diff --git a/kadmin/load.c b/kadmin/load.c index 7f434fc15..10dae5578 100644 --- a/kadmin/load.c +++ b/kadmin/load.c @@ -519,7 +519,7 @@ doit(const char *filename, int mergep) if (parse_keys(&ent.entry, e.key)) { fprintf (stderr, "%s:%d:error parsing keys (%s)\n", filename, lineno, e.key); - hdb_free_entry (context, &ent); + hdb_free_entry (context, db, &ent); ret = 1; continue; } @@ -527,35 +527,35 @@ doit(const char *filename, int mergep) if (parse_event(&ent.entry.created_by, e.created) == -1) { fprintf (stderr, "%s:%d:error parsing created event (%s)\n", filename, lineno, e.created); - hdb_free_entry (context, &ent); + hdb_free_entry (context, db, &ent); ret = 1; continue; } if (parse_event_alloc (&ent.entry.modified_by, e.modified) == -1) { fprintf (stderr, "%s:%d:error parsing event (%s)\n", filename, lineno, e.modified); - hdb_free_entry (context, &ent); + hdb_free_entry (context, db, &ent); ret = 1; continue; } if (parse_time_string_alloc (&ent.entry.valid_start, e.valid_start) == -1) { fprintf (stderr, "%s:%d:error parsing time (%s)\n", filename, lineno, e.valid_start); - hdb_free_entry (context, &ent); + hdb_free_entry (context, db, &ent); ret = 1; continue; } if (parse_time_string_alloc (&ent.entry.valid_end, e.valid_end) == -1) { fprintf (stderr, "%s:%d:error parsing time (%s)\n", filename, lineno, e.valid_end); - hdb_free_entry (context, &ent); + hdb_free_entry (context, db, &ent); ret = 1; continue; } if (parse_time_string_alloc (&ent.entry.pw_end, e.pw_end) == -1) { fprintf (stderr, "%s:%d:error parsing time (%s)\n", filename, lineno, e.pw_end); - hdb_free_entry (context, &ent); + hdb_free_entry (context, db, &ent); ret = 1; continue; } @@ -563,7 +563,7 @@ doit(const char *filename, int mergep) if (parse_integer_alloc (&ent.entry.max_life, e.max_life) == -1) { fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n", filename, lineno, e.max_life); - hdb_free_entry (context, &ent); + hdb_free_entry (context, db, &ent); ret = 1; continue; @@ -571,7 +571,7 @@ doit(const char *filename, int mergep) if (parse_integer_alloc (&ent.entry.max_renew, e.max_renew) == -1) { fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n", filename, lineno, e.max_renew); - hdb_free_entry (context, &ent); + hdb_free_entry (context, db, &ent); ret = 1; continue; } @@ -579,7 +579,7 @@ doit(const char *filename, int mergep) if (parse_hdbflags2int (&ent.entry.flags, e.flags) != 1) { fprintf (stderr, "%s:%d:error parsing flags (%s)\n", filename, lineno, e.flags); - hdb_free_entry (context, &ent); + hdb_free_entry (context, db, &ent); ret = 1; continue; } @@ -587,7 +587,7 @@ doit(const char *filename, int mergep) if(parse_generation(e.generation, &ent.entry.generation) == -1) { fprintf (stderr, "%s:%d:error parsing generation (%s)\n", filename, lineno, e.generation); - hdb_free_entry (context, &ent); + hdb_free_entry (context, db, &ent); ret = 1; continue; } @@ -595,13 +595,13 @@ doit(const char *filename, int mergep) if (parse_extensions(&e.extensions, &ent.entry.extensions) == -1) { fprintf (stderr, "%s:%d:error parsing extension (%s)\n", filename, lineno, e.extensions); - hdb_free_entry (context, &ent); + hdb_free_entry (context, db, &ent); ret = 1; continue; } ret2 = db->hdb_store(context, db, HDB_F_REPLACE, &ent); - hdb_free_entry (context, &ent); + hdb_free_entry (context, db, &ent); if (ret2) { krb5_warn(context, ret2, "db_store"); break; diff --git a/kdc/digest-service.c b/kdc/digest-service.c index 3a4f4c551..a61b2c7e3 100644 --- a/kdc/digest-service.c +++ b/kdc/digest-service.c @@ -61,6 +61,7 @@ ntlm_service(void *ctx, const heim_idata *req, heim_idata rep = { 0, NULL }; krb5_context context = ctx; hdb_entry_ex *user = NULL; + HDB *db = NULL; Key *key = NULL; NTLMReply ntp; size_t size; @@ -113,7 +114,7 @@ ntlm_service(void *ctx, const heim_idata *req, krb5_principal_set_type(context, client, KRB5_NT_NTLM); ret = _kdc_db_fetch(context, config, client, - HDB_F_GET_CLIENT, NULL, NULL, &user); + HDB_F_GET_CLIENT, NULL, &db, &user); krb5_free_principal(context, client); if (ret) goto failed; @@ -213,7 +214,7 @@ ntlm_service(void *ctx, const heim_idata *req, free_NTLMRequest2(&ntq); if (user) - _kdc_free_ent (context, user); + _kdc_free_ent (context, db, user); } static int help_flag; diff --git a/kdc/digest.c b/kdc/digest.c index 8f7bdb0b4..0f620df7d 100644 --- a/kdc/digest.c +++ b/kdc/digest.c @@ -190,7 +190,7 @@ get_password_entry(krb5_context context, } memset(user, 0, sizeof(*user)); } - _kdc_free_ent (context, user); + _kdc_free_ent (context, db, user); return ret; } @@ -217,7 +217,9 @@ _kdc_do_digest(krb5_context context, size_t size; krb5_storage *sp = NULL; Checksum res; + HDB *serverdb, *userdb; hdb_entry_ex *server = NULL, *user = NULL; + HDB *clientdb; hdb_entry_ex *client = NULL; char *client_name = NULL, *password = NULL; krb5_data serverNonce; @@ -292,7 +294,7 @@ _kdc_do_digest(krb5_context context, krb5_clear_error_message(context); ret = _kdc_db_fetch(context, config, principal, - HDB_F_GET_SERVER, NULL, NULL, &server); + HDB_F_GET_SERVER, NULL, &serverdb, &server); if (ret) goto out; @@ -314,7 +316,7 @@ _kdc_do_digest(krb5_context context, } ret = _kdc_db_fetch(context, config, principal, - HDB_F_GET_CLIENT, NULL, NULL, &client); + HDB_F_GET_CLIENT, NULL, &clientdb, &client); krb5_free_principal(context, principal); if (ret) goto out; @@ -877,7 +879,7 @@ _kdc_do_digest(krb5_context context, goto failed; ret = _kdc_db_fetch(context, config, clientprincipal, - HDB_F_GET_CLIENT, NULL, NULL, &user); + HDB_F_GET_CLIENT, NULL, &userdb, &user); krb5_free_principal(context, clientprincipal); if (ret) { krb5_set_error_message(context, ret, @@ -1163,7 +1165,7 @@ _kdc_do_digest(krb5_context context, goto failed; ret = _kdc_db_fetch(context, config, clientprincipal, - HDB_F_GET_CLIENT, NULL, NULL, &user); + HDB_F_GET_CLIENT, NULL, &userdb, &user); krb5_free_principal(context, clientprincipal); if (ret) { krb5_set_error_message(context, ret, "NTLM user %s not in database", @@ -1494,11 +1496,11 @@ _kdc_do_digest(krb5_context context, if (sp) krb5_storage_free(sp); if (user) - _kdc_free_ent (context, user); + _kdc_free_ent (context, userdb, user); if (server) - _kdc_free_ent (context, server); + _kdc_free_ent (context, serverdb, server); if (client) - _kdc_free_ent (context, client); + _kdc_free_ent (context, clientdb, client); if (password) { memset(password, 