oysteikt/heimdal
0
0
Fork 0
Code Issues5 Pull Requests Releases Activity

hdb: decorate HDB_entry with context member

Browse Source 
Decorate HDB_entry with context and move free_entry callback into HDB structure
itself. Requires updating hdb_free_entry() signature to include HDB parameter.
A follow-up commit will consolidate hdb_entry_ex (which has a single hdb_entry
member) into hdb_entry.
This commit is contained in:
Luke Howard
2022-01-07 12:15:55 +11:00
parent 923067e099
commit c5551775e2
40 changed files with 150 additions and 137 deletions

24
kadmin/load.c

@@ -519,7 +519,7 @@ doit(const char *filename, int mergep)
if (parse_keys(&ent.entry, e.key)) {
fprintf (stderr, "%s:%d:error parsing keys (%s)\n",
filename, lineno, e.key);
hdb_free_entry (context, &ent);
hdb_free_entry (context, db, &ent);
ret = 1;
continue;
}
@@ -527,35 +527,35 @@ doit(const char *filename, int mergep)
if (parse_event(&ent.entry.created_by, e.created) == -1) {
fprintf (stderr, "%s:%d:error parsing created event (%s)\n",
filename, lineno, e.created);
hdb_free_entry (context, &ent);
hdb_free_entry (context, db, &ent);
ret = 1;
continue;
}
if (parse_event_alloc (&ent.entry.modified_by, e.modified) == -1) {
fprintf (stderr, "%s:%d:error parsing event (%s)\n",
filename, lineno, e.modified);
hdb_free_entry (context, &ent);
hdb_free_entry (context, db, &ent);
ret = 1;
continue;
}
if (parse_time_string_alloc (&ent.entry.valid_start, e.valid_start) == -1) {
fprintf (stderr, "%s:%d:error parsing time (%s)\n",
filename, lineno, e.valid_start);
hdb_free_entry (context, &ent);
hdb_free_entry (context, db, &ent);
ret = 1;
continue;
}
if (parse_time_string_alloc (&ent.entry.valid_end, e.valid_end) == -1) {
fprintf (stderr, "%s:%d:error parsing time (%s)\n",
filename, lineno, e.valid_end);
hdb_free_entry (context, &ent);
hdb_free_entry (context, db, &ent);
ret = 1;
continue;
}
if (parse_time_string_alloc (&ent.entry.pw_end, e.pw_end) == -1) {
fprintf (stderr, "%s:%d:error parsing time (%s)\n",
filename, lineno, e.pw_end);
hdb_free_entry (context, &ent);
hdb_free_entry (context, db, &ent);
ret = 1;
continue;
}
@@ -563,7 +563,7 @@ doit(const char *filename, int mergep)
if (parse_integer_alloc (&ent.entry.max_life, e.max_life) == -1) {
fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
filename, lineno, e.max_life);
hdb_free_entry (context, &ent);
hdb_free_entry (context, db, &ent);
ret = 1;
continue;
@@ -571,7 +571,7 @@ doit(const char *filename, int mergep)
if (parse_integer_alloc (&ent.entry.max_renew, e.max_renew) == -1) {
fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
filename, lineno, e.max_renew);
hdb_free_entry (context, &ent);
hdb_free_entry (context, db, &ent);
ret = 1;
continue;
}
@@ -579,7 +579,7 @@ doit(const char *filename, int mergep)
if (parse_hdbflags2int (&ent.entry.flags, e.flags) != 1) {
fprintf (stderr, "%s:%d:error parsing flags (%s)\n",
filename, lineno, e.flags);
hdb_free_entry (context, &ent);
hdb_free_entry (context, db, &ent);
ret = 1;
continue;
}
@@ -587,7 +587,7 @@ doit(const char *filename, int mergep)
if(parse_generation(e.generation, &ent.entry.generation) == -1) {
fprintf (stderr, "%s:%d:error parsing generation (%s)\n",
filename, lineno, e.generation);
hdb_free_entry (context, &ent);
hdb_free_entry (context, db, &ent);
ret = 1;
continue;
}
@@ -595,13 +595,13 @@ doit(const char *filename, int mergep)
if (parse_extensions(&e.extensions, &ent.entry.extensions) == -1) {
fprintf (stderr, "%s:%d:error parsing extension (%s)\n",
filename, lineno, e.extensions);
hdb_free_entry (context, &ent);
hdb_free_entry (context, db, &ent);
ret = 1;
continue;
}
ret2 = db->hdb_store(context, db, HDB_F_REPLACE, &ent);
hdb_free_entry (context, &ent);
hdb_free_entry (context, db, &ent);
if (ret2) {
krb5_warn(context, ret2, "db_store");
break;

5
kdc/digest-service.c

@@ -61,6 +61,7 @@ ntlm_service(void *ctx, const heim_idata *req,
heim_idata rep = { 0, NULL };
krb5_context context = ctx;
hdb_entry_ex *user = NULL;
HDB *db = NULL;
Key *key = NULL;
NTLMReply ntp;
size_t size;
@@ -113,7 +114,7 @@ ntlm_service(void *ctx, const heim_idata *req,
krb5_principal_set_type(context, client, KRB5_NT_NTLM);
ret = _kdc_db_fetch(context, config, client,
HDB_F_GET_CLIENT, NULL, NULL, &user);
HDB_F_GET_CLIENT, NULL, &db, &user);
krb5_free_principal(context, client);
if (ret)
goto failed;
@@ -213,7 +214,7 @@ ntlm_service(void *ctx, const heim_idata *req,
free_NTLMRequest2(&ntq);
if (user)
_kdc_free_ent (context, user);
_kdc_free_ent (context, db, user);
}
static int help_flag;

