mit-kdb: Update KDB vtable for DAL version 6
authorAndreas Schneider <asn@samba.org>
Thu, 26 Jan 2017 15:52:15 +0000 (16:52 +0100)
committerAndreas Schneider <asn@cryptomilk.org>
Sat, 29 Apr 2017 21:31:08 +0000 (23:31 +0200)
This changed between 1.14 and 1.15. Also the 1.15 change removed the
ability that the KDB module can free memory. This caused issues of
serveral projects. It got fixed with 1.15.1.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source4/kdc/mit-kdb/kdb_samba.c
source4/kdc/mit-kdb/kdb_samba.h
source4/kdc/mit-kdb/kdb_samba_common.c
source4/kdc/mit-kdb/kdb_samba_principals.c
source4/kdc/sdb_to_kdb.c

index b7f802c..c5157d6 100644 (file)
@@ -126,60 +126,50 @@ static krb5_error_code kdb_samba_db_unlock(krb5_context context)
        return 0;
 }
 
-static void *kdb_samba_db_alloc(krb5_context context, void *ptr, size_t size)
+static void kdb_samba_db_free_principal_e_data(krb5_context context,
+                                              krb5_octet *e_data)
 {
-       return realloc(ptr, size);
-}
+       struct samba_kdc_entry *skdc_entry;
 
-static void kdb_samba_db_free(krb5_context context, void *ptr)
-{
-       free(ptr);
+       skdc_entry = talloc_get_type_abort(e_data,
+                                          struct samba_kdc_entry);
+       talloc_set_destructor(skdc_entry, NULL);
+       TALLOC_FREE(skdc_entry);
 }
 
 kdb_vftabl kdb_function_table = {
-       KRB5_KDB_DAL_MAJOR_VERSION,        /* major version number */
-       0,                                 /* minor version number */
-       kdb_samba_init_library,            /* init_library */
-       kdb_samba_fini_library,            /* fini_library */
-       kdb_samba_init_module,             /* init_module */
-       kdb_samba_fini_module,             /* fini_module */
-
-       kdb_samba_db_create,               /* db_create */
-       kdb_samba_db_destroy,              /* db_destroy */
-       kdb_samba_db_get_age,              /* db_get_age */
-       kdb_samba_db_lock,                 /* db_lock */
-       kdb_samba_db_unlock,               /* db_unlock */
-
-       kdb_samba_db_get_principal,        /* db_get_principal */
-       kdb_samba_db_free_principal,       /* db_free_principal */
-       kdb_samba_db_put_principal,        /* db_put_principal */
-       kdb_samba_db_delete_principal,     /* db_delete_principal */
-       kdb_samba_db_iterate,              /* db_iterate */
-
-       NULL,                              /* create_policy */
-       NULL,                              /* get_policy */
-       NULL,                              /* put_policy */
-       NULL,                              /* iter_policy */
-       NULL,                              /* delete_policy */
-       NULL,                              /* free_policy */
-
-       kdb_samba_db_alloc,                /* db_alloc */
-       kdb_samba_db_free,                 /* db_free */
-
-       kdb_samba_fetch_master_key,        /* fetch_master_key */
-       kdb_samba_fetch_master_key_list,   /* fetch_master_key_list */
-       NULL,                              /* store_master_key_list */
-       NULL,                              /* dbe_search_enctype */
-       kdb_samba_change_pwd,              /* change_pwd */
-       NULL,                              /* promote_db */
-       kdb_samba_dbekd_decrypt_key_data,  /* decrypt_key_data */
-       kdb_samba_dbekd_encrypt_key_data,  /* encrypt_key_data */
-
-       kdb_samba_db_sign_auth_data,       /* sign_authdata */
-       NULL,                              /* check_transited_realms */
-       kdb_samba_db_check_policy_as,      /* check_policy_as */
-       NULL,                              /* check_policy_tgs */
-       kdb_samba_db_audit_as_req,         /* audit_as_req */
-       NULL,                              /* refresh_config */
-       kdb_samba_db_check_allowed_to_delegate
+       .maj_ver                   = KRB5_KDB_DAL_MAJOR_VERSION,
+       .min_ver                   = 1,
+
+       .init_library              = kdb_samba_init_library,
+       .fini_library              = kdb_samba_fini_library,
+       .init_module               = kdb_samba_init_module,
+       .fini_module               = kdb_samba_fini_module,
+
+       .create                    = kdb_samba_db_create,
+       .destroy                   = kdb_samba_db_destroy,
+       .get_age                   = kdb_samba_db_get_age,
+       .lock                      = kdb_samba_db_lock,
+       .unlock                    = kdb_samba_db_unlock,
+
+       .get_principal             = kdb_samba_db_get_principal,
+       .put_principal             = kdb_samba_db_put_principal,
+       .delete_principal          = kdb_samba_db_delete_principal,
+
+       .iterate                   = kdb_samba_db_iterate,
+
+       .fetch_master_key          = kdb_samba_fetch_master_key,
+       .fetch_master_key_list     = kdb_samba_fetch_master_key_list,
+
+       .change_pwd                = kdb_samba_change_pwd,
+
+       .decrypt_key_data          = kdb_samba_dbekd_decrypt_key_data,
+       .encrypt_key_data          = kdb_samba_dbekd_encrypt_key_data,
+
+       .sign_authdata             = kdb_samba_db_sign_auth_data,
+       .check_policy_as           = kdb_samba_db_check_policy_as,
+       .audit_as_req              = kdb_samba_db_audit_as_req,
+       .check_allowed_to_delegate = kdb_samba_db_check_allowed_to_delegate,
+
+       .free_principal_e_data     = kdb_samba_db_free_principal_e_data,
 };
index 0258b2d..abca2c1 100644 (file)
@@ -48,9 +48,6 @@
 
