From: Pavel Filipenský <pfilipensky@samba.org>
Date: Wed, 26 Nov 2025 09:34:02 +0000 (+0100)
Subject: auth: Use new data_blob_..._s() functions and remove talloc_keep_secret()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=562c2a9b258288cbf3a5b07a9da56b69d0a5d7a2;p=thirdparty%2Fsamba.git

auth: Use new data_blob_..._s() functions and remove talloc_keep_secret()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index 8d289e26781..10a474420d7 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -1695,7 +1695,7 @@ _PUBLIC_ int cli_credentials_get_kerberos_key(struct cli_credentials *cred,
 		TALLOC_FREE(frame);
 		return EINVAL;
 	}
-	*key_blob = data_blob_talloc(mem_ctx,
+	*key_blob = data_blob_talloc_s(mem_ctx,
 				    KRB5_KEY_DATA(&key),
 				    KRB5_KEY_LENGTH(&key));
 	krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &key);
@@ -1703,7 +1703,6 @@ _PUBLIC_ int cli_credentials_get_kerberos_key(struct cli_credentials *cred,
 		TALLOC_FREE(frame);
 		return ENOMEM;
 	}
-	talloc_keep_secret(key_blob->data);
 
 	TALLOC_FREE(frame);
 	return 0;
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 94ff51f2e93..e313b627ea8 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -120,12 +120,11 @@ NTSTATUS smb2_signing_key_copy(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_OK;
 	}
 
-	dst->blob = data_blob_talloc_zero(dst, src->blob.length);
+	dst->blob = data_blob_talloc_zero_s(dst, src->blob.length);
 	if (dst->blob.length == 0) {
 		TALLOC_FREE(dst);
 		return NT_STATUS_NO_MEMORY;
 	}
-	talloc_keep_secret(dst->blob.data);
 	memcpy(dst->blob.data, src->blob.data, dst->blob.length);
 
 	*_dst = dst;
@@ -243,12 +242,11 @@ static NTSTATUS smb2_signing_key_create(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_OK;
 	}
 
-	key->blob = data_blob_talloc_zero(key, out_key_length);
+	key->blob = data_blob_talloc_zero_s(key, out_key_length);
 	if (key->blob.length == 0) {
 		TALLOC_FREE(key);
 		return NT_STATUS_NO_MEMORY;
 	}
-	talloc_keep_secret(key->blob.data);
 	memcpy(key->blob.data,
 	       master_key->data,
 	       MIN(key->blob.length, master_key->length));
diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index 525092b2e1a..13a4ba45283 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -1071,7 +1071,7 @@ static int secrets_domain_info_kerberos_keys(struct secrets_domain_info1_passwor
 		return ENOMEM;
 	}
 
-	arc4_b = data_blob_talloc(keys,
+	arc4_b = data_blob_talloc_s(keys,
 				  p->nt_hash.hash,
 				  sizeof(p->nt_hash.hash));
 	if (arc4_b.data == NULL) {
@@ -1079,7 +1079,6 @@ static int secrets_domain_info_kerberos_keys(struct secrets_domain_info1_passwor
 		TALLOC_FREE(keys);
 		return ENOMEM;
 	}
-	talloc_keep_secret(arc4_b.data);
 
 #ifdef HAVE_ADS
 	if (salt_principal == NULL) {
@@ -1143,7 +1142,7 @@ static int secrets_domain_info_kerberos_keys(struct secrets_domain_info1_passwor
 		TALLOC_FREE(salt_data);
 		return krb5_ret;
 	}
-	aes_256_b = data_blob_talloc(keys,
+	aes_256_b = data_blob_talloc_s(keys,
 				     KRB5_KEY_DATA(&key),
 				     KRB5_KEY_LENGTH(&key));
 	krb5_free_keyblock_contents(krb5_ctx, &key);
@@ -1154,7 +1153,6 @@ static int secrets_domain_info_kerberos_keys(struct secrets_domain_info1_passwor
 		TALLOC_FREE(salt_data);
 		return ENOMEM;
 	}
-	talloc_keep_secret(aes_256_b.data);
 