18
kdc/digest.c

@@ -190,7 +190,7 @@ get_password_entry(krb5_context context,
}
memset(user, 0, sizeof(*user));
}
_kdc_free_ent (context, user);
_kdc_free_ent (context, db, user);
return ret;
}
@@ -217,7 +217,9 @@ _kdc_do_digest(krb5_context context,
size_t size;
krb5_storage *sp = NULL;
Checksum res;
HDB *serverdb, *userdb;
hdb_entry_ex *server = NULL, *user = NULL;
HDB *clientdb;
hdb_entry_ex *client = NULL;
char *client_name = NULL, *password = NULL;
krb5_data serverNonce;
@@ -292,7 +294,7 @@ _kdc_do_digest(krb5_context context,
krb5_clear_error_message(context);
ret = _kdc_db_fetch(context, config, principal,
HDB_F_GET_SERVER, NULL, NULL, &server);
HDB_F_GET_SERVER, NULL, &serverdb, &server);
if (ret)
goto out;
@@ -314,7 +316,7 @@ _kdc_do_digest(krb5_context context,
}
ret = _kdc_db_fetch(context, config, principal,
HDB_F_GET_CLIENT, NULL, NULL, &client);
HDB_F_GET_CLIENT, NULL, &clientdb, &client);
krb5_free_principal(context, principal);
if (ret)
goto out;
@@ -877,7 +879,7 @@ _kdc_do_digest(krb5_context context,
goto failed;
ret = _kdc_db_fetch(context, config, clientprincipal,
HDB_F_GET_CLIENT, NULL, NULL, &user);
HDB_F_GET_CLIENT, NULL, &userdb, &user);
krb5_free_principal(context, clientprincipal);
if (ret) {
krb5_set_error_message(context, ret,
@@ -1163,7 +1165,7 @@ _kdc_do_digest(krb5_context context,
goto failed;
ret = _kdc_db_fetch(context, config, clientprincipal,
HDB_F_GET_CLIENT, NULL, NULL, &user);
HDB_F_GET_CLIENT, NULL, &userdb, &user);
krb5_free_principal(context, clientprincipal);
if (ret) {
krb5_set_error_message(context, ret, "NTLM user %s not in database",
@@ -1494,11 +1496,11 @@ _kdc_do_digest(krb5_context context,
if (sp)
krb5_storage_free(sp);
if (user)
_kdc_free_ent (context, user);
_kdc_free_ent (context, userdb, user);
if (server)
_kdc_free_ent (context, server);
_kdc_free_ent (context, serverdb, server);
if (client)
_kdc_free_ent (context, client);
_kdc_free_ent (context, clientdb, client);
if (password) {
memset(password, 0, strlen(password));
free (password);

12
kdc/fast.c

@@ -108,6 +108,7 @@ get_fastuser_crypto(astgs_request_t r,
krb5_crypto *crypto)
{
krb5_principal fast_princ;
HDB *fast_db;
hdb_entry_ex *fast_user = NULL;
Key *cookie_key = NULL;
krb5_crypto fast_crypto = NULL;
@@ -122,7 +123,7 @@ get_fastuser_crypto(astgs_request_t r,
goto out;
ret = _kdc_db_fetch(r->context, r->config, fast_princ,
HDB_F_GET_FAST_COOKIE, NULL, NULL, &fast_user);
HDB_F_GET_FAST_COOKIE, NULL, &fast_db, &fast_user);
if (ret)
goto out;
@@ -148,7 +149,7 @@ get_fastuser_crypto(astgs_request_t r,
out:
if (fast_user)
_kdc_free_ent(r->context, fast_user);
_kdc_free_ent(r->context, fast_db, fast_user);
if (fast_crypto)
krb5_crypto_destroy(r->context, fast_crypto);
krb5_free_principal(r->context, fast_princ);
@@ -549,7 +550,7 @@ fast_unwrap_request(astgs_request_t r,
ret = _kdc_db_fetch(r->context, r->config, armor_server_principal,
HDB_F_GET_KRBTGT | HDB_F_DELAY_NEW_KEYS,
(krb5uint32 *)ap_req.ticket.enc_part.kvno,
NULL, &r->armor_server);
&r->armor_serverdb, &r->armor_server);
if(ret == HDB_ERR_NOT_FOUND_HERE) {
free_AP_REQ(&ap_req);
kdc_log(r->context, r->config, 5,
@@ -834,6 +835,7 @@ _kdc_fast_check_armor_pac(astgs_request_t r)
krb5_boolean ad_kdc_issued = FALSE;
krb5_pac mspac = NULL;
krb5_principal armor_client_principal = NULL;
HDB *armor_db;
hdb_entry_ex *armor_client = NULL;
char *armor_client_principal_name = NULL;
@@ -857,7 +859,7 @@ _kdc_fast_check_armor_pac(astgs_request_t r)
ret = _kdc_db_fetch_client(r->context, r->config, flags,
armor_client_principal, armor_client_principal_name,
r->req.req_body.realm, NULL, &armor_client);
r->req.req_body.realm, &armor_db, &armor_client);
if (ret)
goto out;
@@ -886,7 +888,7 @@ _kdc_fast_check_armor_pac(astgs_request_t r)
out:
krb5_xfree(armor_client_principal_name);
if (armor_client)
_kdc_free_ent(r->context, armor_client);
_kdc_free_ent(r->context, armor_db, armor_client);
krb5_free_principal(r->context, armor_client_principal);
krb5_pac_free(r->context, mspac);

5
kdc/gss_preauth.c

@@ -682,6 +682,7 @@ _kdc_gss_check_client(astgs_request_t r,
krb5_principal initiator_princ = NULL;
hdb_entry_ex *initiator = NULL;
krb5_boolean authorized = FALSE;
HDB *clientdb = r->clientdb;
OM_uint32 minor;
gss_buffer_desc display_name = GSS_C_EMPTY_BUFFER;
@@ -742,7 +743,7 @@ _kdc_gss_check_client(astgs_request_t r,
if (krb5_principal_is_federated(r->context, r->client->entry.principal)) {
initiator->entry.flags.force_canonicalize = 1;
_kdc_free_ent(r->context, r->client);
_kdc_free_ent(r->context, clientdb, r->client);
r->client = initiator;
initiator = NULL;
} else if (!krb5_principal_compare(r->context,
@@ -760,7 +761,7 @@ _kdc_gss_check_client(astgs_request_t r,
out:
krb5_free_principal(r->context, initiator_princ);
if (initiator)
_kdc_free_ent(r->context, initiator);
_kdc_free_ent(r->context, r->clientdb, initiator);
gss_release_buffer(&minor, &display_name);
return ret;

