diff options
author | Andreas Schneider <asn@samba.org> | 2017-01-26 16:52:15 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-04-29 23:31:08 +0200 |
commit | 990cca36b132e830a6b471c7c67f44f411da2e23 (patch) | |
tree | 076100f9783ee7b77910b5ac65f47ba06487b97a | |
parent | a0464e3f8765f702891491c33da9d420f65728c0 (diff) | |
download | samba-990cca36b132e830a6b471c7c67f44f411da2e23.tar.gz |
mit-kdb: Update KDB vtable for DAL version 6
This changed between 1.14 and 1.15. Also the 1.15 change removed the
ability that the KDB module can free memory. This caused issues of
serveral projects. It got fixed with 1.15.1.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | source4/kdc/mit-kdb/kdb_samba.c | 92 | ||||
-rw-r--r-- | source4/kdc/mit-kdb/kdb_samba.h | 6 | ||||
-rw-r--r-- | source4/kdc/mit-kdb/kdb_samba_common.c | 48 | ||||
-rw-r--r-- | source4/kdc/mit-kdb/kdb_samba_principals.c | 33 | ||||
-rw-r--r-- | source4/kdc/sdb_to_kdb.c | 16 |
5 files changed, 63 insertions, 132 deletions
diff --git a/source4/kdc/mit-kdb/kdb_samba.c b/source4/kdc/mit-kdb/kdb_samba.c index b7f802c8c66..c5157d6ed1b 100644 --- a/source4/kdc/mit-kdb/kdb_samba.c +++ b/source4/kdc/mit-kdb/kdb_samba.c @@ -126,60 +126,50 @@ static krb5_error_code kdb_samba_db_unlock(krb5_context context) return 0; } -static void *kdb_samba_db_alloc(krb5_context context, void *ptr, size_t size) +static void kdb_samba_db_free_principal_e_data(krb5_context context, + krb5_octet *e_data) { - return realloc(ptr, size); -} + struct samba_kdc_entry *skdc_entry; -static void kdb_samba_db_free(krb5_context context, void *ptr) -{ - free(ptr); + skdc_entry = talloc_get_type_abort(e_data, + struct samba_kdc_entry); + talloc_set_destructor(skdc_entry, NULL); + TALLOC_FREE(skdc_entry); } kdb_vftabl kdb_function_table = { - KRB5_KDB_DAL_MAJOR_VERSION, /* major version number */ - 0, /* minor version number */ - kdb_samba_init_library, /* init_library */ - kdb_samba_fini_library, /* fini_library */ - kdb_samba_init_module, /* init_module */ - kdb_samba_fini_module, /* fini_module */ - - kdb_samba_db_create, /* db_create */ - kdb_samba_db_destroy, /* db_destroy */ - kdb_samba_db_get_age, /* db_get_age */ - kdb_samba_db_lock, /* db_lock */ - kdb_samba_db_unlock, /* db_unlock */ - - kdb_samba_db_get_principal, /* db_get_principal */ - kdb_samba_db_free_principal, /* db_free_principal */ - kdb_samba_db_put_principal, /* db_put_principal */ - kdb_samba_db_delete_principal, /* db_delete_principal */ - kdb_samba_db_iterate, /* db_iterate */ - - NULL, /* create_policy */ - NULL, /* get_policy */ - NULL, /* put_policy */ - NULL, /* iter_policy */ - NULL, /* delete_policy */ - NULL, /* free_policy */ - - kdb_samba_db_alloc, /* db_alloc */ - kdb_samba_db_free, /* db_free */ - - kdb_samba_fetch_master_key, /* fetch_master_key */ - kdb_samba_fetch_master_key_list, /* fetch_master_key_list */ - NULL, /* store_master_key_list */ - NULL, /* dbe_search_enctype */ - kdb_samba_change_pwd, /* change_pwd */ - NULL, /* promote_db */ - kdb_samba_dbekd_decrypt_key_data, /* decrypt_key_data */ - kdb_samba_dbekd_encrypt_key_data, /* encrypt_key_data */ - - kdb_samba_db_sign_auth_data, /* sign_authdata */ - NULL, /* check_transited_realms */ - kdb_samba_db_check_policy_as, /* check_policy_as */ - NULL, /* check_policy_tgs */ - kdb_samba_db_audit_as_req, /* audit_as_req */ - NULL, /* refresh_config */ - kdb_samba_db_check_allowed_to_delegate + .