mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
mit-kdb: Update KDB vtable for DAL version 6
This changed between 1.14 and 1.15. Also the 1.15 change removed the ability that the KDB module can free memory. This caused issues of serveral projects. It got fixed with 1.15.1. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
parent
a0464e3f87
commit
990cca36b1
@ -126,60 +126,50 @@ static krb5_error_code kdb_samba_db_unlock(krb5_context context)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void *kdb_samba_db_alloc(krb5_context context, void *ptr, size_t size)
|
||||
static void kdb_samba_db_free_principal_e_data(krb5_context context,
|
||||
krb5_octet *e_data)
|
||||
{
|
||||
return realloc(ptr, size);
|
||||
}
|
||||
struct samba_kdc_entry *skdc_entry;
|
||||
|
||||
static void kdb_samba_db_free(krb5_context context, void *ptr)
|
||||
{
|
||||
free(ptr);
|
||||
skdc_entry = talloc_get_type_abort(e_data,
|
||||
struct samba_kdc_entry);
|
||||
talloc_set_destructor(skdc_entry, NULL);
|
||||
TALLOC_FREE(skdc_entry);
|
||||
}
|
||||
|
||||
kdb_vftabl kdb_function_table = {
|
||||
KRB5_KDB_DAL_MAJOR_VERSION, /* major version number */
|
||||
0, /* minor version number */
|
||||
kdb_samba_init_library, /* init_library */
|
||||
kdb_samba_fini_library, /* fini_library */
|
||||
kdb_samba_init_module, /* init_module */
|
||||
kdb_samba_fini_module, /* fini_module */
|
||||
.maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
|
||||
.min_ver = 1,
|
||||
|
||||
kdb_samba_db_create, /* db_create */
|
||||
kdb_samba_db_destroy, /* db_destroy */
|
||||
kdb_samba_db_get_age, /* db_get_age */
|
||||
kdb_samba_db_lock, /* db_lock */
|
||||
kdb_samba_db_unlock, /* db_unlock */
|
||||
.init_library = kdb_samba_init_library,
|
||||
.fini_library = kdb_samba_fini_library,
|
||||
.init_module = kdb_samba_init_module,
|
||||
.fini_module = kdb_samba_fini_module,
|
||||
|
||||
kdb_samba_db_get_principal, /* db_get_principal */
|
||||
kdb_samba_db_free_principal, /* db_free_principal */
|
||||
kdb_samba_db_put_principal, /* db_put_principal */
|
||||
kdb_samba_db_delete_principal, /* db_delete_principal */
|
||||
kdb_samba_db_iterate, /* db_iterate */
|
||||
.create = kdb_samba_db_create,
|
||||
.destroy = kdb_samba_db_destroy,
|
||||
.get_age = kdb_samba_db_get_age,
|
||||
.lock = kdb_samba_db_lock,
|
||||
.unlock = kdb_samba_db_unlock,
|
||||
|
||||
NULL, /* create_policy */
|
||||
NULL, /* get_policy */
|
||||
NULL, /* put_policy */
|
||||
NULL, /* iter_policy */
|
||||
NULL, /* delete_policy */
|
||||
NULL, /* free_policy */
|
||||
.get_principal = kdb_samba_db_get_principal,
|
||||
.put_principal = kdb_samba_db_put_principal,
|
||||
.delete_principal = kdb_samba_db_delete_principal,
|
||||
|
||||
kdb_samba_db_alloc, /* db_alloc */
|
||||
kdb_samba_db_free, /* db_free */
|
||||
.iterate = kdb_samba_db_iterate,
|
||||
|
||||
kdb_samba_fetch_master_key, /* fetch_master_key */
|
||||
kdb_samba_fetch_master_key_list, /* fetch_master_key_list */
|
||||
NULL, /* store_master_key_list */
|
||||
NULL, /* dbe_search_enctype */
|
||||
kdb_samba_change_pwd, /* change_pwd */
|
||||
NULL, /* promote_db */
|
||||
kdb_samba_dbekd_decrypt_key_data, /* decrypt_key_data */
|
||||
kdb_samba_dbekd_encrypt_key_data, /* encrypt_key_data */
|
||||
.fetch_master_key = kdb_samba_fetch_master_key,
|
||||
.fetch_master_key_list = kdb_samba_fetch_master_key_list,
|
||||
|
||||
kdb_samba_db_sign_auth_data, /* sign_authdata */
|
||||
NULL, /* check_transited_realms */
|
||||
kdb_samba_db_check_policy_as, /* check_policy_as */
|
||||
NULL, /* check_policy_tgs */
|
||||
kdb_samba_db_audit_as_req, /* audit_as_req */
|
||||
NULL, /* refresh_config */
|
||||
kdb_samba_db_check_allowed_to_delegate
|
||||
.change_pwd = kdb_samba_change_pwd,
|
||||
|
||||
