diff options
author | Volker Lendecke <vl@samba.org> | 2018-11-20 17:45:11 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2018-11-28 17:44:15 +0100 |
commit | a167014554c9cac1ed751adce488dce164da5979 (patch) | |
tree | bb0efe6935fbd9f3849e273e1910085665148220 | |
parent | c39526eb7d19e97f001690834e8f3bfa03f4d20e (diff) | |
download | samba-a167014554c9cac1ed751adce488dce164da5979.tar.gz |
krb5_wrap: Add a talloc_ctx to smb_krb5_principal_get_realm()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | auth/credentials/credentials_krb5.c | 6 | ||||
-rw-r--r-- | lib/krb5_wrap/krb5_samba.c | 19 | ||||
-rw-r--r-- | lib/krb5_wrap/krb5_samba.h | 3 | ||||
-rw-r--r-- | source3/libads/krb5_setpw.c | 6 | ||||
-rw-r--r-- | source4/dsdb/samdb/cracknames.c | 13 | ||||
-rw-r--r-- | source4/kdc/db-glue.c | 55 | ||||
-rw-r--r-- | source4/kdc/kpasswd-service-mit.c | 9 | ||||
-rw-r--r-- | source4/kdc/mit_samba.c | 6 |
8 files changed, 50 insertions, 67 deletions
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index e64773d6d56..d8ca6d97115 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -270,14 +270,14 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred, return ENOMEM; } - realm = smb_krb5_principal_get_realm(ccache->smb_krb5_context->krb5_context, - princ); + realm = smb_krb5_principal_get_realm( + cred, ccache->smb_krb5_context->krb5_context, princ); krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ); if (realm == NULL) { return ENOMEM; } ok = cli_credentials_set_realm(cred, realm, obtained); - SAFE_FREE(realm); + TALLOC_FREE(realm); if (!ok) { return ENOMEM; } diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index a6ff97640ca..e8abfac1d8d 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -2780,24 +2780,25 @@ krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx, /** * @brief Get realm of a principal * + * @param[in] mem_ctx The talloc ctx to put the result on + * * @param[in] context The library context * * @param[in] principal The principal to get the realm from. * - * @return An allocated string with the realm or NULL if an error occurred. - * - * The caller must free the realm string with free() if not needed anymore. + * @return A talloced string with the realm or NULL if an error occurred. */ -char *smb_krb5_principal_get_realm(krb5_context context, +char *smb_krb5_principal_get_realm(TALLOC_CTX *mem_ctx, + krb5_context context, krb5_const_principal principal) { #ifdef HAVE_KRB5_PRINCIPAL_GET_REALM /* Heimdal */ - return strdup(discard_const_p(char, krb5_principal_get_realm(context, principal))); + return talloc_strdup(mem_ctx, + krb5_principal_get_realm(context, principal)); #elif defined(krb5_princ_realm) /* MIT */ - krb5_data *realm; - realm = discard_const_p(krb5_data, - krb5_princ_realm(context, principal)); - return strndup(realm->data, realm->length); + const krb5_data *realm; + realm = krb5_princ_realm(context, principal); + return talloc_strndup(mem_ctx, realm->data, realm->length); #else #error UNKNOWN_GET_PRINC_REALM_FUNCTIONS #endif diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index fb3cb5f2ad8..4d0148fd047 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -298,7 +298,8 @@ krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx, uint32_t *sig_type, DATA_BLOB *sig_blob); -char *smb_krb5_principal_get_realm(krb5_context context, +char *smb_krb5_principal_get_realm(TALLOC_CTX *mem_ctx, + krb5_context context, krb5_const_principal principal); void smb_krb5_principal_set_type(krb5_context context, diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 94dd8eefc92..a4a781963a3 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -217,7 +217,7 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, } krb5_get_init_creds_opt_set_address_list(opts, addr->addrs); - realm = smb_krb5_principal_get_realm(context, princ); + realm = smb_krb5_principal_get_realm(NULL, context, princ); /* We have to obtain an INITIAL changepw ticket for changing password */ if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) { @@ -225,12 +225,12 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, krb5_get_init_creds_opt_free(context, opts); smb_krb5_free_addresses(context, addr); krb5_free_context(context); - free(realm); + TALLOC_FREE(realm); DEBUG(1,("ads_krb5_chg_password: asprintf