 struct mit_samba_context *ks_get_context(krb5_context kcontext);
 
-void ks_free_krb5_db_entry(krb5_context context,
-                          krb5_db_entry *entry);
-
 bool ks_data_eq_string(krb5_data d, const char *s);
 
 krb5_data ks_make_data(void *data, unsigned int len);
@@ -74,9 +71,6 @@ krb5_error_code kdb_samba_db_get_principal(krb5_context context,
                                           unsigned int kflags,
                                           krb5_db_entry **kentry);
 
-void kdb_samba_db_free_principal(krb5_context context,
-                                krb5_db_entry *entry);
-
 krb5_error_code kdb_samba_db_put_principal(krb5_context context,
                                           krb5_db_entry *entry,
                                           char **db_args);
index 1cd5469..e89aed6 100644 (file)
@@ -43,54 +43,6 @@ struct mit_samba_context *ks_get_context(krb5_context kcontext)
        return (struct mit_samba_context *)db_ctx;
 }
 
-void ks_free_krb5_db_entry(krb5_context context,
-                          krb5_db_entry *entry)
-{
-       krb5_tl_data *tl_data_next = NULL;
-       krb5_tl_data *tl_data = NULL;
-       int i, j;
-
-       if (entry == NULL) {
-               return;
-       }
-
-#if 0 /* TODO FIXME do we have something to free? */
-       if (entry->e_data != NULL) {
-               /* FREE ME! */
-       }
-#endif
-
-       krb5_free_principal(context, entry->princ);
-
-       for (tl_data = entry->tl_data; tl_data; tl_data = tl_data_next) {
-               tl_data_next = tl_data->tl_data_next;
-               if (tl_data->tl_data_contents != NULL)
-                       free(tl_data->tl_data_contents);
-               free(tl_data);
-       }
-
-       if (entry->key_data != NULL) {
-               for (i = 0; i < entry->n_key_data; i++) {
-                       for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
-                               if (entry->key_data[i].key_data_length[j] != 0) {
-                                       if (entry->key_data[i].key_data_contents[j] != NULL) {
-                                               memset(entry->key_data[i].key_data_contents[j],
-                                                               0,
-                                                               entry->key_data[i].key_data_length[j]);
-                                               free(entry->key_data[i].key_data_contents[j]);
-                                       }
-                               }
-                               entry->key_data[i].key_data_contents[j] = NULL;
-                               entry->key_data[i].key_data_length[j] = 0;
-                               entry->key_data[i].key_data_type[j] = 0;
-                       }
-               }
-               free(entry->key_data);
-       }
-
-       free(entry);
-}
-
 bool ks_data_eq_string(krb5_data d, const char *s)
 {
        int rc;
index 7b6fd6a..1dbb69b 100644 (file)
@@ -93,7 +93,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context,
                code = krb5_copy_principal(context, princ, &kentry->princ);
        }
        if (code != 0) {
-               ks_free_krb5_db_entry(context, kentry);
+               krb5_db_free_principal(context, kentry);
                return code;
        }
 
@@ -101,7 +101,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context,
 
        code = krb5_dbe_update_mod_princ_data(context, kentry, now, kentry->princ);
        if (code != 0) {
-               ks_free_krb5_db_entry(context, kentry);
+               krb5_db_free_principal(context, kentry);
                return code;
        }
 