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION, + .min_ver = 1, + + .init_library = kdb_samba_init_library, + .fini_library = kdb_samba_fini_library, + .init_module = kdb_samba_init_module, + .fini_module = kdb_samba_fini_module, + + .create = kdb_samba_db_create, + .destroy = kdb_samba_db_destroy, + .get_age = kdb_samba_db_get_age, + .lock = kdb_samba_db_lock, + .unlock = kdb_samba_db_unlock, + + .get_principal = kdb_samba_db_get_principal, + .put_principal = kdb_samba_db_put_principal, + .delete_principal = kdb_samba_db_delete_principal, + + .iterate = kdb_samba_db_iterate, + + .fetch_master_key = kdb_samba_fetch_master_key, + .fetch_master_key_list = kdb_samba_fetch_master_key_list, + + .change_pwd = kdb_samba_change_pwd, + + .decrypt_key_data = kdb_samba_dbekd_decrypt_key_data, + .encrypt_key_data = kdb_samba_dbekd_encrypt_key_data, + + .sign_authdata = kdb_samba_db_sign_auth_data, + .check_policy_as = kdb_samba_db_check_policy_as, + .audit_as_req = kdb_samba_db_audit_as_req, + .check_allowed_to_delegate = kdb_samba_db_check_allowed_to_delegate, + + .free_principal_e_data = kdb_samba_db_free_principal_e_data, }; diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h index 0258b2d313f..abca2c166ae 100644 --- a/source4/kdc/mit-kdb/kdb_samba.h +++ b/source4/kdc/mit-kdb/kdb_samba.h @@ -48,9 +48,6 @@ struct mit_samba_context *ks_get_context(krb5_context kcontext); -void ks_free_krb5_db_entry(krb5_context context, - krb5_db_entry *entry); - bool ks_data_eq_string(krb5_data d, const char *s); krb5_data ks_make_data(void *data, unsigned int len); @@ -74,9 +71,6 @@ krb5_error_code kdb_samba_db_get_principal(krb5_context context, unsigned int kflags, krb5_db_entry **kentry); -void kdb_samba_db_free_principal(krb5_context context, - krb5_db_entry *entry); - krb5_error_code kdb_samba_db_put_principal(krb5_context context, krb5_db_entry *entry, char **db_args); diff --git a/source4/kdc/mit-kdb/kdb_samba_common.c b/source4/kdc/mit-kdb/kdb_samba_common.c index 1cd546977b7..e89aed6aeba 100644 --- a/source4/kdc/mit-kdb/kdb_samba_common.c +++ b/source4/kdc/mit-kdb/kdb_samba_common.c @@ -43,54 +43,6 @@ struct mit_samba_context *ks_get_context(krb5_context kcontext) return (struct mit_samba_context *)db_ctx; } -void ks_free_krb5_db_entry(krb5_context context, - krb5_db_entry *entry) -{ - krb5_tl_data *tl_data_next = NULL; - krb5_tl_data *tl_data = NULL; - int i, j; - - if (entry == NULL) { - return; - } - -#if 0 /* TODO FIXME do we have something to free? */ - if (entry->e_data != NULL) { - /* FREE ME! */ - } -#endif - - krb5_free_principal(context, entry->princ); - - for (tl_data = entry->tl_data; tl_data; tl_data = tl_data_next) { - tl_data_next = tl_data->tl_data_next; - if (tl_data->tl_data_contents != NULL) - free(tl_data->tl_data_contents); - free(tl_data); - } - - if (entry->key_data != NULL) { - for (i = 0; i < entry->n_key_data; i++) { - for (j = 0; j < entry->key_data[i].key_data_ver; j++) { - if (entry->key_data[i].key_data_length[j] != 0) { - if (entry->key_data[i].key_data_contents[j] != NULL) { - memset(entry->key_data[i].key_data_contents[j], - 0, - entry->key_data[i].key_data_length[j]); - free(entry->key_data[i].key_data_contents[j]); - } - } - entry->key_data[i].key_data_contents[j] = NULL; - entry->key_data[i].key_data_length[j] = 0; - entry->key_data[i].key_data_type[j] = 0; - } - } - free(entry->key_data); - } - - free(entry); -} - bool ks_data_eq_string(krb5_data d, const char *s) { int rc; diff --git a/source4/kdc/mit-kdb/kdb_samba_principals.c b/source4/kdc/mit-kdb/kdb_samba_principals.c index 7b6fd6a81e9..1dbb69b561d 100644 --- a/source4/kdc/mit-kdb/kdb_samba_principals.c +++ b/source4/kdc/mit-kdb/kdb_samba_principals.c @@ -93,7 +93,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context, code = krb5_copy_principal(context, princ, &kentry->princ); } if (code != 0) { - ks_free_krb5_db_entry(context, kentry); + krb5_db_free_principal(context, kentry); return code; } @@ -101,7 +101,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context, code = krb5_dbe_update_mod_princ_data(context, kentry, now, kentry->princ); if (code != 0) { - ks_free_krb5_db_entry(context, kentry); + krb5_db_free_principal(context, kentry); return code; } @@ -109,7 +109,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context, kentry->n_key_data = 1; kentry->key_data = calloc(1, sizeof(krb5_key_data)); if (code != 0) { - ks_free_krb5_db_entry(context, kentry); + krb5_db_free_principal(context, kentry); return code; } @@ -119,7 +119,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context, key_data->key_data_kvno = 1; key_data->key_data_type[0] = ENCTYPE_UNKNOWN; if (code != 0) { - ks_free_krb5_db_entry(context, kentry); + krb5_db_free_principal(context, kentry); return code; } @@ -169,7 +169,7 @@ static krb5_error_code ks_create_principal(krb5_context context, code = krb5_copy_principal(context, princ, &kentry->princ); if (code != 0) { - ks_free_krb5_db_entry(context, kentry); + krb5_db_free_principal(context, kentry); return code; } @@ -177,13 +177,13 @@ static krb5_error_code ks_create_principal(krb5_context context, code = krb5_dbe_update_mod_princ_data(context, kentry, now, kentry->princ); if (code != 0) { - ks_free_krb5_db_entry(context, kentry); + krb5_db_free_principal(context, kentry); return code; } code = mit_samba_generate_salt(&salt); if (code != 0) { - ks_free_krb5_db_entry(context, kentry); + krb5_db_free_principal(context, kentry); return code; } @@ -194,7 +194,7 @@ static krb5_error_code ks_create_principal(krb5_context context, /* create a random password */ code = mit_samba_generate_random_password(&pwd); if (code != 0) { - ks_free_krb5_db_entry(context, kentry); + krb5_db_free_principal(context, kentry); return code; } } @@ -202,14 +202,14 @@ static krb5_error_code ks_create_principal(krb5_context context, code = krb5_c_string_to_key(context, enctype, &pwd, &salt, &key); SAFE_FREE(pwd.data); if (code != 0) { - ks_free_krb5_db_entry(context, kentry); + krb5_db_free_principal(context, kentry); return code; } kentry->n_key_data = 1; kentry->key_data = calloc(1, sizeof(krb5_key_data)); if (code != 0) { - ks_free_krb5_db_entry(context, kentry); + krb5_db_free_principal(context, kentry); return code; } @@ -288,19 +288,6 @@ krb5_error_code kdb_samba_db_get_principal(krb5_context context, return code; } -void kdb_samba_db_free_principal(krb5_context context, - krb5_db_entry *entry) -{ - struct mit_samba_context *mit_ctx; - - mit_ctx = ks_get_context(context); - if (mit_ctx == NULL) { - return; - } - - ks_free_krb5_db_entry(context, entry); -} - krb5_error_code kdb_samba_db_put_principal(krb5_context context, krb5_db_entry *entry, char **db_args) diff --git a/source4/kdc/sdb_to_kdb.c b/source4/kdc/sdb_to_kdb.c index ff50c0cab87..74d882738f8 100644 --- a/source4/kdc/sdb_to_kdb.c +++ b/source4/kdc/sdb_to_kdb.c @@ -318,27 +318,35 @@ static int samba_kdc_kdb_entry_destructor(struct samba_kdc_entry *p) krb5_error_code ret; krb5_context context; + if (entry_ex->e_data != NULL) { + struct samba_kdc_entry *skdc_entry; + + skdc_entry = talloc_get_type(entry_ex->e_data, + struct samba_kdc_entry); + talloc_set_destructor(skdc_entry, NULL); + entry_ex->e_data = NULL; + } + ret = krb5_init_context(&context); if (ret) { return ret; } - free_krb5_db_entry(context, entry_ex); + krb5_db_free_principal(context, entry_ex); krb5_free_context(context); return 0; } - int sdb_entry_ex_to_kdb_entry_ex(krb5_context context, const struct sdb_entry_ex *s, krb5_db_entry *k) { - struct samba_kdc_entry *skdc_entry; - ZERO_STRUCTP(k); if (s->ctx != NULL) { + struct samba_kdc_entry *skdc_entry; + skdc_entry = talloc_get_type(s->ctx, struct samba_kdc_entry); k->e_data = (void *)skdc_entry; |