.decrypt_key_data = kdb_samba_dbekd_decrypt_key_data,
|
||||
.encrypt_key_data = kdb_samba_dbekd_encrypt_key_data,
|
||||
|
||||
.sign_authdata = kdb_samba_db_sign_auth_data,
|
||||
.check_policy_as = kdb_samba_db_check_policy_as,
|
||||
.audit_as_req = kdb_samba_db_audit_as_req,
|
||||
.check_allowed_to_delegate = kdb_samba_db_check_allowed_to_delegate,
|
||||
|
||||
.free_principal_e_data = kdb_samba_db_free_principal_e_data,
|
||||
};
|
||||
|
@ -48,9 +48,6 @@
|
||||
|
||||
struct mit_samba_context *ks_get_context(krb5_context kcontext);
|
||||
|
||||
void ks_free_krb5_db_entry(krb5_context context,
|
||||
krb5_db_entry *entry);
|
||||
|
||||
bool ks_data_eq_string(krb5_data d, const char *s);
|
||||
|
||||
krb5_data ks_make_data(void *data, unsigned int len);
|
||||
@ -74,9 +71,6 @@ krb5_error_code kdb_samba_db_get_principal(krb5_context context,
|
||||
unsigned int kflags,
|
||||
krb5_db_entry **kentry);
|
||||
|
||||
void kdb_samba_db_free_principal(krb5_context context,
|
||||
krb5_db_entry *entry);
|
||||
|
||||
krb5_error_code kdb_samba_db_put_principal(krb5_context context,
|
||||
krb5_db_entry *entry,
|
||||
char **db_args);
|
||||
|
@ -43,54 +43,6 @@ struct mit_samba_context *ks_get_context(krb5_context kcontext)
|
||||
return (struct mit_samba_context *)db_ctx;
|
||||
}
|
||||
|
||||
void ks_free_krb5_db_entry(krb5_context context,
|
||||
krb5_db_entry *entry)
|
||||
{
|
||||
krb5_tl_data *tl_data_next = NULL;
|
||||
krb5_tl_data *tl_data = NULL;
|
||||
int i, j;
|
||||
|
||||
if (entry == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
#if 0 /* TODO FIXME do we have something to free? */
|
||||
if (entry->e_data != NULL) {
|
||||
/* FREE ME! */
|
||||
}
|
||||
#endif
|
||||
|
||||
krb5_free_principal(context, entry->princ);
|
||||
|
||||
for (tl_data = entry->tl_data; tl_data; tl_data = tl_data_next) {
|
||||
tl_data_next = tl_data->tl_data_next;
|
||||
if (tl_data->tl_data_contents != NULL)
|
||||
free(tl_data->tl_data_contents);
|
||||
free(tl_data);
|
||||
}
|
||||
|
||||
if (entry->key_data != NULL) {
|
||||
for (i = 0; i < entry->n_key_data; i++) {
|
||||
for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
|
||||
if (entry->key_data[i].key_data_length[j] != 0) {
|
||||
if (entry->key_data[i].key_data_contents[j] != NULL) {
|
||||
memset(entry->key_data[i].key_data_contents[j],
|
||||
0,
|
||||
entry->key_data[i].key_data_length[j]);
|
||||
free(entry->key_data[i].key_data_contents[j]);
|
||||
}
|
||||
}
|
||||
entry->key_data[i].key_data_contents[j] = NULL;
|
||||
entry->key_data[i].key_data_length[j] = 0;
|
||||
entry->key_data[i].key_data_type[j] = 0;
|
||||
}
|
||||
}
|
||||
free(entry->key_data);
|
||||
}
|
||||
|
||||
free(entry);
|
||||
}
|
||||
|
||||
bool ks_data_eq_string(krb5_data d, const char *s)
|
||||
{
|
||||
int rc;
|
||||
|
@ -93,7 +93,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context,
|
||||
code = krb5_copy_principal(context, princ, &kentry->princ);
|
||||
}
|
||||
if (code != 0) {
|
||||
ks_free_krb5_db_entry(context, kentry);
|
||||
krb5_db_free_principal(context, kentry);
|
||||
return code;
|
||||
}
|
||||
|
||||
@ -101,7 +101,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context,
|
||||
|
||||
code = krb5_dbe_update_mod_princ_data(context, kentry, now, kentry->princ);
|
||||
if (code != 0) {
|
||||
ks_free_krb5_db_entry(context, kentry);
|
||||
krb5_db_free_principal(context, kentry);
|
||||
return code;
|
||||
}
|
||||
|
||||
@ -109,7 +109,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context,
|
||||
kentry->n_key_data = 1;
|
||||
kentry->key_data = calloc(1, sizeof(krb5_key_data));
|
||||
if (code != 0) {
|
||||
ks_free_krb5_db_entry(context, kentry);
|
||||
krb5_db_free_principal(context, kentry);
|
||||
return code;
|
||||
}
|
||||
|
||||
@ -119,7 +119,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context,
