struct authn_audit_info **server_audit_info_out,
NTSTATUS *status_out)
{
+ TALLOC_CTX *tmp_ctx = NULL;
krb5_error_code code = EINVAL;
NTSTATUS nt_status;
DATA_BLOB *pac_blob = NULL;
*status_out = NT_STATUS_OK;
}
+ tmp_ctx = talloc_new(mem_ctx);
+ if (tmp_ctx == NULL) {
+ code = ENOMEM;
+ goto done;
+ }
+
{
int result = smb_krb5_principal_is_tgs(context, server_principal);
if (result == -1) {
} else {
DATA_BLOB *device_claims = NULL;
- device_claims = talloc_zero(mem_ctx, DATA_BLOB);
+ device_claims = talloc_zero(tmp_ctx, DATA_BLOB);
if (device_claims == NULL) {
smb_krb5_free_data_contents(context, &device_claims_data);
code = ENOMEM;
goto done;
}
- *device_claims = data_blob_talloc(mem_ctx,
+ *device_claims = data_blob_talloc(tmp_ctx,
device_claims_data.data,
device_claims_data.length);
if (device_claims->data == NULL && device_claims_data.length != 0) {
device_claims_blob = device_claims;
}
- code = samba_kdc_create_device_info_blob(mem_ctx,
+ code = samba_kdc_create_device_info_blob(tmp_ctx,
context,
samdb,
device_pac,
}
} else {
/* Don't trust RODC-issued claims. Regenerate them. */
- nt_status = samba_kdc_get_claims_blob(mem_ctx,
+ nt_status = samba_kdc_get_claims_blob(tmp_ctx,
device,
&device_claims_blob);
if (!NT_STATUS_IS_OK(nt_status)) {
}
/* Also regenerate device info. */
- code = samba_kdc_get_device_info_blob(mem_ctx,
+ code = samba_kdc_get_device_info_blob(tmp_ctx,
device,
&device_info_blob);
if (code != 0) {
}
if (delegated_proxy_principal != NULL) {
- deleg_blob = talloc_zero(mem_ctx, DATA_BLOB);
+ deleg_blob = talloc_zero(tmp_ctx, DATA_BLOB);
if (deleg_blob == NULL) {
code = ENOMEM;
goto done;
}
}
- code = samba_kdc_obtain_user_info_dc(mem_ctx,
+ code = samba_kdc_obtain_user_info_dc(tmp_ctx,
context,
samdb,
group_inclusion,
if (delegated_proxy != NULL) {
auth_entry = delegated_proxy;
- code = samba_kdc_obtain_user_info_dc(mem_ctx,
+ code = samba_kdc_obtain_user_info_dc(tmp_ctx,
context,
samdb,
AUTH_INCLUDE_RESOURCE_GROUPS,
server,
server_audit_info_out,
status_out);
- if (auth_user_info_dc != user_info_dc) {
- talloc_unlink(mem_ctx, auth_user_info_dc);
- }
if (code) {
goto done;
}
}
if (client_pac_is_trusted) {
- pac_blob = talloc_zero(mem_ctx, DATA_BLOB);
+ pac_blob = talloc_zero(tmp_ctx, DATA_BLOB);
if (pac_blob == NULL) {
code = ENOMEM;
goto done;
}
- nt_status = samba_get_logon_info_pac_blob(mem_ctx,
+ nt_status = samba_get_logon_info_pac_blob(tmp_ctx,
user_info_dc,
_resource_groups,
group_inclusion,
client_claims_blob = &data_blob_null;
}
} else {
- nt_status = samba_kdc_get_logon_info_blob(mem_ctx,
+ nt_status = samba_kdc_get_logon_info_blob(tmp_ctx,
user_info_dc,
group_inclusion,
&pac_blob);
goto done;
}
- nt_status = samba_kdc_get_upn_info_blob(mem_ctx,
+ nt_status = samba_kdc_get_upn_info_blob(tmp_ctx,
user_info_dc,
&upn_blob);
if (!NT_STATUS_IS_OK(nt_status)) {
goto done;
}
- nt_status = samba_kdc_get_requester_sid_blob(mem_ctx,
+ nt_status = samba_kdc_get_requester_sid_blob(tmp_ctx,
user_info_dc,
&requester_sid_blob);
if (!NT_STATUS_IS_OK(nt_status)) {
}
/* Don't trust RODC-issued claims. Regenerate them. */
- nt_status = samba_kdc_get_claims_blob(mem_ctx,
+ nt_status = samba_kdc_get_claims_blob(tmp_ctx,
client,
&client_claims_blob);
if (!NT_STATUS_IS_OK(nt_status)) {
/* Check the types of the given PAC */
code = pac_blobs_from_krb5_pac(&pac_blobs,
- mem_ctx,
+ tmp_ctx,
context,
old_pac);
if (code != 0) {
#endif
code = pac_blobs_add_blob(&pac_blobs,
- mem_ctx,
+ tmp_ctx,
PAC_TYPE_CONSTRAINED_DELEGATION,
deleg_blob);
if (code != 0) {
}
code = pac_blobs_add_blob(&pac_blobs,
- mem_ctx,
+ tmp_ctx,
PAC_TYPE_UPN_DNS_INFO,
upn_blob);
if (code != 0) {
}
code = pac_blobs_add_blob(&pac_blobs,
- mem_ctx,
+ tmp_ctx,
PAC_TYPE_CLIENT_CLAIMS_INFO,
client_claims_blob);
if (code != 0) {
}
code = pac_blobs_add_blob(&pac_blobs,
- mem_ctx,
+ tmp_ctx,
PAC_TYPE_DEVICE_INFO,
device_info_blob);
if (code != 0) {
}
code = pac_blobs_add_blob(&pac_blobs,
- mem_ctx,
+ tmp_ctx,
PAC_TYPE_DEVICE_CLAIMS_INFO,
device_claims_blob);
if (code != 0) {
if (!client_pac_is_trusted || !is_tgs) {
code = pac_blobs_remove_blob(&pac_blobs,
- mem_ctx,
+ tmp_ctx,
PAC_TYPE_ATTRIBUTES_INFO);
if (code != 0) {
goto done;
if (!is_tgs) {
code = pac_blobs_remove_blob(&pac_blobs,
- mem_ctx,
+ tmp_ctx,
PAC_TYPE_REQUESTER_SID);
if (code != 0) {
goto done;
}
} else {
code = pac_blobs_add_blob(&pac_blobs,
- mem_ctx,
+ tmp_ctx,
PAC_TYPE_REQUESTER_SID,
requester_sid_blob);
if (code != 0) {
code = samba_client_requested_pac(context,
old_pac,
- mem_ctx,
+ tmp_ctx,
&requested_pac);
if (code != 0 || !requested_pac) {
if (!requested_pac) {
code = 0;
done:
pac_blobs_destroy(&pac_blobs);
- TALLOC_FREE(pac_blob);
- TALLOC_FREE(upn_blob);
- TALLOC_FREE(deleg_blob);
- /*
- * Release our handle to user_info_dc. ‘server_audit_info_out’, if
- * non-NULL, becomes the new parent.
- */
- talloc_unlink(mem_ctx, user_info_dc);
+ TALLOC_FREE(tmp_ctx);
return code;
}
projects / thirdparty / samba.git / commitdiff
