1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

mit-kdb: Update KDB vtable for DAL version 6

This changed between 1.14 and 1.15. Also the 1.15 change removed the
ability that the KDB module can free memory. This caused issues of
serveral projects. It got fixed with 1.15.1.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Andreas Schneider 2017-01-26 16:52:15 +01:00 committed by Andreas Schneider
parent a0464e3f87
commit 990cca36b1
5 changed files with 57 additions and 126 deletions

View File

@ -126,60 +126,50 @@ static krb5_error_code kdb_samba_db_unlock(krb5_context context)
return 0;
}
static void *kdb_samba_db_alloc(krb5_context context, void *ptr, size_t size)
static void kdb_samba_db_free_principal_e_data(krb5_context context,
krb5_octet *e_data)
{
return realloc(ptr, size);
}
struct samba_kdc_entry *skdc_entry;
static void kdb_samba_db_free(krb5_context context, void *ptr)
{
free(ptr);
skdc_entry = talloc_get_type_abort(e_data,
struct samba_kdc_entry);
talloc_set_destructor(skdc_entry, NULL);
TALLOC_FREE(skdc_entry);
}
kdb_vftabl kdb_function_table = {
KRB5_KDB_DAL_MAJOR_VERSION, /* major version number */
0, /* minor version number */
kdb_samba_init_library, /* init_library */
kdb_samba_fini_library, /* fini_library */
kdb_samba_init_module, /* init_module */
kdb_samba_fini_module, /* fini_module */
.maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
.min_ver = 1,
kdb_samba_db_create, /* db_create */
kdb_samba_db_destroy, /* db_destroy */
kdb_samba_db_get_age, /* db_get_age */
kdb_samba_db_lock, /* db_lock */
kdb_samba_db_unlock, /* db_unlock */
.init_library = kdb_samba_init_library,
.fini_library = kdb_samba_fini_library,
.init_module = kdb_samba_init_module,
.fini_module = kdb_samba_fini_module,
kdb_samba_db_get_principal, /* db_get_principal */
kdb_samba_db_free_principal, /* db_free_principal */
kdb_samba_db_put_principal, /* db_put_principal */
kdb_samba_db_delete_principal, /* db_delete_principal */
kdb_samba_db_iterate, /* db_iterate */
.create = kdb_samba_db_create,
.destroy = kdb_samba_db_destroy,
.get_age = kdb_samba_db_get_age,
.lock = kdb_samba_db_lock,
.unlock = kdb_samba_db_unlock,
NULL, /* create_policy */
NULL, /* get_policy */
NULL, /* put_policy */
NULL, /* iter_policy */
NULL, /* delete_policy */
NULL, /* free_policy */
.get_principal = kdb_samba_db_get_principal,
.put_principal = kdb_samba_db_put_principal,
.delete_principal = kdb_samba_db_delete_principal,
kdb_samba_db_alloc, /* db_alloc */
kdb_samba_db_free, /* db_free */
.iterate = kdb_samba_db_iterate,
kdb_samba_fetch_master_key, /* fetch_master_key */
kdb_samba_fetch_master_key_list, /* fetch_master_key_list */
NULL, /* store_master_key_list */
NULL, /* dbe_search_enctype */
kdb_samba_change_pwd, /* change_pwd */
NULL, /* promote_db */
kdb_samba_dbekd_decrypt_key_data, /* decrypt_key_data */
kdb_samba_dbekd_encrypt_key_data, /* encrypt_key_data */
.fetch_master_key = kdb_samba_fetch_master_key,
.fetch_master_key_list = kdb_samba_fetch_master_key_list,
kdb_samba_db_sign_auth_data, /* sign_authdata */
NULL, /* check_transited_realms */
kdb_samba_db_check_policy_as, /* check_policy_as */
NULL, /* check_policy_tgs */
kdb_samba_db_audit_as_req, /* audit_as_req */
NULL, /* refresh_config */
kdb_samba_db_check_allowed_to_delegate
.change_pwd = kdb_samba_change_pwd,
.decrypt_key_data = kdb_samba_dbekd_decrypt_key_data,
.encrypt_key_data = kdb_samba_dbekd_encrypt_key_data,
.sign_authdata = kdb_samba_db_sign_auth_data,
.check_policy_as = kdb_samba_db_check_policy_as,
.audit_as_req = kdb_samba_db_audit_as_req,
.check_allowed_to_delegate = kdb_samba_db_check_allowed_to_delegate,
.free_principal_e_data = kdb_samba_db_free_principal_e_data,
};

View File

@ -48,9 +48,6 @@
struct mit_samba_context *ks_get_context(krb5_context kcontext);
void ks_free_krb5_db_entry(krb5_context context,
krb5_db_entry *entry);
bool ks_data_eq_string(krb5_data d, const char *s);
krb5_data ks_make_data(void *data, unsigned int len);
@ -74,9 +71,6 @@ krb5_error_code kdb_samba_db_get_principal(krb5_context context,
unsigned int kflags,
krb5_db_entry **kentry);
void kdb_samba_db_free_principal(krb5_context context,
krb5_db_entry *entry);
krb5_error_code kdb_samba_db_put_principal(krb5_context context,
krb5_db_entry *entry,
char **db_args);

