return ENOMEM;
}
- realm = smb_krb5_principal_get_realm(ccache->smb_krb5_context->krb5_context,
- princ);
+ realm = smb_krb5_principal_get_realm(
+ cred, ccache->smb_krb5_context->krb5_context, princ);
krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ);
if (realm == NULL) {
return ENOMEM;
}
ok = cli_credentials_set_realm(cred, realm, obtained);
- SAFE_FREE(realm);
+ TALLOC_FREE(realm);
if (!ok) {
return ENOMEM;
}
/**
* @brief Get realm of a principal
*
+ * @param[in] mem_ctx The talloc ctx to put the result on
+ *
* @param[in] context The library context
*
* @param[in] principal The principal to get the realm from.
*
- * @return An allocated string with the realm or NULL if an error occurred.
- *
- * The caller must free the realm string with free() if not needed anymore.
+ * @return A talloced string with the realm or NULL if an error occurred.
*/
-char *smb_krb5_principal_get_realm(krb5_context context,
+char *smb_krb5_principal_get_realm(TALLOC_CTX *mem_ctx,
+ krb5_context context,
krb5_const_principal principal)
{
#ifdef HAVE_KRB5_PRINCIPAL_GET_REALM /* Heimdal */
- return strdup(discard_const_p(char, krb5_principal_get_realm(context, principal)));
+ return talloc_strdup(mem_ctx,
+ krb5_principal_get_realm(context, principal));
#elif defined(krb5_princ_realm) /* MIT */
- krb5_data *realm;
- realm = discard_const_p(krb5_data,
- krb5_princ_realm(context, principal));
- return strndup(realm->data, realm->length);
+ const krb5_data *realm;
+ realm = krb5_princ_realm(context, principal);
+ return talloc_strndup(mem_ctx, realm->data, realm->length);
#else
#error UNKNOWN_GET_PRINC_REALM_FUNCTIONS
#endif
uint32_t *sig_type,
DATA_BLOB *sig_blob);
-char *smb_krb5_principal_get_realm(krb5_context context,
+char *smb_krb5_principal_get_realm(TALLOC_CTX *mem_ctx,
+ krb5_context context,
krb5_const_principal principal);
void smb_krb5_principal_set_type(krb5_context context,
}
krb5_get_init_creds_opt_set_address_list(opts, addr->addrs);
- realm = smb_krb5_principal_get_realm(context, princ);
+ realm = smb_krb5_principal_get_realm(NULL, context, princ);
/* We have to obtain an INITIAL changepw ticket for changing password */
if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
krb5_get_init_creds_opt_free(context, opts);
smb_krb5_free_addresses(context, addr);
krb5_free_context(context);
- free(realm);
+ TALLOC_FREE(realm);
DEBUG(1,("ads_krb5_chg_password: asprintf fail\n"));
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
- free(realm);
+ TALLOC_FREE(realm);
password = SMB_STRDUP(oldpw);
ret = krb5_get_init_creds_password(context, &creds, princ, password,
kerb_prompter, NULL,
krb5_error_code ret;
krb5_principal principal;
/* perhaps it's a principal with a realm, so return the right 'domain only' response */
- char *realm;
ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name,
KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &principal);
if (ret) {
return WERR_OK;
}
- realm = smb_krb5_principal_get_realm(smb_krb5_context->krb5_context, principal);
-
- info1->dns_domain_name = talloc_strdup(mem_ctx, realm);
+ info1->dns_domain_name = smb_krb5_principal_get_realm(
+ mem_ctx, smb_krb5_context->krb5_context, principal);
krb5_free_principal(smb_krb5_context->krb5_context, principal);
- free(realm);
W_ERROR_HAVE_NO_MEMORY(info1->dns_domain_name);
return WERR_OK;
}
- realm = smb_krb5_principal_get_realm(smb_krb5_context->krb5_context,
- principal);
+ realm = smb_krb5_principal_get_realm(
+ mem_ctx, smb_krb5_context->krb5_context, principal);
ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res,
samdb_partitions_dn(sam_ctx, mem_ctx),
ldb_binary_encode_string(mem_ctx, realm),
LDB_OID_COMPARATOR_AND,
SYSTEM_FLAG_CR_NTDS_DOMAIN);
- free(realm);
+ TALLOC_FREE(realm);
if (ldb_ret != LDB_SUCCESS) {
DEBUG(2, ("DsCrackNameUPN domain ref search failed: %s\n", ldb_errstring(sam_ctx)));
entry_ex->entry.flags.invalid = 0;
entry_ex->entry.flags.server = 1;
- realm = smb_krb5_principal_get_realm(context, principal);
+ realm = smb_krb5_principal_get_realm(
+ mem_ctx, context, principal);
if (realm == NULL) {
ret = ENOMEM;
goto out;
entry_ex->entry.flags.change_pw = 1;
}
- SAFE_FREE(realm);
+ TALLOC_FREE(realm);
entry_ex->entry.flags.client = 0;
entry_ex->entry.flags.forwardable = 1;
}
num_comp = krb5_princ_size(context, fallback_principal);
- fallback_realm = smb_krb5_principal_get_realm(context,
