Correctly invalidate intermediate vuids

Because of the "&& usp->server_info" test in get_valid_user_struct,
invalidate_vuid() called for an intermediate vuid would never do what it was
supposed to do. There is no server_info in the intermediate vuids.

This fixes a memleak, it was found for a client that does silly sequences of
sesssionsetup/ulogoff for every operation.

diff --git a/source/smbd/password.c b/source/smbd/password.c
index 4ea1d9a83f438b40036e0669c30e624f56c1926f..8f75ea823f809b29e34a99fb973f20bdbf024309 100644 (file)
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -116,6 +116,19 @@ void invalidate_vuid(uint16 vuid)
        num_validated_vuids--;
 }
 
+void invalidate_intermediate_vuid(uint16 vuid)
+{
+       user_struct *vuser = get_partial_auth_user_struct(vuid);
+
+       if (vuser == NULL)
+               return;
+
+       DLIST_REMOVE(validated_users, vuser);
+
+       SAFE_FREE(vuser);
+       num_validated_vuids--;
+}
+
 /****************************************************************************
  Invalidate all vuid entries for this process.
 ****************************************************************************/

diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index 058faedd5ea34eb6883a940393aa840c12df6f46..d9a52625fe17fa3da0f66873b00721fc26def1cd 100644 (file)
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -624,7 +624,7 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out
                /* NB. This is *NOT* an error case. JRA */
                auth_ntlmssp_end(auth_ntlmssp_state);
                /* Kill the intermediate vuid */
-               invalidate_vuid(vuid);
+               invalidate_intermediate_vuid(vuid);
        }
 
        return ret;
@@ -690,7 +690,7 @@ static int reply_spnego_negotiate(connection_struct *conn,
        status = parse_spnego_mechanisms(blob1, &secblob, &got_kerberos_mechanism);
        if (!NT_STATUS_IS_OK(status)) {
                /* Kill the intermediate vuid */
-               invalidate_vuid(vuid);
+               invalidate_intermediate_vuid(vuid);
                return ERROR_NT(nt_status_squash(status));
        }
 
@@ -704,7 +704,7 @@ static int reply_spnego_negotiate(connection_struct *conn,
                data_blob_free(&secblob);
                if (destroy_vuid) {
                        /* Kill the intermediate vuid */
-                       invalidate_vuid(vuid);
+                       invalidate_intermediate_vuid(vuid);
                }
                return ret;
        }
@@ -717,7 +717,7 @@ static int reply_spnego_negotiate(connection_struct *conn,
        status = auth_ntlmssp_start(auth_ntlmssp_state);
        if (!NT_STATUS_IS_OK(status)) {
                /* Kill the intermediate vuid */
-               invalidate_vuid(vuid);
+               invalidate_intermediate_vuid(vuid);
                return ERROR_NT(nt_status_squash(status));
        }
 
@@ -755,7 +755,7 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
                file_save("auth.dat", blob1.data, blob1.length);
 #endif
                /* Kill the intermediate vuid */
-               invalidate_vuid(vuid);
+               invalidate_intermediate_vuid(vuid);
 
                return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
        }
@@ -776,7 +776,7 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
                                data_blob_free(&auth);
                                if (destroy_vuid) {
                                        /* Kill the intermediate vuid */
-                                       invalidate_vuid(vuid);
+                                       invalidate_intermediate_vuid(vuid);
                                }
                                return ret;
                        }
@@ -789,7 +789,7 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
        
        if (!*auth_ntlmssp_state) {
                /* Kill the intermediate vuid */
-               invalidate_vuid(vuid);
+               invalidate_intermediate_vuid(vuid);
 
                /* auth before negotiatiate? */
                return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
@@ -1112,7 +1112,7 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
        if (!NT_STATUS_IS_OK(status)) {
                if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                        /* Real error - kill the intermediate vuid */
-                       invalidate_vuid(vuid);
+                       invalidate_intermediate_vuid(vuid);
                }
                data_blob_free(&blob1);
                return ERROR_NT(nt_status_squash(status));
@@ -1140,7 +1140,7 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
                        status = auth_ntlmssp_start(&vuser->auth_ntlmssp_state);
                        if (!NT_STATUS_IS_OK(status)) {
                                /* Kill the intermediate vuid */
-                               invalidate_vuid(vuid);
+                               invalidate_intermediate_vuid(vuid);
                                data_blob_free(&blob1);
                                return ERROR_NT(nt_status_squash(status));
                        }