0, strlen(password)); free (password); diff --git a/kdc/fast.c b/kdc/fast.c index 196965573..80f19c60b 100644 --- a/kdc/fast.c +++ b/kdc/fast.c @@ -108,6 +108,7 @@ get_fastuser_crypto(astgs_request_t r, krb5_crypto *crypto) { krb5_principal fast_princ; + HDB *fast_db; hdb_entry_ex *fast_user = NULL; Key *cookie_key = NULL; krb5_crypto fast_crypto = NULL; @@ -122,7 +123,7 @@ get_fastuser_crypto(astgs_request_t r, goto out; ret = _kdc_db_fetch(r->context, r->config, fast_princ, - HDB_F_GET_FAST_COOKIE, NULL, NULL, &fast_user); + HDB_F_GET_FAST_COOKIE, NULL, &fast_db, &fast_user); if (ret) goto out; @@ -148,7 +149,7 @@ get_fastuser_crypto(astgs_request_t r, out: if (fast_user) - _kdc_free_ent(r->context, fast_user); + _kdc_free_ent(r->context, fast_db, fast_user); if (fast_crypto) krb5_crypto_destroy(r->context, fast_crypto); krb5_free_principal(r->context, fast_princ); @@ -549,7 +550,7 @@ fast_unwrap_request(astgs_request_t r, ret = _kdc_db_fetch(r->context, r->config, armor_server_principal, HDB_F_GET_KRBTGT | HDB_F_DELAY_NEW_KEYS, (krb5uint32 *)ap_req.ticket.enc_part.kvno, - NULL, &r->armor_server); + &r->armor_serverdb, &r->armor_server); if(ret == HDB_ERR_NOT_FOUND_HERE) { free_AP_REQ(&ap_req); kdc_log(r->context, r->config, 5, @@ -834,6 +835,7 @@ _kdc_fast_check_armor_pac(astgs_request_t r) krb5_boolean ad_kdc_issued = FALSE; krb5_pac mspac = NULL; krb5_principal armor_client_principal = NULL; + HDB *armor_db; hdb_entry_ex *armor_client = NULL; char *armor_client_principal_name = NULL; @@ -857,7 +859,7 @@ _kdc_fast_check_armor_pac(astgs_request_t r) ret = _kdc_db_fetch_client(r->context, r->config, flags, armor_client_principal, armor_client_principal_name, - r->req.req_body.realm, NULL, &armor_client); + r->req.req_body.realm, &armor_db, &armor_client); if (ret) goto out; @@ -886,7 +888,7 @@ _kdc_fast_check_armor_pac(astgs_request_t r) out: krb5_xfree(armor_client_principal_name); if (armor_client) - _kdc_free_ent(r->context, armor_client); + _kdc_free_ent(r->context, armor_db, armor_client); krb5_free_principal(r->context, armor_client_principal); krb5_pac_free(r->context, mspac); diff --git a/kdc/gss_preauth.c b/kdc/gss_preauth.c index 626227e26..6df4a0bd6 100644 --- a/kdc/gss_preauth.c +++ b/kdc/gss_preauth.c @@ -682,6 +682,7 @@ _kdc_gss_check_client(astgs_request_t r, krb5_principal initiator_princ = NULL; hdb_entry_ex *initiator = NULL; krb5_boolean authorized = FALSE; + HDB *clientdb = r->clientdb; OM_uint32 minor; gss_buffer_desc display_name = GSS_C_EMPTY_BUFFER; @@ -742,7 +743,7 @@ _kdc_gss_check_client(astgs_request_t r, if (krb5_principal_is_federated(r->context, r->client->entry.principal)) { initiator->entry.flags.force_canonicalize = 1; - _kdc_free_ent(r->context, r->client); + _kdc_free_ent(r->context, clientdb, r->client); r->client = initiator; initiator = NULL; } else if (!krb5_principal_compare(r->context, @@ -760,7 +761,7 @@ _kdc_gss_check_client(astgs_request_t r, out: krb5_free_principal(r->context, initiator_princ); if (initiator) - _kdc_free_ent(r->context, initiator); + _kdc_free_ent(r->context, r->clientdb, initiator); gss_release_buffer(&minor, &display_name); return ret; diff --git a/kdc/hpropd.c