2
kdc/hpropd.c

@@ -279,7 +279,7 @@ main(int argc, char **argv)
else
nprincs++;
}
hdb_free_entry(context, &entry);
hdb_free_entry(context, db, &entry);
}
if (!print_dump)
krb5_log(context, fac, 0, "Received %d principals", nprincs);

2
kdc/kdc.h

@@ -148,10 +148,12 @@ typedef struct krb5_kdc_configuration {
/* server principal */ \
krb5_principal server_princ; \
hdb_entry_ex *server; \
HDB *serverdb; \
\
/* presented ticket in TGS-REQ (unused by AS) */ \
krb5_principal *krbtgt_princ; \
hdb_entry_ex *krbtgt; \
HDB *krbtgtdb; \
krb5_ticket *ticket; \
\
krb5_keyblock reply_key; \

1
kdc/kdc_locl.h

@@ -88,6 +88,7 @@ struct astgs_request_desc {
krb5_crypto armor_crypto;
hdb_entry_ex *armor_server;
HDB *armor_serverdb;
krb5_ticket *armor_ticket;
Key *armor_key;

21
kdc/kerberos5.c

@@ -2022,11 +2022,13 @@ static krb5_error_code
get_local_tgs(krb5_context context,
krb5_kdc_configuration *config,
krb5_const_realm realm,
HDB **krbtgtdb,
hdb_entry_ex **krbtgt)
{
krb5_error_code ret;
krb5_principal tgs_name;
*krbtgtdb = NULL;
*krbtgt = NULL;
ret = krb5_make_principal(context,
@@ -2039,7 +2041,7 @@ get_local_tgs(krb5_context context,
return ret;
ret = _kdc_db_fetch(context, config, tgs_name,
HDB_F_GET_KRBTGT, NULL, NULL, krbtgt);
HDB_F_GET_KRBTGT, NULL, krbtgtdb, krbtgt);
krb5_free_principal(context, tgs_name);
return ret;
@@ -2066,7 +2068,6 @@ _kdc_as_rep(astgs_request_t r)
const PA_DATA *pa;
krb5_boolean is_tgs;
const char *msg;
hdb_entry_ex *krbtgt = NULL;
Key *krbtgt_key;
memset(rep, 0, sizeof(*rep));
@@ -2182,7 +2183,7 @@ _kdc_as_rep(astgs_request_t r)
ret = _kdc_db_fetch(r->context, config, r->server_princ,
HDB_F_GET_SERVER | HDB_F_DELAY_NEW_KEYS |
flags | (is_tgs ? HDB_F_GET_KRBTGT : 0),
NULL, NULL, &r->server);
NULL, &r->serverdb, &r->server);
switch (ret) {
case 0: /* Success */
break;
@@ -2386,11 +2387,11 @@ _kdc_as_rep(astgs_request_t r)
krbtgt_key = skey;
} else {
ret = get_local_tgs(r->context, config, r->server_princ->realm,
&krbtgt);
&r->krbtgtdb, &r->krbtgt);
if (ret)
goto out;
ret = _kdc_get_preferred_key(r->context, config, krbtgt,
ret = _kdc_get_preferred_key(r->context, config, r->krbtgt,
r->server_princ->realm,
NULL, &krbtgt_key);
if (ret)
@@ -2762,11 +2763,11 @@ out:
r->server_princ = NULL;
}
if (r->client)
_kdc_free_ent(r->context, r->client);
_kdc_free_ent(r->context, r->clientdb, r->client);
if (r->server)
_kdc_free_ent(r->context, r->server);
if (krbtgt)
_kdc_free_ent(r->context, krbtgt);
_kdc_free_ent(r->context, r->serverdb, r->server);
if (r->krbtgt)
_kdc_free_ent(r->context, r->krbtgtdb, r->krbtgt);
if (r->armor_crypto) {
krb5_crypto_destroy(r->context, r->armor_crypto);
r->armor_crypto = NULL;
@@ -2774,7 +2775,7 @@ out:
if (r->armor_ticket)
krb5_free_ticket(r->context, r->armor_ticket);
if (r->armor_server)
_kdc_free_ent(r->context, r->armor_server);
_kdc_free_ent(r->context, r->armor_serverdb, r->armor_server);
krb5_free_keyblock_contents(r->context, &r->reply_key);
krb5_free_keyblock_contents(r->context, &r->session_key);
krb5_free_keyblock_contents(r->context, &r->strengthen_key);