 	krb5_ret = smb_krb5_create_key_from_string(krb5_ctx,
 						   NULL,
@@ -1170,7 +1168,7 @@ static int secrets_domain_info_kerberos_keys(struct secrets_domain_info1_passwor
 		TALLOC_FREE(salt_data);
 		return krb5_ret;
 	}
-	aes_128_b = data_blob_talloc(keys,
+	aes_128_b = data_blob_talloc_s(keys,
 				     KRB5_KEY_DATA(&key),
 				     KRB5_KEY_LENGTH(&key));
 	krb5_free_keyblock_contents(krb5_ctx, &key);
@@ -1181,7 +1179,6 @@ static int secrets_domain_info_kerberos_keys(struct secrets_domain_info1_passwor
 		TALLOC_FREE(salt_data);
 		return ENOMEM;
 	}
-	talloc_keep_secret(aes_128_b.data);
 
 	krb5_free_context(krb5_ctx);
 no_kerberos:
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index e3f48526492..660cda5ea91 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2512,11 +2512,10 @@ static NTSTATUS rpccli_bh_transport_session_key(struct dcerpc_binding_handle *h,
 	sk = hs->rpc_cli->conn->transport_session_key;
 	sk.length = MIN(sk.length, 16);
 
-	*session_key = data_blob_dup_talloc(mem_ctx, sk);
+	*session_key = data_blob_dup_talloc_s(mem_ctx, sk);
 	if (session_key->length != sk.length) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	talloc_keep_secret(session_key->data);
 	return NT_STATUS_OK;
 }
 
diff --git a/source3/smbd/smb1_reply.c b/source3/smbd/smb1_reply.c
index f7b2fb65720..a84ccb032c9 100644
--- a/source3/smbd/smb1_reply.c
+++ b/source3/smbd/smb1_reply.c
@@ -406,16 +406,14 @@ void reply_tcon_and_X(struct smb_request *req)
 		/*
 		 * The application key is truncated/padded to 16 bytes
 		 */
-		x->global->application_key_blob = data_blob_talloc(x->global,
-							     session_key,
-							     sizeof(session_key));
+		x->global->application_key_blob = data_blob_talloc_s(
+			x->global, session_key, sizeof(session_key));
 		ZERO_STRUCT(session_key);
 		if (x->global->application_key_blob.data == NULL) {
 			reply_nterror(req, NT_STATUS_NO_MEMORY);
 			END_PROFILE(SMBtconX);
 			return;
 		}
-		talloc_keep_secret(x->global->application_key_blob.data);
 
 		if (tcon_flags & TCONX_FLAG_EXTENDED_SIGNATURES) {
 			NTSTATUS status;
@@ -436,15 +434,14 @@ void reply_tcon_and_X(struct smb_request *req)
 		 * Place the application key into the session_info
 		 */
 		data_blob_clear_free(&session_info->session_key);
-		session_info->session_key = data_blob_dup_talloc(session_info,
-						x->global->application_key_blob);
+		session_info->session_key = data_blob_dup_talloc_s(
+			session_info, x->global->application_key_blob);
 		if (session_info->session_key.data == NULL) {
 			data_blob_clear_free(&x->global->application_key_blob);
 			reply_nterror(req, NT_STATUS_NO_MEMORY);
 			END_PROFILE(SMBtconX);
 			return;
 		}
-		talloc_keep_secret(session_info->session_key.data);
 		session_key_updated = true;
 	}
 
diff --git a/source3/smbd/smb1_sesssetup.c b/source3/smbd/smb1_sesssetup.c
index 23cdc846e75..b191e3848b9 100644
--- a/source3/smbd/smb1_sesssetup.c
+++ b/source3/smbd/smb1_sesssetup.c
@@ -1044,10 +1044,8 @@ void reply_sesssetup_and_X(struct smb_request *req)
 		memcpy(session_key, session->global->signing_key_blob.data,
 		       MIN(session->global->signing_key_blob.length,
 			   sizeof(session_key)));
-		session->global->application_key_blob =
-			data_blob_talloc(session->global,
-					 session_key,
-					 sizeof(session_key));
+		session->global->application_key_blob = data_blob_talloc_s(
+			session->global, session_key, sizeof(session_key));
 		ZERO_STRUCT(session_key);
 		if (session->global->application_key_blob.data == NULL) {
 			TALLOC_FREE(session);
@@ -1056,14 +1054,13 @@ void reply_sesssetup_and_X(struct smb_request *req)
 			END_PROFILE(SMBsesssetupX);
 			return;
 		}
-		talloc_keep_secret(session->global->application_key_blob.data);
 
