1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

s4:kdc: Create a temporary talloc context on which to allocate

‘client->context’ is too long-lived to use for allocating short-term
data.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2023-06-16 15:00:29 +12:00 committed by Andrew Bartlett
parent cf139d1421
commit ad1234d5ee

View File

@ -670,15 +670,23 @@ static char *get_netbios_name(TALLOC_CTX *mem_ctx, HostAddresses *addrs)
static krb5_error_code samba_wdc_check_client_access(void *priv,
astgs_request_t r)
{
TALLOC_CTX *tmp_ctx = NULL;
const hdb_entry *client = NULL;
struct samba_kdc_entry *kdc_entry;
bool password_change;
char *workstation;
NTSTATUS nt_status;
client = kdc_request_get_client(r);
kdc_entry = talloc_get_type(kdc_request_get_client(r)->context, struct samba_kdc_entry);
tmp_ctx = talloc_named(client->context, 0, "samba_wdc_check_client_access");
if (tmp_ctx == NULL) {
return ENOMEM;
}
kdc_entry = talloc_get_type(client->context, struct samba_kdc_entry);
password_change = (kdc_request_get_server(r) && kdc_request_get_server(r)->flags.change_pw);
workstation = get_netbios_name((TALLOC_CTX *)kdc_request_get_client(r)->context,
workstation = get_netbios_name(tmp_ctx,
kdc_request_get_req(r)->req_body.addresses);
nt_status = samba_kdc_check_client_access(kdc_entry,
@ -691,6 +699,7 @@ static krb5_error_code samba_wdc_check_client_access(void *priv,
krb5_error_code ret2;
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) {
talloc_free(tmp_ctx);
return ENOMEM;
}
@ -705,10 +714,12 @@ static krb5_error_code samba_wdc_check_client_access(void *priv,
ret = ret2;
}
talloc_free(tmp_ctx);
return ret;
}
/* Now do the standard Heimdal check */
talloc_free(tmp_ctx);
return KRB5_PLUGIN_NO_HANDLE;
}