- fallback_principal);
+ fallback_realm = smb_krb5_principal_get_realm(
+ mem_ctx, context, fallback_principal);
if (fallback_realm == NULL) {
krb5_free_principal(context, fallback_principal);
return ENOMEM;
context, fallback_principal, 0);
if (fallback_account == NULL) {
krb5_free_principal(context, fallback_principal);
- SAFE_FREE(fallback_realm);
+ TALLOC_FREE(fallback_realm);
return ENOMEM;
}
with_dollar = talloc_asprintf(mem_ctx, "%s$",
fallback_account);
if (with_dollar == NULL) {
- SAFE_FREE(fallback_realm);
+ TALLOC_FREE(fallback_realm);
return ENOMEM;
}
TALLOC_FREE(fallback_account);
with_dollar, NULL);
TALLOC_FREE(with_dollar);
if (ret != 0) {
- SAFE_FREE(fallback_realm);
+ TALLOC_FREE(fallback_realm);
return ret;
}
}
- SAFE_FREE(fallback_realm);
+ TALLOC_FREE(fallback_realm);
if (fallback_principal != NULL) {
char *fallback_string = NULL;
krb5_error_code ret;
struct ldb_message *msg = NULL;
struct ldb_dn *realm_dn = ldb_get_default_basedn(kdc_db_ctx->samdb);
- char *realm_from_princ, *realm_from_princ_malloc;
+ char *realm_from_princ;
char *realm_princ_comp = smb_krb5_principal_get_comp_string(mem_ctx, context, principal, 1);
- realm_from_princ_malloc = smb_krb5_principal_get_realm(context, principal);
- if (realm_from_princ_malloc == NULL) {
- /* can't happen */
- return SDB_ERR_NOENTRY;
- }
- realm_from_princ = talloc_strdup(mem_ctx, realm_from_princ_malloc);
- free(realm_from_princ_malloc);
+ realm_from_princ = smb_krb5_principal_get_realm(
+ mem_ctx, context, principal);
if (realm_from_princ == NULL) {
+ /* can't happen */
return SDB_ERR_NOENTRY;
}
TALLOC_CTX *frame = talloc_stackframe();
NTSTATUS status;
krb5_error_code ret;
- char *_realm = NULL;
bool check_realm = false;
const char *realm = NULL;
struct dsdb_trust_routing_table *trt = NULL;
return 0;
}
- _realm = smb_krb5_principal_get_realm(context, principal);
- if (_realm == NULL) {
+ realm = smb_krb5_principal_get_realm(frame, context, principal);
+ if (realm == NULL) {
TALLOC_FREE(frame);
return ENOMEM;
}
/*
* The requested realm needs to be our own
*/
- ok = lpcfg_is_my_domain_or_realm(kdc_db_ctx->lp_ctx, _realm);
+ ok = lpcfg_is_my_domain_or_realm(kdc_db_ctx->lp_ctx, realm);
if (!ok) {
/*
* The request is not for us...
*/
- SAFE_FREE(_realm);
TALLOC_FREE(frame);
return SDB_ERR_NOENTRY;
}
- realm = talloc_strdup(frame, _realm);
- SAFE_FREE(_realm);
- if (realm == NULL) {
- TALLOC_FREE(frame);
- return ENOMEM;
- }
-
if (smb_krb5_principal_get_type(context, principal) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
char *principal_string = NULL;
krb5_principal enterprise_principal = NULL;
return ret;
}
- enterprise_realm = smb_krb5_principal_get_realm(context,
- enterprise_principal);
+ enterprise_realm = smb_krb5_principal_get_realm(
+ frame, context, enterprise_principal);
krb5_free_principal(context, enterprise_principal);
if (enterprise_realm != NULL) {
- realm = talloc_strdup(frame, enterprise_realm);
- SAFE_FREE(enterprise_realm);
- if (realm == NULL) {
- TALLOC_FREE(frame);
- return ENOMEM;
- }
+ realm = enterprise_realm;
}
}
return KRB5_KPASSWD_HARDERROR;
}
- target_realm = smb_krb5_principal_get_realm(context, target_principal);
+ target_realm = smb_krb5_principal_get_realm(
+ mem_ctx, context, target_principal);
code = krb5_unparse_name_flags(context,
target_principal,
KRB5_PRINCIPAL_UNPARSE_NO_REALM,
if ((target_name != NULL && target_realm == NULL) ||
(target_name == NULL && target_realm != NULL)) {
krb5_free_principal(context, target_principal);
- SAFE_FREE(target_realm);
+ TALLOC_FREE(target_realm);
SAFE_FREE(target_name);
ok = kpasswd_make_error_reply(mem_ctx,
}
if (target_name != NULL && target_realm != NULL) {
- SAFE_FREE(target_realm);
+ TALLOC_FREE(target_realm);
SAFE_FREE(target_name);
} else {
krb5_free_principal(context, target_principal);
- SAFE_FREE(target_realm);
+ TALLOC_FREE(target_realm);
SAFE_FREE(target_name);
return kpasswd_change_password(kdc,
* We just redo the lookup in the database with the referral
* principal and return success.
*/
- dest_realm = smb_krb5_principal_get_realm(ctx->context,
- sentry.entry.principal);
+ dest_realm = smb_krb5_principal_get_realm(
+ ctx, ctx->context, sentry.entry.principal);
sdb_free_entry(&sentry);
if (dest_realm == NULL) {
ret = KRB5_KDB_NOENTRY;
KRB5_TGS_NAME,
dest_realm,
NULL);
- SAFE_FREE(dest_realm);
+ TALLOC_FREE(dest_realm);
if (ret != 0) {
goto done;
}