34
kdc/krb5tgs.c

@@ -958,7 +958,7 @@ tgs_parse_request(astgs_request_t r,
krbtgt_kvno = ap_req.ticket.enc_part.kvno ? *ap_req.ticket.enc_part.kvno : 0;
ret = _kdc_db_fetch(r->context, config, princ, HDB_F_GET_KRBTGT,
&krbtgt_kvno, NULL, &r->krbtgt);
&krbtgt_kvno, &r->krbtgtdb, &r->krbtgt);
if (ret == HDB_ERR_NOT_FOUND_HERE) {
/* XXX Factor out this unparsing of the same princ all over */
@@ -1335,7 +1335,7 @@ _kdc_db_fetch_client(krb5_context context,
krb5_free_error_message(context, msg);
} else if (client->entry.flags.invalid || !client->entry.flags.client) {
kdc_log(context, config, 4, "Client has invalid bit set");
_kdc_free_ent(context, client);
_kdc_free_ent(context, *clientdb, client);
return KRB5KDC_ERR_POLICY;
}
@@ -1361,6 +1361,7 @@ tgs_build_reply(astgs_request_t priv,
char *spn = NULL, *cpn = NULL, *krbtgt_out_n = NULL;
char *user2user_name = NULL;
hdb_entry_ex *server = NULL, *client = NULL;
HDB *user2user_krbtgtdb;
hdb_entry_ex *user2user_krbtgt = NULL;
HDB *clientdb;
HDB *serverdb = NULL;
@@ -1379,6 +1380,7 @@ tgs_build_reply(astgs_request_t priv,
char **capath = NULL;
size_t num_capath = 0;
HDB *krbtgt_outdb;
hdb_entry_ex *krbtgt_out = NULL;
PrincipalName *s;
@@ -1442,12 +1444,13 @@ tgs_build_reply(astgs_request_t priv,
server_lookup:
priv->server = NULL;
if (server)
_kdc_free_ent(context, server);
_kdc_free_ent(context, serverdb, server);
server = NULL;
ret = _kdc_db_fetch(context, config, priv->server_princ,
HDB_F_GET_SERVER | HDB_F_DELAY_NEW_KEYS | flags,
NULL, &serverdb, &server);
priv->server = server;
priv->serverdb = serverdb;
if (ret == HDB_ERR_NOT_FOUND_HERE) {
kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", spn);
_kdc_audit_addreason((kdc_request_t)priv, "Target not found here");
@@ -1608,7 +1611,7 @@ server_lookup:
}
ret = _kdc_db_fetch(context, config, krbtgt_out_principal,
HDB_F_GET_KRBTGT, NULL, NULL, &krbtgt_out);
HDB_F_GET_KRBTGT, NULL, &krbtgt_outdb, &krbtgt_out);
if (ret) {
char *ktpn = NULL;
ret = krb5_unparse_name(context, priv->krbtgt->entry.principal, &ktpn);
@@ -1635,6 +1638,7 @@ server_lookup:
krb5uint32 second_kvno = 0;
krb5uint32 *kvno_ptr = NULL;
size_t i;
HDB *user2user_db;
hdb_entry_ex *user2user_client = NULL;
krb5_boolean user2user_kdc_issued = FALSE;
char *tpn;
@@ -1670,7 +1674,7 @@ server_lookup:
}
ret = _kdc_db_fetch(context, config, p,
HDB_F_GET_KRBTGT, kvno_ptr,
NULL, &user2user_krbtgt);
&user2user_krbtgtdb, &user2user_krbtgt);
krb5_free_principal(context, p);
if(ret){
if (ret == HDB_ERR_NOENTRY)
@@ -1724,7 +1728,7 @@ server_lookup:
*/
ret = _kdc_db_fetch(context, config, user2user_princ,
HDB_F_GET_CLIENT | flags,
NULL, NULL, &user2user_client);
NULL, &user2user_db, &user2user_client);
if (ret == HDB_ERR_NOENTRY)
ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
if (ret)
@@ -1745,7 +1749,7 @@ server_lookup:
user2user_client,
NULL);
if (ret) {
_kdc_free_ent(context, user2user_client);
_kdc_free_ent(context, user2user_db, user2user_client);
goto out;
}
@@ -1760,7 +1764,7 @@ server_lookup:
user2user_client,
user2user_princ);
if (ret) {
_kdc_free_ent(context, user2user_client);
_kdc_free_ent(context, user2user_db, user2user_client);
goto out;
}
@@ -1769,7 +1773,7 @@ server_lookup:
user2user_client, user2user_krbtgt, user2user_krbtgt, user2user_krbtgt,
&uukey->key, &priv->ticket_key->key, &adtkt,
&user2user_kdc_issued, &user2user_pac, NULL, NULL);
_kdc_free_ent(context, user2user_client);
_kdc_free_ent(context, user2user_db, user2user_client);
if (ret) {
const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0,
@@ -2048,9 +2052,9 @@ out:
krb5_free_keyblock_contents(context, &sessionkey);
if(krbtgt_out)
_kdc_free_ent(context, krbtgt_out);
_kdc_free_ent(context, krbtgt_outdb, krbtgt_out);
if(user2user_krbtgt)
_kdc_free_ent(context, user2user_krbtgt);
_kdc_free_ent(context, user2user_krbtgtdb, user2user_krbtgt);
krb5_free_principal(context, user2user_princ);
krb5_free_principal(context, krbtgt_out_principal);
@@ -2202,20 +2206,20 @@ out:
if (r->armor_ticket)
krb5_free_ticket(r->context, r->armor_ticket);
if (r->armor_server)
_kdc_free_ent(r->context, r->armor_server);
_kdc_free_ent(r->context, r->armor_serverdb, r->armor_server);
krb5_free_keyblock_contents(r->context, &r->reply_key);
krb5_free_keyblock_contents(r->context, &r->strengthen_key);
if (r->ticket)
krb5_free_ticket(r->context, r->ticket);
if (r->krbtgt)
_kdc_free_ent(r->context, r->krbtgt);
_kdc_free_ent(r->context, r->krbtgtdb, r->krbtgt);
if (r->client)
_kdc_free_ent(r->context, r->client);
_kdc_free_ent(r->context, r->clientdb, r->client);
krb5_free_principal(r->context, r->client_princ);
if (r->server)
_kdc_free_ent(r->context, r->server);
_kdc_free_ent(r->context, r->serverdb, r->server);
krb5_free_principal(r->context, r->server_princ);
_kdc_free_fast_state(&r->fast);
krb5_pac_free(r->context, r->pac);