fail\n")); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } - free(realm); + TALLOC_FREE(realm); password = SMB_STRDUP(oldpw); ret = krb5_get_init_creds_password(context, &creds, princ, password, kerb_prompter, NULL, diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 1f8cad75579..3360d9a48a5 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -57,7 +57,6 @@ static WERROR dns_domain_from_principal(TALLOC_CTX *mem_ctx, struct smb_krb5_con krb5_error_code ret; krb5_principal principal; /* perhaps it's a principal with a realm, so return the right 'domain only' response */ - char *realm; ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name, KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &principal); if (ret) { @@ -65,11 +64,9 @@ static WERROR dns_domain_from_principal(TALLOC_CTX *mem_ctx, struct smb_krb5_con return WERR_OK; } - realm = smb_krb5_principal_get_realm(smb_krb5_context->krb5_context, principal); - - info1->dns_domain_name = talloc_strdup(mem_ctx, realm); + info1->dns_domain_name = smb_krb5_principal_get_realm( + mem_ctx, smb_krb5_context->krb5_context, principal); krb5_free_principal(smb_krb5_context->krb5_context, principal); - free(realm); W_ERROR_HAVE_NO_MEMORY(info1->dns_domain_name); @@ -290,8 +287,8 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, return WERR_OK; } - realm = smb_krb5_principal_get_realm(smb_krb5_context->krb5_context, - principal); + realm = smb_krb5_principal_get_realm( + mem_ctx, smb_krb5_context->krb5_context, principal); ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res, samdb_partitions_dn(sam_ctx, mem_ctx), @@ -302,7 +299,7 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, ldb_binary_encode_string(mem_ctx, realm), LDB_OID_COMPARATOR_AND, SYSTEM_FLAG_CR_NTDS_DOMAIN); - free(realm); + TALLOC_FREE(realm); if (ldb_ret != LDB_SUCCESS) { DEBUG(2, ("DsCrackNameUPN domain ref search failed: %s\n", ldb_errstring(sam_ctx))); diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 969f4f6b556..f62a633c6c7 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -1030,7 +1030,8 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, entry_ex->entry.flags.invalid = 0; entry_ex->entry.flags.server = 1; - realm = smb_krb5_principal_get_realm(context, principal); + realm = smb_krb5_principal_get_realm( + mem_ctx, context, principal); if (realm == NULL) { ret = ENOMEM; goto out; @@ -1048,7 +1049,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, entry_ex->entry.flags.change_pw = 1; } - SAFE_FREE(realm); + TALLOC_FREE(realm); entry_ex->entry.flags.client = 0; entry_ex->entry.flags.forwardable = 1; @@ -1655,8 +1656,8 @@ static krb5_error_code samba_kdc_lookup_client(krb5_context context, } num_comp = krb5_princ_size(context, fallback_principal); - fallback_realm = smb_krb5_principal_get_realm(context, - fallback_principal); + fallback_realm = smb_krb5_principal_get_realm( + mem_ctx, context, fallback_principal); if (fallback_realm == NULL) { krb5_free_principal(context, fallback_principal); return ENOMEM; @@ -1669,7 +1670,7 @@ static krb5_error_code samba_kdc_lookup_client(krb5_context context, context, fallback_principal, 0); if (fallback_account == NULL) { krb5_free_principal(context, fallback_principal); - SAFE_FREE(fallback_realm); + TALLOC_FREE(fallback_realm); return ENOMEM; } @@ -1687,7 +1688,7 @@ static krb5_error_code samba_kdc_lookup_client(krb5_context context, with_dollar = talloc_asprintf(mem_ctx, "%s$", fallback_account); if (with_dollar == NULL) { - SAFE_FREE(fallback_realm); + TALLOC_FREE(fallback_realm); return ENOMEM; } TALLOC_FREE(fallback_account); @@ -1698,11 +1699,11 @@ static krb5_error_code samba_kdc_lookup_client(krb5_context context, with_dollar, NULL); TALLOC_FREE(with_dollar); if (ret != 0) { - SAFE_FREE(fallback_realm); + TALLOC_FREE(fallback_realm); return ret; } } - SAFE_FREE(fallback_realm); + TALLOC_FREE(fallback_realm); if (fallback_principal != NULL) { char *fallback_string = NULL; @@ -1774,17 +1775,13 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context, krb5_error_code ret; struct ldb_message *msg = NULL; struct ldb_dn *realm_dn = ldb_get_default_basedn(kdc_db_ctx->samdb); - char *realm_from_princ, *realm_from_princ_malloc; + char *realm_from_princ; char *realm_princ_comp = smb_krb5_principal_get_comp_string(mem_ctx, context, principal, 