summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/auth.h2
-rw-r--r--source4/auth/gensec/schannel_state.c4
-rw-r--r--source4/auth/ntlm/auth_sam.c4
-rw-r--r--source4/auth/pyauth.c2
-rw-r--r--source4/auth/session.h2
-rw-r--r--source4/auth/system_session.c25
6 files changed, 27 insertions, 12 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 8a0f12efd8..49cf161241 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -236,7 +236,7 @@ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
const char *name_for_logs,
bool allow_domain_trust,
bool password_change);
-struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
+struct auth_session_info *system_session(struct loadparm_context *lp_ctx);
NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
const char *netbios_name,
const char *domain_name,
diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c
index 7aa0ba3d69..163ae1570d 100644
--- a/source4/auth/gensec/schannel_state.c
+++ b/source4/auth/gensec/schannel_state.c
@@ -48,8 +48,8 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct tevent_conte
existed = file_exist(path);
ldb = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, path,
- system_session(mem_ctx, lp_ctx),
- NULL, LDB_FLG_NOSYNC, NULL);
+ system_session(lp_ctx),
+ NULL, LDB_FLG_NOSYNC);
talloc_free(path);
if (!ldb) {
return NULL;
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index 46cdd8d24e..baa95f7380 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -202,7 +202,7 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx
return NT_STATUS_NO_MEMORY;
}
- sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(mem_ctx, ctx->auth_ctx->lp_ctx));
+ sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(ctx->auth_ctx->lp_ctx));
if (sam_ctx == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
@@ -320,7 +320,7 @@ NTSTATUS authsam_get_server_info_principal(TALLOC_CTX *mem_ctx,
}
sam_ctx = samdb_connect(tmp_ctx, auth_context->event_ctx, auth_context->lp_ctx,
- system_session(tmp_ctx, auth_context->lp_ctx));
+ system_session(auth_context->lp_ctx));
if (sam_ctx == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
diff --git a/source4/auth/pyauth.c b/source4/auth/pyauth.c
index 5bb775aa95..7ec7f3e7f2 100644
--- a/source4/auth/pyauth.c
+++ b/source4/auth/pyauth.c
@@ -49,7 +49,7 @@ static PyObject *py_system_session(PyObject *module, PyObject *args)
if (lp_ctx == NULL)
return NULL;
- session = system_session(NULL, lp_ctx);
+ session = system_session(lp_ctx);
return PyAuthSession_FromSession(session);
}
diff --git a/source4/auth/session.h b/source4/auth/session.h
index ca47af33f4..2a5a8f1098 100644
--- a/source4/auth/session.h
+++ b/source4/auth/session.h
@@ -35,7 +35,7 @@ struct tevent_context;
/* Create a security token for a session SYSTEM (the most
* trusted/prvilaged account), including the local machine account as
* the off-host credentials */
-struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) ;
+struct auth_session_info *system_session(struct loadparm_context *lp_ctx) ;
/*
* Create a system session, but with anonymous credentials (so we do
diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
index 8e22bd820e..765f53a613 100644
--- a/source4/auth/system_session.c
+++ b/source4/auth/system_session.c
@@ -146,22 +146,37 @@ static NTSTATUS generate_session_info(TALLOC_CTX *mem_ctx,
}
+/*
+ prevent the static system session being freed
+ */
+static int system_session_destructor(struct auth_session_info *info)
+{
+ return -1;
+}
/* Create a security token for a session SYSTEM (the most
* trusted/prvilaged account), including the local machine account as
* the off-host credentials
*/
-_PUBLIC_ struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+_PUBLIC_ struct auth_session_info *system_session(struct loadparm_context *lp_ctx)
{
+ static struct auth_session_info *static_session;
NTSTATUS nt_status;
- struct auth_session_info *session_info = NULL;
- nt_status = auth_system_session_info(mem_ctx,
+
+ if (static_session) {
+ return static_session;
+ }
+
+ nt_status = auth_system_session_info(talloc_autofree_context(),
lp_ctx,
- &session_info);
+ &static_session);
if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(static_session);
+ static_session = NULL;
return NULL;
}
- return session_info;
+ talloc_set_destructor(static_session, system_session_destructor);
+ return static_session;
}
static NTSTATUS _auth_system_session_info(TALLOC_CTX *parent_ctx,
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 13:45:48 +0000