5
kdc/kx509.c

@@ -253,6 +253,7 @@ is_local_realm(krb5_context context,
{
krb5_error_code ret;
krb5_principal tgs;
HDB *db;
hdb_entry_ex *ent = NULL;
ret = krb5_make_principal(context, &tgs, realm, KRB5_TGS_NAME, realm,
@@ -261,9 +262,9 @@ is_local_realm(krb5_context context,
return ret;
if (ret == 0)
ret = _kdc_db_fetch(context, reqctx->config, tgs, HDB_F_GET_KRBTGT,
NULL, NULL, &ent);
NULL, &db, &ent);
if (ent)
_kdc_free_ent(context, ent);
_kdc_free_ent(context, db, ent);
krb5_free_principal(context, tgs);
if (ret == HDB_ERR_NOENTRY || ret == HDB_ERR_NOT_FOUND_HERE)
return KRB5KRB_AP_ERR_NOT_US;

6
kdc/misc.c

@@ -117,7 +117,7 @@ synthesize_client(krb5_context context,
*(e->entry.max_life) = config->synthetic_clients_max_life;
*h = e;
} else {
hdb_free_entry(context, e);
hdb_free_entry(context, &null_db, e);
}
return ret;
}
@@ -246,9 +246,9 @@ out:
}
KDC_LIB_FUNCTION void KDC_LIB_CALL
_kdc_free_ent(krb5_context context, hdb_entry_ex *ent)
_kdc_free_ent(krb5_context context, HDB *db, hdb_entry_ex *ent)
{
hdb_free_entry (context, ent);
hdb_free_entry (context, db, ent);
free (ent);
}

2
kdc/mit_dump.c

@@ -209,7 +209,7 @@ mit_prop_dump(void *arg, const char *file)
continue;
}
ret = v5_prop(pd->context, NULL, &ent, arg);
hdb_free_entry(pd->context, &ent);
hdb_free_entry(pd->context, NULL, &ent); /* XXX */
if (ret) break;
}

18
kdc/mssfu.c

@@ -100,6 +100,7 @@ static void
update_client_names(astgs_request_t r,
char **s4ucname,
krb5_principal *s4u_client_name,
HDB **s4u_clientdb,
hdb_entry_ex **s4u_client,
krb5_principal *s4u_canon_client_name,
krb5_pac *s4u_pac)
@@ -111,9 +112,11 @@ update_client_names(astgs_request_t r,
r->client_princ = *s4u_client_name;
*s4u_client_name = NULL;
_kdc_free_ent(r->context, r->client);
_kdc_free_ent(r->context, r->clientdb, r->client);
r->client = *s4u_client;
*s4u_client = NULL;
r->clientdb = *s4u_clientdb;
*s4u_clientdb = NULL;
krb5_free_principal(r->context, r->canon_client_princ);
r->canon_client_princ = *s4u_canon_client_name;
@@ -334,12 +337,13 @@ validate_protocol_transition(astgs_request_t r)
* impersonated client. (The audit entry containing the original
* client name will have been created before this point.)
*/
update_client_names(r, &s4ucname, &s4u_client_name, &s4u_client,
update_client_names(r, &s4ucname, &s4u_client_name,
&s4u_clientdb, &s4u_client,
&s4u_canon_client_name, &s4u_pac);
out:
if (s4u_client)
_kdc_free_ent(r->context, s4u_client);
_kdc_free_ent(r->context, s4u_clientdb, s4u_client);
krb5_free_principal(r->context, s4u_client_name);
krb5_xfree(s4ucname);
krb5_free_principal(r->context, s4u_canon_client_name);
@@ -368,6 +372,7 @@ validate_constrained_delegation(astgs_request_t r)
uint64_t s4u_pac_attributes;
char *s4ucname = NULL, *s4usname = NULL;
EncTicketPart evidence_tkt;
HDB *s4u_clientdb;
hdb_entry_ex *s4u_client = NULL;
krb5_boolean ad_kdc_issued = FALSE;
Key *clientkey;
@@ -476,7 +481,7 @@ validate_constrained_delegation(astgs_request_t r)
/* Try lookup the delegated client in DB */
ret = _kdc_db_fetch_client(r->context, r->config, flags,
s4u_client_name, s4ucname, local_realm,
NULL, &s4u_client);
&s4u_clientdb, &s4u_client);
if (ret)
goto out;
@@ -539,13 +544,14 @@ validate_constrained_delegation(astgs_request_t r)
* impersonated client. (The audit entry containing the original
* client name will have been created before this point.)
*/
update_client_names(r, &s4ucname, &s4u_client_name, &s4u_client,
update_client_names(r, &s4ucname, &s4u_client_name,
&s4u_clientdb, &s4u_client,
&s4u_canon_client_name, &s4u_pac);
r->pac_attributes = s4u_pac_attributes;
out:
if (s4u_client)
_kdc_free_ent(r->context, s4u_client);
_kdc_free_ent(r->context, s4u_clientdb, s4u_client);
krb5_free_principal(r->context, s4u_client_name);
krb5_xfree(s4ucname);
krb5_free_principal(r->context, s4u_server_name);

5
lib/hdb/Makefile.am

@@ -146,10 +146,7 @@ $(srcdir)/hdb-private.h: $(dist_libhdb_la_SOURCES)
$(gen_files_hdb) hdb_asn1.h hdb_asn1-priv.h: hdb_asn1_files
hdb_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/hdb.asn1
$(ASN1_COMPILE) --sequence=HDB-extensions \
--sequence=HDB-Ext-KeyRotation \
--sequence=HDB-Ext-KeySet \
--sequence=Keys $(srcdir)/hdb.asn1 hdb_asn1
$(ASN1_COMPILE) --option-file=$(srcdir)/hdb.opt $(srcdir)/hdb.asn1 hdb_asn1
# to help stupid solaris make

