server_info);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server info for authenticated user: %s\n",
+                         nt_errstr(status)));
                return false;
        }
 

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 391654ebe3ba3b8a7dab40c0ae2b0907edf0c493..80a5239de31c486727ea032a954100f1c1eb61b0 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -637,7 +637,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
        struct smbd_server_connection *sconn = req->sconn;
 
        if (NT_STATUS_IS_OK(nt_status)) {
-               server_info = auth_ntlmssp_server_info(talloc_tos(), (*auth_ntlmssp_state));
+               nt_status = auth_ntlmssp_server_info(talloc_tos(), (*auth_ntlmssp_state), &server_info);
        } else {
                /* Note that this server_info won't have a session
                 * key.  But for map to guest, that's exactly the right

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 56aa2b80393f45a42e261004b961679156f80d99..6586a454395d431a9c561ca24a2197ba3dc5dfe9 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -615,11 +615,12 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
                                        uint64_t *out_session_id)
 {
        fstring tmp;
-       session->server_info = auth_ntlmssp_server_info(session, session->auth_ntlmssp_state);
-       if (!session->server_info) {
+       NTSTATUS status = auth_ntlmssp_server_info(session, session->auth_ntlmssp_state,
+                                                  &session->server_info);
+       if (!NT_STATUS_IS_OK(status)) {
                auth_ntlmssp_end(&session->auth_ntlmssp_state);
                TALLOC_FREE(session);
-               return NT_STATUS_NO_MEMORY;
+               return status;
        }
 
        if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||