1); - realm_from_princ_malloc = smb_krb5_principal_get_realm(context, principal); - if (realm_from_princ_malloc == NULL) { - /* can't happen */ - return SDB_ERR_NOENTRY; - } - realm_from_princ = talloc_strdup(mem_ctx, realm_from_princ_malloc); - free(realm_from_princ_malloc); + realm_from_princ = smb_krb5_principal_get_realm( + mem_ctx, context, principal); if (realm_from_princ == NULL) { + /* can't happen */ return SDB_ERR_NOENTRY; } @@ -2118,7 +2115,6 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context, TALLOC_CTX *frame = talloc_stackframe(); NTSTATUS status; krb5_error_code ret; - char *_realm = NULL; bool check_realm = false; const char *realm = NULL; struct dsdb_trust_routing_table *trt = NULL; @@ -2145,8 +2141,8 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context, return 0; } - _realm = smb_krb5_principal_get_realm(context, principal); - if (_realm == NULL) { + realm = smb_krb5_principal_get_realm(frame, context, principal); + if (realm == NULL) { TALLOC_FREE(frame); return ENOMEM; } @@ -2154,23 +2150,15 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context, /* * The requested realm needs to be our own */ - ok = lpcfg_is_my_domain_or_realm(kdc_db_ctx->lp_ctx, _realm); + ok = lpcfg_is_my_domain_or_realm(kdc_db_ctx->lp_ctx, realm); if (!ok) { /* * The request is not for us... */ - SAFE_FREE(_realm); TALLOC_FREE(frame); return SDB_ERR_NOENTRY; } - realm = talloc_strdup(frame, _realm); - SAFE_FREE(_realm); - if (realm == NULL) { - TALLOC_FREE(frame); - return ENOMEM; - } - if (smb_krb5_principal_get_type(context, principal) == KRB5_NT_ENTERPRISE_PRINCIPAL) { char *principal_string = NULL; krb5_principal enterprise_principal = NULL; @@ -2196,16 +2184,11 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context, return ret; } - enterprise_realm = smb_krb5_principal_get_realm(context, - enterprise_principal); + enterprise_realm = smb_krb5_principal_get_realm( + frame, context, enterprise_principal); krb5_free_principal(context, enterprise_principal); if (enterprise_realm != NULL) { - realm = talloc_strdup(frame, enterprise_realm); - SAFE_FREE(enterprise_realm); - if (realm == NULL) { - TALLOC_FREE(frame); - return ENOMEM; - } + realm = enterprise_realm; } } diff --git a/source4/kdc/kpasswd-service-mit.c b/source4/kdc/kpasswd-service-mit.c index 1546b16b369..9a014c058fe 100644 --- a/source4/kdc/kpasswd-service-mit.c +++ b/source4/kdc/kpasswd-service-mit.c @@ -143,7 +143,8 @@ static krb5_error_code kpasswd_set_password(struct kdc_server *kdc, return KRB5_KPASSWD_HARDERROR; } - target_realm = smb_krb5_principal_get_realm(context, target_principal); + target_realm = smb_krb5_principal_get_realm( + mem_ctx, context, target_principal); code = krb5_unparse_name_flags(context, target_principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, @@ -157,7 +158,7 @@ static krb5_error_code kpasswd_set_password(struct kdc_server *kdc, if ((target_name != NULL && target_realm == NULL) || (target_name == NULL && target_realm != NULL)) { krb5_free_principal(context, target_principal); - SAFE_FREE(target_realm); + TALLOC_FREE(target_realm); SAFE_FREE(target_name); ok = kpasswd_make_error_reply(mem_ctx, @@ -174,11 +175,11 @@ static krb5_error_code kpasswd_set_password(struct kdc_server *kdc, } if (target_name != NULL && target_realm != NULL) { - SAFE_FREE(target_realm); + TALLOC_FREE(target_realm); SAFE_FREE(target_name); } else { krb5_free_principal(context, target_principal); - SAFE_FREE(target_realm); + TALLOC_FREE(target_realm); SAFE_FREE(target_name); return kpasswd_change_password(kdc, diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c index eacca0903ec..54dcd545ea1 100644 --- a/source4/kdc/mit_samba.c +++ b/source4/kdc/mit_samba.c @@ -272,8 +272,8 @@ fetch_referral_principal: * We just redo the lookup in the database with the referral * principal and return success. */ - dest_realm = smb_krb5_principal_get_realm(ctx->context, - sentry.entry.principal); + dest_realm = smb_krb5_principal_get_realm( + ctx, ctx->context, sentry.entry.principal); sdb_free_entry(&sentry); if (dest_realm == NULL) { ret = KRB5_KDB_NOENTRY; @@ -286,7 +286,7 @@ fetch_referral_principal: KRB5_TGS_NAME, dest_realm, NULL); - SAFE_FREE(dest_realm); + TALLOC_FREE(dest_realm); if (ret != 0) { goto done; } |