2
lib/hdb/NTMakefile

@@ -37,7 +37,7 @@ intcflags=-DASN1_LIB
$(OBJ)\asn1_hdb_asn1.c $(OBJ)\hdb_asn1.h $(OBJ)\hdb_asn1-priv.h: $(BINDIR)\asn1_compile.exe hdb.asn1
cd $(OBJ)
$(BINDIR)\asn1_compile.exe --sequence=HDB-extensions --sequence=HDB-Ext-KeyRotation --sequence=HDB-Ext-KeySet --sequence=Keys --one-code-file $(SRCDIR)\hdb.asn1 hdb_asn1
$(BINDIR)\asn1_compile.exe --one-code-file --option-file=$(SRCDIR)\hdb.opt $(SRCDIR)\hdb.asn1 hdb_asn1
cd $(SRCDIR)
!ifdef OPENLDAP_MODULE

12
lib/hdb/common.c

@@ -233,13 +233,13 @@ _hdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal,
/* Decrypt the current keys */
ret = hdb_unseal_keys(context, db, &entry->entry);
if (ret) {
hdb_free_entry(context, entry);
hdb_free_entry(context, db, entry);
return ret;
}
/* Decrypt the key history too */
ret = hdb_unseal_keys_kvno(context, db, 0, flags, &entry->entry);
if (ret) {
hdb_free_entry(context, entry);
hdb_free_entry(context, db, entry);
return ret;
}
} else if ((flags & HDB_F_DECRYPT)) {
@@ -247,7 +247,7 @@ _hdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal,
/* Decrypt the current keys */
ret = hdb_unseal_keys(context, db, &entry->entry);
if (ret) {
hdb_free_entry(context, entry);
hdb_free_entry(context, db, entry);
return ret;
}
} else {
@@ -259,7 +259,7 @@ _hdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal,
*/
ret = hdb_unseal_keys_kvno(context, db, kvno, flags, &entry->entry);
if (ret) {
hdb_free_entry(context, entry);
hdb_free_entry(context, db, entry);
return ret;
}
}
@@ -273,7 +273,7 @@ _hdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal,
*/
ret = add_default_salts(context, db, &entry->entry);
if (ret) {
hdb_free_entry(context, entry);
hdb_free_entry(context, db, entry);
return ret;
}
}
@@ -1567,7 +1567,7 @@ fetch_it(krb5_context context,
ret = pick_kvno(context, db, flags, t, kvno, ent);
}
if (ret)
hdb_free_entry(context, ent);
hdb_free_entry(context, db, ent);
krb5_free_principal(context, nsprinc);
free(host);
return ret;

4
lib/hdb/db.c

@@ -143,14 +143,14 @@ DB_seq(krb5_context context, HDB *db,
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
code = hdb_unseal_keys (context, db, &entry->entry);
if (code)
hdb_free_entry (context, entry);
hdb_free_entry (context, db, entry);
}
if (code == 0 && entry->entry.principal == NULL) {
entry->entry.principal = malloc(sizeof(*entry->entry.principal));
if (entry->entry.principal == NULL) {
code = ENOMEM;
krb5_set_error_message(context, code, "malloc: out of memory");
hdb_free_entry (context, entry);
hdb_free_entry (context, db, entry);
} else {
hdb_key2principal(context, &key_data, entry->entry.principal);
}

4
lib/hdb/db3.c

@@ -161,12 +161,12 @@ DB_seq(krb5_context context, HDB *db,
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
code = hdb_unseal_keys (context, db, &entry->entry);
if (code)
hdb_free_entry (context, entry);
hdb_free_entry (context, db, entry);
}
if (entry->entry.principal == NULL) {
entry->entry.principal = malloc(sizeof(*entry->entry.principal));
if (entry->entry.principal == NULL) {
hdb_free_entry (context, entry);
hdb_free_entry (context, db, entry);
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
} else {

8
lib/hdb/hdb-ldap.c

@@ -767,7 +767,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
}
if (msg)
hdb_free_entry(context, &orig);
hdb_free_entry(context, db, &orig);
return ret;
}
@@ -1467,7 +1467,7 @@ out:
free(ntPasswordIN);
if (ret)
hdb_free_entry(context, ent);
hdb_free_entry(context, db, ent);
return ret;
}
@@ -1552,7 +1552,7 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry)
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
ret = hdb_unseal_keys(context, db, &entry->entry);
if (ret)
hdb_free_entry(context, entry);
hdb_free_entry(context, db, entry);
}
}
@@ -1712,7 +1712,7 @@ LDAP_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal,
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
ret = hdb_unseal_keys(context, db, &entry->entry);
if (ret)
hdb_free_entry(context, entry);
hdb_free_entry(context, db, entry);
}
}

4
lib/hdb/hdb-mdb.c

@@ -411,12 +411,12 @@ DB_seq(krb5_context context, HDB *db,
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
code = hdb_unseal_keys (context, db, &entry->entry);
if (code)
hdb_free_entry (context, entry);
hdb_free_entry (context, db, entry);
}
if (entry->entry.principal == NULL) {
entry->entry.principal = malloc(sizeof(*entry->entry.principal));
if (entry->entry.principal == NULL) {
hdb_free_entry (context, entry);
hdb_free_entry (context, db, entry);
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
} else {

4
lib/hdb/hdb-mitdb.c

@@ -802,7 +802,7 @@ mdb_seq(krb5_context context, HDB *db,
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
code = hdb_unseal_keys (context, db, &entry->entry);
if (code)
hdb_free_entry (context, entry);
hdb_free_entry (context, db, entry);
}
return code;
@@ -961,7 +961,7 @@ mdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal,
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
ret = hdb_unseal_keys (context, db, &entry->entry);
if (ret) {
hdb_free_entry(context, entry);
hdb_free_entry(context, db, entry);
return ret;
}
}

2
lib/hdb/hdb-sqlite.c

@@ -548,7 +548,7 @@ hdb_sqlite_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal princi
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
ret = hdb_unseal_keys(context, db, &entry->entry);
if(ret) {
hdb_free_entry(context, entry);
hdb_free_entry(context, db, entry);
goto out;
}
}