View File

@ -43,54 +43,6 @@ struct mit_samba_context *ks_get_context(krb5_context kcontext)
return (struct mit_samba_context *)db_ctx;
}
void ks_free_krb5_db_entry(krb5_context context,
krb5_db_entry *entry)
{
krb5_tl_data *tl_data_next = NULL;
krb5_tl_data *tl_data = NULL;
int i, j;
if (entry == NULL) {
return;
}
#if 0 /* TODO FIXME do we have something to free? */
if (entry->e_data != NULL) {
/* FREE ME! */
}
#endif
krb5_free_principal(context, entry->princ);
for (tl_data = entry->tl_data; tl_data; tl_data = tl_data_next) {
tl_data_next = tl_data->tl_data_next;
if (tl_data->tl_data_contents != NULL)
free(tl_data->tl_data_contents);
free(tl_data);
}
if (entry->key_data != NULL) {
for (i = 0; i < entry->n_key_data; i++) {
for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
if (entry->key_data[i].key_data_length[j] != 0) {
if (entry->key_data[i].key_data_contents[j] != NULL) {
memset(entry->key_data[i].key_data_contents[j],
0,
entry->key_data[i].key_data_length[j]);
free(entry->key_data[i].key_data_contents[j]);
}
}
entry->key_data[i].key_data_contents[j] = NULL;
entry->key_data[i].key_data_length[j] = 0;
entry->key_data[i].key_data_type[j] = 0;
}
}
free(entry->key_data);
}
free(entry);
}
bool ks_data_eq_string(krb5_data d, const char *s)
{
int rc;

View File

@ -93,7 +93,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context,
code = krb5_copy_principal(context, princ, &kentry->princ);
}
if (code != 0) {
ks_free_krb5_db_entry(context, kentry);
krb5_db_free_principal(context, kentry);
return code;
}
@ -101,7 +101,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context,
code = krb5_dbe_update_mod_princ_data(context, kentry, now, kentry->princ);
if (code != 0) {
ks_free_krb5_db_entry(context, kentry);
krb5_db_free_principal(context, kentry);
return code;
}
@ -109,7 +109,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context,
kentry->n_key_data = 1;
kentry->key_data = calloc(1, sizeof(krb5_key_data));
if (code != 0) {
ks_free_krb5_db_entry(context, kentry);
krb5_db_free_principal(context, kentry);
return code;
}
@ -119,7 +119,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context,
key_data->key_data_kvno = 1;
key_data->key_data_type[0] = ENCTYPE_UNKNOWN;
if (code != 0) {
ks_free_krb5_db_entry(context, kentry);
krb5_db_free_principal(context, kentry);
return code;
}
@ -169,7 +169,7 @@ static krb5_error_code ks_create_principal(krb5_context context,
code = krb5_copy_principal(context, princ, &kentry->princ);
if (code != 0) {
ks_free_krb5_db_entry(context, kentry);
krb5_db_free_principal(context, kentry);
return code;
}
@ -177,13 +177,13 @@ static krb5_error_code ks_create_principal(krb5_context context,
code = krb5_dbe_update_mod_princ_data(context, kentry, now, kentry->princ);
if (code != 0) {
ks_free_krb5_db_entry(context, kentry);
krb5_db_free_principal(context, kentry);
return code;
}
code = mit_samba_generate_salt(&salt);
if (code != 0) {
ks_free_krb5_db_entry(context, kentry);
krb5_db_free_principal(context, kentry);
return code;
}
@ -194,7 +194,7 @@ static krb5_error_code ks_create_principal(krb5_context context,
/* create a random password */
code = mit_samba_generate_random_password(&pwd);
if (code != 0) {
ks_free_krb5_db_entry(context, kentry);
krb5_db_free_principal(context, kentry);
return code;
}
}
@ -202,14 +202,14 @@ static krb5_error_code ks_create_principal(krb5_context context,
code = krb5_c_string_to_key(context, enctype, &pwd, &salt, &key);
SAFE_FREE(pwd.data);
if (code != 0) {
ks_free_krb5_db_entry(context, kentry);
krb5_db_free_principal(context, kentry);
return code;
}
kentry->n_key_data = 1;
kentry->key_data = calloc(1, sizeof(krb5_key_data));
if (code != 0) {
ks_free_krb5_db_entry(context, kentry);
krb5_db_free_principal(context, kentry);
return code;
}
@ -288,19 +288,6 @@ krb5_error_code kdb_samba_db_get_principal(krb5_context context,
return code;
}
void kdb_samba_db_free_principal(krb5_context context,
krb5_db_entry *entry)
{
struct mit_samba_context *mit_ctx;
mit_ctx = ks_get_context(context);
if (mit_ctx == NULL) {
return;
}
ks_free_krb5_db_entry(context, entry);
}
krb5_error_code kdb_samba_db_put_principal(krb5_context context,
krb5_db_entry *entry,
char **db_args)

View File

@ -318,27 +318,35 @@ static int samba_kdc_kdb_entry_destructor(struct samba_kdc_entry *p)
krb5_error_code ret;
krb5_context context;
if (entry_ex->e_data != NULL) {
struct samba_kdc_entry *skdc_entry;
skdc_entry = talloc_get_type(entry_ex->e_data,
struct samba_kdc_entry);
talloc_set_destructor(skdc_entry, NULL);
entry_ex->e_data = NULL;
}
ret = krb5_init_context(&context);
if (ret) {
return ret;
}
free_krb5_db_entry(context, entry_ex);
krb5_db_free_principal(context, entry_ex);
krb5_free_context(context);
return 0;
}
int sdb_entry_ex_to_kdb_entry_ex(krb5_context context,
const struct sdb_entry_ex *s,
krb5_db_entry *k)
{
struct samba_kdc_entry *skdc_entry;
ZERO_STRUCTP(k);
if (s->ctx != NULL) {
struct samba_kdc_entry *skdc_entry;
skdc_entry = talloc_get_type(s->ctx, struct samba_kdc_entry);
k->e_data = (void *)skdc_entry;