 		/*
 		 * Place the application key into the session_info
 		 */
 		data_blob_clear_free(&session_info->session_key);
-		session_info->session_key = data_blob_dup_talloc(session_info,
-						session->global->application_key_blob);
+		session_info->session_key = data_blob_dup_talloc_s(
+			session_info, session->global->application_key_blob);
 		if (session_info->session_key.data == NULL) {
 			TALLOC_FREE(session);
 			reply_nterror(req, NT_STATUS_NO_MEMORY);
@@ -1071,7 +1068,6 @@ void reply_sesssetup_and_X(struct smb_request *req)
 			END_PROFILE(SMBsesssetupX);
 			return;
 		}
-		talloc_keep_secret(session_info->session_key.data);
 	}
 
 	sconn->num_users++;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index da6b98f40e9..b4b351a14ea 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -413,12 +413,11 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 	x->global->channels[0].encryption_cipher = x->global->encryption_cipher;
 
 	data_blob_clear_free(&session_info->session_key);
-	session_info->session_key = data_blob_dup_talloc(session_info,
-						x->global->application_key_blob);
+	session_info->session_key = data_blob_dup_talloc_s(
+		session_info, x->global->application_key_blob);
 	if (session_info->session_key.data == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	talloc_keep_secret(session_info->session_key.data);
 
 	smb2req->sconn->num_users++;
 
@@ -495,12 +494,11 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
 	*_auth = NULL;
 
 	data_blob_clear_free(&session_info->session_key);
-	session_info->session_key = data_blob_dup_talloc(session_info,
-						x->global->application_key_blob);
+	session_info->session_key = data_blob_dup_talloc_s(
+		session_info, x->global->application_key_blob);
 	if (session_info->session_key.data == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	talloc_keep_secret(session_info->session_key.data);
 
 	session->homes_snum =
 			register_homes_share(session_info->unix_info->unix_name);
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index b7a0c5066a7..b38f4eac68b 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -915,16 +915,14 @@ static int setup_kerberos_key_hash(struct setup_password_fields_io *io,
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
-	g->aes_256 = data_blob_talloc(io->ac,
-				      KRB5_KEY_DATA(&key),
-				      KRB5_KEY_LENGTH(&key));
+	g->aes_256 = data_blob_talloc_s(io->ac,
+					KRB5_KEY_DATA(&key),
+					KRB5_KEY_LENGTH(&key));
 	krb5_free_keyblock_contents(io->smb_krb5_context->krb5_context, &key);
 	if (g->aes_256.data == NULL) {
 		return ldb_oom(ldb);
 	}
 
-	talloc_keep_secret(g->aes_256.data);
-
 	return LDB_SUCCESS;
 }
 
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 61b36eb5ce1..32886336339 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -5147,14 +5147,14 @@ krb5_error_code dsdb_extract_aes_256_key(krb5_context context,
 	}
 
 	if (aes_256_key != NULL) {
-		*aes_256_key = data_blob_talloc(mem_ctx,
-						KRB5_KEY_DATA(&sentry.keys.val[0].key),
-						KRB5_KEY_LENGTH(&sentry.keys.val[0].key));
+		*aes_256_key = data_blob_talloc_s(
+			mem_ctx,
+			KRB5_KEY_DATA(&sentry.keys.val[0].key),
+			KRB5_KEY_LENGTH(&sentry.keys.val[0].key));
 		if (aes_256_key->data == NULL) {
 			sdb_entry_free(&sentry);
 			return ENOMEM;
 		}
-		talloc_keep_secret(aes_256_key->data);
 	}
 
 	if (salt != NULL) {
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index f23908a49a8..85701146d57 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -270,11 +270,10 @@ static NTSTATUS dcerpc_bh_transport_session_key(struct dcerpc_binding_handle *h,
 
 	sk.length = MIN(sk.length, 16);
 
-	*session_key = data_blob_dup_talloc(mem_ctx, sk);
+	*session_key = data_blob_dup_talloc_s(mem_ctx, sk);
 	if (session_key->length != sk.length) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	talloc_keep_secret(session_key->data);
 	return NT_STATUS_OK;
 }