8
lib/hdb/hdb.c

@@ -397,13 +397,13 @@ hdb_unlock(int fd)
}
void
hdb_free_entry(krb5_context context, hdb_entry_ex *ent)
hdb_free_entry(krb5_context context, HDB *db, hdb_entry_ex *ent)
{
Key *k;
size_t i;
if (ent->free_entry)
(*ent->free_entry)(context, ent);
if (db && db->hdb_free_entry_context)
db->hdb_free_entry_context(context, db, ent);
for(i = 0; i < ent->entry.keys.len; i++) {
k = &ent->entry.keys.val[i];
@@ -430,7 +430,7 @@ hdb_foreach(krb5_context context,
krb5_clear_error_message(context);
while(ret == 0){
ret = (*func)(context, db, &entry, data);
hdb_free_entry(context, &entry);
hdb_free_entry(context, db, &entry);
if(ret == 0)
ret = db->hdb_nextkey(context, db, flags, &entry);
}

6
lib/hdb/hdb.h

@@ -110,9 +110,7 @@ typedef struct hdb_master_key_data *hdb_master_key;
*/
typedef struct hdb_entry_ex {
void *ctx;
hdb_entry entry;
void (*free_entry)(krb5_context, struct hdb_entry_ex *);
} hdb_entry_ex;
@@ -165,9 +163,9 @@ typedef struct HDB {
*/
krb5_error_code (*hdb_close)(krb5_context, struct HDB*);
/**
* Free an entry after use.
* Free backend-specific entry context.
*/
void (*hdb_free)(krb5_context, struct HDB*, hdb_entry_ex*);
void (*hdb_free_entry_context)(krb5_context, struct HDB*, hdb_entry_ex*);
/**
* Fetch an entry from the backend
*

5
lib/hdb/hdb.opt Normal file

@@ -0,0 +1,5 @@
--sequence=HDB-extensions
--sequence=HDB-Ext-KeyRotation
--sequence=HDB-Ext-KeySet
--sequence=Keys
--decorate=HDB_entry:void:context?:::

12
lib/hdb/keytab.c

@@ -227,7 +227,7 @@ hdb_get_entry(krb5_context context,
goto out;
if(kvno && (krb5_kvno)ent.entry.kvno != kvno) {
hdb_free_entry(context, &ent);
hdb_free_entry(context, db, &ent);
ret = KRB5_KT_NOTFOUND;
goto out;
}
@@ -246,7 +246,7 @@ hdb_get_entry(krb5_context context,
break;
}
}
hdb_free_entry(context, &ent);
hdb_free_entry(context, db, &ent);
out:
(*db->hdb_close)(context, db);
(*db->hdb_destroy)(context, db);
@@ -337,7 +337,7 @@ hdb_next_entry(krb5_context context,
return ret;
if (c->hdb_entry.entry.keys.len == 0)
hdb_free_entry(context, &c->hdb_entry);
hdb_free_entry(context, c->db, &c->hdb_entry);
else
c->next = FALSE;
}
@@ -354,7 +354,7 @@ hdb_next_entry(krb5_context context,
/* If no keys on this entry, try again */
if (c->hdb_entry.entry.keys.len == 0)
hdb_free_entry(context, &c->hdb_entry);
hdb_free_entry(context, c->db, &c->hdb_entry);
else
c->next = FALSE;
}
@@ -387,7 +387,7 @@ hdb_next_entry(krb5_context context,
*/
if ((size_t)c->key_idx == c->hdb_entry.entry.keys.len) {
hdb_free_entry(context, &c->hdb_entry);
hdb_free_entry(context, c->db, &c->hdb_entry);
c->next = TRUE;
c->key_idx = 0;
}
@@ -404,7 +404,7 @@ hdb_end_seq_get(krb5_context context,
struct hdb_cursor *c = cursor->data;
if (!c->next)
hdb_free_entry(context, &c->hdb_entry);
hdb_free_entry(context, c->db, &c->hdb_entry);
(c->db->hdb_close)(context, c->db);
(c->db->hdb_destroy)(context, c->db);

4
lib/hdb/ndbm.c

@@ -104,12 +104,12 @@ NDBM_seq(krb5_context context, HDB *db,
if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
ret = hdb_unseal_keys (context, db, &entry->entry);
if (ret)
hdb_free_entry (context, entry);
hdb_free_entry (context, db, entry);
}
if (ret == 0 && entry->entry.principal == NULL) {
entry->entry.principal = malloc (sizeof(*entry->entry.principal));
if (entry->entry.principal == NULL) {
hdb_free_entry (context, entry);
hdb_free_entry (context, db, entry);
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
} else {

6
lib/hdb/test_namespace.c

@@ -346,8 +346,6 @@ make_namespace(krb5_context context, HDB *db, const char *name)
/* Setup the HDB entry */
memset(&e, 0, sizeof(e));
e.ctx = 0;
e.free_entry = 0;
e.entry.created_by.time = krs[0].epoch;
e.entry.valid_start = e.entry.valid_end = e.entry.pw_end = 0;
e.entry.generation = 0;
@@ -424,7 +422,7 @@ make_namespace(krb5_context context, HDB *db, const char *name)
if (ret)
krb5_err(context, 1, ret, "failed to setup a namespace principal");
free_Key(&k);
hdb_free_entry(context, &e);
hdb_free_entry(context, db, &e);
}
#define WK_PREFIX "WELLKNOWN/" HDB_WK_NAMESPACE "/"
@@ -936,7 +934,7 @@ main(int argc, char **argv)
/* Cleanup */
for (i = 0; ret == 0 && i < sizeof(e) / sizeof(e[0]); i++)
hdb_free_entry(context, &e[i]);
hdb_free_entry(context, db, &e[i]);
db->hdb_destroy(context, db);
krb5_free_context(context);
return 0;

4
lib/kadm5/chpass_s.c

@@ -249,7 +249,7 @@ change(void *server_handle,
n_ks_tuple, ks_tuple, password);
out3:
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
out2:
(void) kadm5_log_end(context);
out:
@@ -437,7 +437,7 @@ kadm5_s_chpass_principal_with_key(void *server_handle,
n_key_data, key_data);
out3:
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
out2:
(void) kadm5_log_end(context);
out:

