auth/credentials: make sure cli_credentials_get_nt_hash() always returns a talloc...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index be497bc974cdcb258259d99db10cdc8043c42a2d..57a7c0b80d068e5039e92cf33f5a322532990d62 100644 (file)
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -471,8 +471,8 @@ _PUBLIC_ bool cli_credentials_set_old_password(struct cli_credentials *cred,
  * @param cred credentials context
  * @retval If set, the cleartext password, otherwise NULL
  */
-_PUBLIC_ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, 
-                                                       TALLOC_CTX *mem_ctx)
+_PUBLIC_ struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred,
+                                                          TALLOC_CTX *mem_ctx)
 {
        const char *password = cli_credentials_get_password(cred);
 
@@ -481,13 +481,22 @@ _PUBLIC_ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_cred
                if (!nt_hash) {
                        return NULL;
                }
-               
+
                E_md4hash(password, nt_hash->hash);    
 
                return nt_hash;
-       } else {
-               return cred->nt_hash;
+       } else if (cred->nt_hash != NULL) {
+               struct samr_Password *nt_hash = talloc(mem_ctx, struct samr_Password);
+               if (!nt_hash) {
+                       return NULL;
+               }
+
+               *nt_hash = *cred->nt_hash;
+
+               return nt_hash;
        }
+
+       return NULL;
 }
 
 /**

diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index cb09dc326c0c86caacc976c5f1f9e4c980d6ce29..766a513cca939c77a7e3072dd4290280c6ce5c58 100644 (file)
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -141,8 +141,8 @@ bool cli_credentials_set_password(struct cli_credentials *cred,
                                  enum credentials_obtained obtained);
 struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx);
 void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained);
-const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, 
-                                                       TALLOC_CTX *mem_ctx);
+struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred,
+                                                 TALLOC_CTX *mem_ctx);
 bool cli_credentials_set_realm(struct cli_credentials *cred, 
                               const char *val, 
                               enum credentials_obtained obtained);