@@ -109,7 +109,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context,
        kentry->n_key_data = 1;
        kentry->key_data = calloc(1, sizeof(krb5_key_data));
        if (code != 0) {
-               ks_free_krb5_db_entry(context, kentry);
+               krb5_db_free_principal(context, kentry);
                return code;
        }
 
@@ -119,7 +119,7 @@ static krb5_error_code ks_get_master_key_principal(krb5_context context,
        key_data->key_data_kvno         = 1;
        key_data->key_data_type[0]      = ENCTYPE_UNKNOWN;
        if (code != 0) {
-               ks_free_krb5_db_entry(context, kentry);
+               krb5_db_free_principal(context, kentry);
                return code;
        }
 
@@ -169,7 +169,7 @@ static krb5_error_code ks_create_principal(krb5_context context,
 
        code = krb5_copy_principal(context, princ, &kentry->princ);
        if (code != 0) {
-               ks_free_krb5_db_entry(context, kentry);
+               krb5_db_free_principal(context, kentry);
                return code;
        }
 
@@ -177,13 +177,13 @@ static krb5_error_code ks_create_principal(krb5_context context,
 
        code = krb5_dbe_update_mod_princ_data(context, kentry, now, kentry->princ);
        if (code != 0) {
-               ks_free_krb5_db_entry(context, kentry);
+               krb5_db_free_principal(context, kentry);
                return code;
        }
 
        code = mit_samba_generate_salt(&salt);
        if (code != 0) {
-               ks_free_krb5_db_entry(context, kentry);
+               krb5_db_free_principal(context, kentry);
                return code;
        }
 
@@ -194,7 +194,7 @@ static krb5_error_code ks_create_principal(krb5_context context,
                /* create a random password */
                code = mit_samba_generate_random_password(&pwd);
                if (code != 0) {
-                       ks_free_krb5_db_entry(context, kentry);
+                       krb5_db_free_principal(context, kentry);
                        return code;
                }
        }
@@ -202,14 +202,14 @@ static krb5_error_code ks_create_principal(krb5_context context,
        code = krb5_c_string_to_key(context, enctype, &pwd, &salt, &key);
        SAFE_FREE(pwd.data);
        if (code != 0) {
-               ks_free_krb5_db_entry(context, kentry);
+               krb5_db_free_principal(context, kentry);
                return code;
        }
 
        kentry->n_key_data = 1;
        kentry->key_data = calloc(1, sizeof(krb5_key_data));
        if (code != 0) {
-               ks_free_krb5_db_entry(context, kentry);
+               krb5_db_free_principal(context, kentry);
                return code;
        }
 
@@ -288,19 +288,6 @@ krb5_error_code kdb_samba_db_get_principal(krb5_context context,
        return code;
 }
 
-void kdb_samba_db_free_principal(krb5_context context,
-                                krb5_db_entry *entry)
-{
-       struct mit_samba_context *mit_ctx;
-
-       mit_ctx = ks_get_context(context);
-       if (mit_ctx == NULL) {
-               return;
-       }
-
-       ks_free_krb5_db_entry(context, entry);
-}
-
 krb5_error_code kdb_samba_db_put_principal(krb5_context context,
                                           krb5_db_entry *entry,
                                           char **db_args)
index ff50c0c..74d8827 100644 (file)
@@ -318,27 +318,35 @@ static int samba_kdc_kdb_entry_destructor(struct samba_kdc_entry *p)
        krb5_error_code ret;
        krb5_context context;
 
+       if (entry_ex->e_data != NULL) {
+               struct samba_kdc_entry *skdc_entry;
+
+               skdc_entry = talloc_get_type(entry_ex->e_data,
+                                            struct samba_kdc_entry);
+               talloc_set_destructor(skdc_entry, NULL);
+               entry_ex->e_data = NULL;
+       }
+
        ret = krb5_init_context(&context);
        if (ret) {
                return ret;
        }
 
-       free_krb5_db_entry(context, entry_ex);
+       krb5_db_free_principal(context, entry_ex);
        krb5_free_context(context);
 
        return 0;
 }
 
-
 int sdb_entry_ex_to_kdb_entry_ex(krb5_context context,
                                 const struct sdb_entry_ex *s,
                                 krb5_db_entry *k)
 {
-       struct samba_kdc_entry *skdc_entry;
-
        ZERO_STRUCTP(k);
 
        if (s->ctx != NULL) {
+               struct samba_kdc_entry *skdc_entry;
+
                skdc_entry = talloc_get_type(s->ctx, struct samba_kdc_entry);
 
                k->e_data       = (void *)skdc_entry;