8
lib/kadm5/create_s.c

@@ -194,7 +194,7 @@ kadm5_s_create_principal_with_key(void *server_handle,
if (!context->keep_open) {
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if (ret) {
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
return ret;
}
}
@@ -227,7 +227,7 @@ kadm5_s_create_principal_with_key(void *server_handle,
if (ret == 0 && ret2 != 0)
ret = ret2;
}
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
return _kadm5_error_code(ret);
}
@@ -315,7 +315,7 @@ kadm5_s_create_principal(void *server_handle,
if (!context->keep_open) {
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if (ret) {
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
return ret;
}
}
@@ -351,7 +351,7 @@ kadm5_s_create_principal(void *server_handle,
if (ret == 0 && ret2 != 0)
ret = ret2;
}
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
return _kadm5_error_code(ret);
}

2
lib/kadm5/delete_s.c

@@ -131,7 +131,7 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
(void) delete_principal_hook(context, KADM5_HOOK_STAGE_POSTCOMMIT, ret, princ);
out3:
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
out2:
(void) kadm5_log_end(context);
out:

2
lib/kadm5/get_s.c

@@ -404,7 +404,7 @@ kadm5_s_get_principal(void *server_handle,
out:
if (ret)
kadm5_free_principal_ent(context, out);
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
return _kadm5_error_code(ret);
}

2
lib/kadm5/ipropd_slave.c

@@ -589,7 +589,7 @@ receive_everything(krb5_context context, int fd,
if (ret)
krb5_err(context, IPROPD_RESTART_SLOW, ret, "hdb_store");
hdb_free_entry(context, &entry);
hdb_free_entry(context, mydb, &entry);
krb5_data_free(&data);
} else if (opcode == NOW_YOU_HAVE)
;

18
lib/kadm5/log.c

@@ -979,8 +979,6 @@ kadm5_log_create(kadm5_server_context *context, hdb_entry *entry)
memset(&existing, 0, sizeof(existing));
memset(&ent, 0, sizeof(ent));
ent.ctx = 0;
ent.free_entry = 0;
ent.entry = *entry;
/*
@@ -993,11 +991,11 @@ kadm5_log_create(kadm5_server_context *context, hdb_entry *entry)
return ret;
if (ret == 0 && !ent.entry.flags.materialize &&
(existing.entry.flags.virtual || existing.entry.flags.virtual_keys)) {
hdb_free_entry(context->context, &existing);
hdb_free_entry(context->context, context->db, &existing);
return HDB_ERR_EXISTS;
}
if (ret == 0)
hdb_free_entry(context->context, &existing);
hdb_free_entry(context->context, context->db, &existing);
ent.entry.flags.materialize = 0; /* Clear in stored entry */
/*
@@ -1076,7 +1074,7 @@ kadm5_log_replay_create(kadm5_server_context *context,
return ret;
}
ret = context->db->hdb_store(context->context, context->db, 0, &ent);
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
return ret;
}
@@ -1202,8 +1200,6 @@ kadm5_log_rename(kadm5_server_context *context,
kadm5_log_context *log_context = &context->log_context;
memset(&ent, 0, sizeof(ent));
ent.ctx = 0;
ent.free_entry = 0;
ent.entry = *entry;
if (strcmp(log_context->log_file, "/dev/null") == 0) {
@@ -1340,7 +1336,7 @@ kadm5_log_replay_rename(kadm5_server_context *context,
}
ret = context->db->hdb_store(context->context, context->db,
0, &target_ent);
hdb_free_entry(context->context, &target_ent);
hdb_free_entry(context->context, context->db, &target_ent);
if (ret) {
krb5_free_principal(context->context, source);
return ret;
@@ -1368,8 +1364,6 @@ kadm5_log_modify(kadm5_server_context *context,
kadm5_log_context *log_context = &context->log_context;
memset(&ent, 0, sizeof(ent));
ent.ctx = 0;
ent.free_entry = 0;
ent.entry = *entry;
if (strcmp(log_context->log_file, "/dev/null") == 0)
@@ -1641,8 +1635,8 @@ kadm5_log_replay_modify(kadm5_server_context *context,
ret = context->db->hdb_store(context->context, context->db,
HDB_F_REPLACE, &ent);
out:
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, &log_ent);
hdb_free_entry(context->context, context->db, &ent);
hdb_free_entry(context->context, context->db, &log_ent);
return ret;
}

2
lib/kadm5/modify_s.c

@@ -188,7 +188,7 @@ modify_principal(void *server_handle,
ret, princ, mask);
out3:
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
out2:
(void) kadm5_log_end(context);
out:

2
lib/kadm5/prune_s.c

@@ -135,7 +135,7 @@ kadm5_s_prune_principal(void *server_handle,
ret, princ, kvno);
out3:
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
out2:
(void) kadm5_log_end(context);
out:

2
lib/kadm5/randkey_s.c

@@ -190,7 +190,7 @@ kadm5_s_randkey_principal(void *server_handle,
*n_keys = 0;
}
out3:
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
out2:
(void) kadm5_log_end(context);
out:

2
lib/kadm5/rename_s.c

@@ -170,7 +170,7 @@ kadm5_s_rename_principal(void *server_handle,
out3:
ent.entry.principal = oldname; /* Unborrow target */
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
out2:
(void) kadm5_log_end(context);

2
lib/kadm5/setkey3_s.c

@@ -212,7 +212,7 @@ kadm5_s_setkey_principal_3(void *server_handle,
princ, keepold, n_ks_tuple, ks_tuple,
n_keys, keyblocks);
hdb_free_entry(context->context, &ent);
hdb_free_entry(context->context, context->db, &ent);
(void) kadm5_log_end(context);
if (!context->keep_open)
context->db->hdb_close(context->context, context->db);