|
||||
key_data->key_data_kvno = 1;
|
||||
key_data->key_data_type[0] = ENCTYPE_UNKNOWN;
|
||||
if (code != 0) {
|
||||
ks_free_krb5_db_entry(context, kentry);
|
||||
krb5_db_free_principal(context, kentry);
|
||||
return code;
|
||||
}
|
||||
|
||||
@ -169,7 +169,7 @@ static krb5_error_code ks_create_principal(krb5_context context,
|
||||
|
||||
code = krb5_copy_principal(context, princ, &kentry->princ);
|
||||
if (code != 0) {
|
||||
ks_free_krb5_db_entry(context, kentry);
|
||||
krb5_db_free_principal(context, kentry);
|
||||
return code;
|
||||
}
|
||||
|
||||
@ -177,13 +177,13 @@ static krb5_error_code ks_create_principal(krb5_context context,
|
||||
|
||||
code = krb5_dbe_update_mod_princ_data(context, kentry, now, kentry->princ);
|
||||
if (code != 0) {
|
||||
ks_free_krb5_db_entry(context, kentry);
|
||||
krb5_db_free_principal(context, kentry);
|
||||
return code;
|
||||
}
|
||||
|
||||
code = mit_samba_generate_salt(&salt);
|
||||
if (code != 0) {
|
||||
ks_free_krb5_db_entry(context, kentry);
|
||||
krb5_db_free_principal(context, kentry);
|
||||
return code;
|
||||
}
|
||||
|
||||
@ -194,7 +194,7 @@ static krb5_error_code ks_create_principal(krb5_context context,
|
||||
/* create a random password */
|
||||
code = mit_samba_generate_random_password(&pwd);
|
||||
if (code != 0) {
|
||||
ks_free_krb5_db_entry(context, kentry);
|
||||
krb5_db_free_principal(context, kentry);
|
||||
return code;
|
||||
}
|
||||
}
|
||||
@ -202,14 +202,14 @@ static krb5_error_code ks_create_principal(krb5_context context,
|
||||
code = krb5_c_string_to_key(context, enctype, &pwd, &salt, &key);
|
||||
SAFE_FREE(pwd.data);
|
||||
if (code != 0) {
|
||||
ks_free_krb5_db_entry(context, kentry);
|
||||
krb5_db_free_principal(context, kentry);
|
||||
return code;
|
||||
}
|
||||
|
||||
kentry->n_key_data = 1;
|
||||
kentry->key_data = calloc(1, sizeof(krb5_key_data));
|
||||
if (code != 0) {
|
||||
ks_free_krb5_db_entry(context, kentry);
|
||||
krb5_db_free_principal(context, kentry);
|
||||
return code;
|
||||
}
|
||||
|
||||
@ -288,19 +288,6 @@ krb5_error_code kdb_samba_db_get_principal(krb5_context context,
|
||||
return code;
|
||||
}
|
||||
|
||||
void kdb_samba_db_free_principal(krb5_context context,
|
||||
krb5_db_entry *entry)
|
||||
{
|
||||
struct mit_samba_context *mit_ctx;
|
||||
|
||||
mit_ctx = ks_get_context(context);
|
||||
if (mit_ctx == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
ks_free_krb5_db_entry(context, entry);
|
||||
}
|
||||
|
||||
krb5_error_code kdb_samba_db_put_principal(krb5_context context,
|
||||
krb5_db_entry *entry,
|
||||
char **db_args)
|
||||
|
@ -318,27 +318,35 @@ static int samba_kdc_kdb_entry_destructor(struct samba_kdc_entry *p)
|
||||
krb5_error_code ret;
|
||||
krb5_context context;
|
||||
|
||||
if (entry_ex->e_data != NULL) {
|
||||
struct samba_kdc_entry *skdc_entry;
|
||||
|
||||
skdc_entry = talloc_get_type(entry_ex->e_data,
|
||||
struct samba_kdc_entry);
|
||||
talloc_set_destructor(skdc_entry, NULL);
|
||||
entry_ex->e_data = NULL;
|
||||
}
|
||||
|
||||
ret = krb5_init_context(&context);
|
||||
if (ret) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
free_krb5_db_entry(context, entry_ex);
|
||||
krb5_db_free_principal(context, entry_ex);
|
||||
krb5_free_context(context);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int sdb_entry_ex_to_kdb_entry_ex(krb5_context context,
|
||||
const struct sdb_entry_ex *s,
|
||||
krb5_db_entry *k)
|
||||
{
|
||||
struct samba_kdc_entry *skdc_entry;
|
||||
|
||||
ZERO_STRUCTP(k);
|
||||
|
||||
if (s->ctx != NULL) {
|
||||
struct samba_kdc_entry *skdc_entry;
|
||||
|
||||
skdc_entry = talloc_get_type(s->ctx, struct samba_kdc_entry);
|
||||
|
||||
k->e_data = (void *)skdc_entry;
|
||||
|
Loading…
Reference in New Issue
Block a user