b/kdc/hpropd.c index d89a5d17d..4bfb89fc7 100644 --- a/kdc/hpropd.c +++ b/kdc/hpropd.c @@ -279,7 +279,7 @@ main(int argc, char **argv) else nprincs++; } - hdb_free_entry(context, &entry); + hdb_free_entry(context, db, &entry); } if (!print_dump) krb5_log(context, fac, 0, "Received %d principals", nprincs); diff --git a/kdc/kdc.h b/kdc/kdc.h index 9a3df2c23..55a5756f1 100644 --- a/kdc/kdc.h +++ b/kdc/kdc.h @@ -148,10 +148,12 @@ typedef struct krb5_kdc_configuration { /* server principal */ \ krb5_principal server_princ; \ hdb_entry_ex *server; \ + HDB *serverdb; \ \ /* presented ticket in TGS-REQ (unused by AS) */ \ krb5_principal *krbtgt_princ; \ hdb_entry_ex *krbtgt; \ + HDB *krbtgtdb; \ krb5_ticket *ticket; \ \ krb5_keyblock reply_key; \ diff --git a/kdc/kdc_locl.h b/kdc/kdc_locl.h index 2dc72cada..0522f48c5 100644 --- a/kdc/kdc_locl.h +++ b/kdc/kdc_locl.h @@ -88,6 +88,7 @@ struct astgs_request_desc { krb5_crypto armor_crypto; hdb_entry_ex *armor_server; + HDB *armor_serverdb; krb5_ticket *armor_ticket; Key *armor_key; diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index 6a80a3ea6..375c4217b 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -2022,11 +2022,13 @@ static krb5_error_code get_local_tgs(krb5_context context, krb5_kdc_configuration *config, krb5_const_realm realm, + HDB **krbtgtdb, hdb_entry_ex **krbtgt) { krb5_error_code ret; krb5_principal tgs_name; + *krbtgtdb = NULL; *krbtgt = NULL; ret = krb5_make_principal(context, @@ -2039,7 +2041,7 @@ get_local_tgs(krb5_context context, return ret; ret = _kdc_db_fetch(context, config, tgs_name, - HDB_F_GET_KRBTGT, NULL, NULL, krbtgt); + HDB_F_GET_KRBTGT, NULL, krbtgtdb, krbtgt); krb5_free_principal(context, tgs_name); return ret; @@ -2066,7 +2068,6 @@ _kdc_as_rep(astgs_request_t r) const PA_DATA *pa; krb5_boolean is_tgs; const char *msg; - hdb_entry_ex *krbtgt = NULL; Key *krbtgt_key; memset(rep, 0, sizeof(*rep)); @@ -2182,7 +2183,7 @@ _kdc_as_rep(astgs_request_t r) ret = _kdc_db_fetch(r->context, config, r->server_princ, HDB_F_GET_SERVER | HDB_F_DELAY_NEW_KEYS | flags | (is_tgs ? HDB_F_GET_KRBTGT : 0), - NULL, NULL, &r->server); + NULL, &r->serverdb, &r->server); switch (ret) { case 0: /* Success */ break; @@ -2386,11 +2387,11 @@ _kdc_as_rep(astgs_request_t r) krbtgt_key = skey; } else { ret = get_local_tgs(r->context, config, r->server_princ->realm, - &krbtgt); + &r->krbtgtdb, &r->krbtgt); if (ret) goto out; - ret = _kdc_get_preferred_key(r->context, config, krbtgt, + ret = _kdc_get_preferred_key(r->context, config, r->krbtgt, r->server_princ->realm, NULL, &krbtgt_key); if (ret) @@ -2762,11 +2763,11 @@ out: r->server_princ = NULL; } if (r->client) - _kdc_free_ent(r->context, r->client); + _kdc_free_ent(r->context, r->clientdb, r->client); if (r->server) - _kdc_free_ent(r->context, r->server); - if (krbtgt) - _kdc_free_ent(r->context, krbtgt); + _kdc_free_ent(r->context, r->serverdb, r->server); + if (r->krbtgt) + _kdc_free_ent(r->context, r->krbtgtdb, r->krbtgt); if (r->armor_crypto) { krb5_crypto_destroy(r->context, r->armor_crypto); r->armor_crypto = NULL; @@ -2774,7 +2775,7 @@ out: if (r->armor_ticket) krb5_free_ticket(r->context, r->armor_ticket); if (r->armor_server) - _kdc_free_ent(r->context, r->armor_server); + _kdc_free_ent(r->context, r->armor_serverdb, r->armor_server); krb5_free_keyblock_contents(r->context, &r->reply_key); krb5_free_keyblock_contents(r->context, &r->session_key); krb5_free_keyblock_contents(r->context, &r->strengthen_key); diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c index 346984c60..510114bb4 100644 --- a/kdc/krb5tgs.c +++ b/kdc/krb5tgs.c @@ -958,7 +958,7 @@ tgs_parse_request(astgs_request_t r, krbtgt_kvno = ap_req.ticket.enc_part.kvno ? *ap_req.ticket.enc_part.kvno : 0; ret = _kdc_db_fetch(r->context, config, princ, HDB_F_GET_KRBTGT, - &krbtgt_kvno, NULL, &r->krbtgt); + &krbtgt_kvno, &r->krbtgtdb, &r->krbtgt); if (ret == HDB_ERR_NOT_FOUND_HERE) { /* XXX Factor out this unparsing of the same princ all over */ @@ -1335,7 +1335,7 @@ _kdc_db_fetch_client(krb5_context context, krb5_free_error_message(context, msg); } else if (client->entry.flags.invalid || !client->entry.flags.client) { kdc_log(context, config, 4, "Client has invalid bit set"); - _kdc_free_ent(context, client); + _kdc_free_ent(context, *clientdb, client); return KRB5KDC_ERR_POLICY; } @@ -1361,6 +1361,7 @@ tgs_build_reply(astgs_request_t priv, char *spn = NULL, *cpn = NULL, *krbtgt_out_n = NULL; char *user2user_name = NULL; hdb_entry_ex *server = NULL, *client = NULL; + HDB *user2user_krbtgtdb; hdb_entry_ex *user2user_krbtgt = NULL; HDB *clientdb; HDB *serverdb = NULL; @@ -1379,6 +1380,7 @@ tgs_build_reply(astgs_request_t priv, char **capath = NULL; size_t num_capath = 0; + HDB *krbtgt_outdb; hdb_entry_ex *krbtgt_out = NULL; PrincipalName *s; @@ -1442,12 +1444,13 @@ tgs_build_reply(astgs_request_t priv, server_lookup: priv->server = NULL; if (server) - _kdc_free_ent(context, server); + _kdc_free_ent(context, serverdb, server); server = NULL; ret = _kdc_db_fetch(context, config, priv->server_princ, HDB_F_GET_SERVER | HDB_F_DELAY_NEW_KEYS | flags, NULL, &serverdb, &server); priv->server = server; + priv->serverdb = serverdb; if (ret == HDB_ERR_NOT_FOUND_HERE) { kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", spn); _kdc_audit_addreason((kdc_request_t)priv, "Target not found here"); @@ -1608,7 +1611,7 @@ server_lookup: } ret = _kdc_db_fetch(context, config, krbtgt_out_principal, - HDB_F_GET_KRBTGT, NULL, NULL, &krbtgt_out); + HDB_F_GET_KRBTGT, NULL, &krbtgt_outdb, &krbtgt_out); if (ret) { char *ktpn = NULL; ret = krb5_unparse_name(context, priv->krbtgt->entry.principal, &ktpn); @@ -1635,6 +1638,7 @@ server_lookup: krb5uint32 second_kvno = 0; krb5uint32 *kvno_ptr = NULL; size_t i; + HDB *user2user_db; hdb_entry_ex *user2user_client = NULL; krb5_boolean user2user_kdc_issued = FALSE; char *tpn; @@ -1670,7 +1674,7 @@ server_lookup: } ret = _kdc_db_fetch(context, config, p, HDB_F_GET_KRBTGT, kvno_ptr, - NULL, &user2user_krbtgt); + &user2user_krbtgtdb, &user2user_krbtgt); krb5_free_principal(context, p); if(ret){ if (ret == HDB_ERR_NOENTRY) @@ -1724,7 +1728,7 @@ server_lookup: */ ret = _kdc_db_fetch(context, config, user2user_princ, HDB_F_GET_CLIENT | flags, - NULL, NULL, &user2user_client); + NULL, &user2user_db, &user2user_client); if (ret == HDB_ERR_NOENTRY) ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; if (ret) @@ -1745,7 +1749,7 @@ server_lookup: user2user_client, NULL); if (ret) { - _kdc_free_ent(context, user2user_client); + _kdc_free_ent(context, user2user_db, user2user_client); goto out; } @@ -1760,7 +1764,7 @@ server_lookup: user2user_client, user2user_princ); if (ret) { - _kdc_free_ent(context, user2user_client); + _kdc_free_ent(context, user2user_db, user2user_client); goto out; } @@ -1769,7 +1773,7 @@ server_lookup: user2user_client, user2user_krbtgt, user2user_krbtgt, user2user_krbtgt, &uukey->key, &priv->ticket_key->key, &adtkt, &user2user_kdc_issued, &user2user_pac, NULL, NULL); - _kdc_free_ent(context, user2user_client); + _kdc_free_ent(context, user2user_db, user2user_client); if (ret) { const char *msg = krb5_get_error_message(context, ret); kdc_log(context, config, 0, @@ -2048,9 +2052,9 @@ out: krb5_free_keyblock_contents(context, &sessionkey); if(krbtgt_out) - _kdc_free_ent(context, krbtgt_out); + _kdc_free_ent(context, krbtgt_outdb, krbtgt_out); if(user2user_krbtgt) - _kdc_free_ent(context, user2user_krbtgt); + _kdc_free_ent(context, user2user_krbtgtdb, user2user_krbtgt); krb5_free_principal(context, user2user_princ); krb5_free_principal(context, krbtgt_out_principal); @@ -2202,20 +2206,20 @@ out: if (r->armor_ticket) krb5_free_ticket(r->context, r->armor_ticket); if (r->armor_server) - _kdc_free_ent(r->context, r->armor_server); + _kdc_free_ent(r->context, r->armor_serverdb, r->armor_server); krb5_free_keyblock_contents(r->context, &r->reply_key); krb5_free_keyblock_contents(r->context, &r->strengthen_key); if (r->ticket) krb5_free_ticket(r->context, r->ticket); if (r->krbtgt) - _kdc_free_ent(r->context, r->krbtgt); + _kdc_free_ent(r->context, r->krbtgtdb, r->krbtgt); if (r->client) - _kdc_free_ent(r->context, r->client); + _kdc_free_ent(r->context, r->clientdb, r->client); krb5_free_principal(r->context, r->client_princ); if (r->server) - _kdc_free_ent(r->context, r->server); + _kdc_free_ent(r->context, r->serverdb, r->server); krb5_free_principal(r->context, r->server_princ); _kdc_free_fast_state(&r->fast); krb5_pac_free(r->context, r->pac); diff --git a/kdc/kx509.c b/kdc/kx509.c index a5f960929..b48bdf6b2 100644 --- a/kdc/kx509.c +++ b/kdc/kx509.c @@ -253,6 +253,7 @@ is_local_realm(krb5_context context, { krb5_error_code ret; krb5_principal tgs; + HDB *db; hdb_entry_ex *ent = NULL; ret = krb5_make_principal(context, &tgs, realm, KRB5_TGS_NAME, realm, @@ -261,9 +262,9 @@ is_local_realm(krb5_context context, return ret; if (ret == 0) ret = _kdc_db_fetch(context, reqctx->config, tgs, HDB_F_GET_KRBTGT, - NULL, NULL, &ent); + NULL, &db, &ent); if (ent) - _kdc_free_ent(context, ent); + _kdc_free_ent(context, db, ent); krb5_free_principal(context, tgs); if (ret == HDB_ERR_NOENTRY || ret == HDB_ERR_NOT_FOUND_HERE) return KRB5KRB_AP_ERR_NOT_US; diff --git a/kdc/misc.c b/kdc/misc.c index 1880731bc..2b82c5cbc 100644 --- a/kdc/misc.c +++ b/kdc/misc.c @@ -117,7 +117,7 @@ synthesize_client(krb5_context context, *(e->entry.max_life) = config->synthetic_clients_max_life; *h = e; } else { - hdb_free_entry(context, e); + hdb_free_entry(context, &null_db, e); } return ret; } @@ -246,9 +246,9 @@ out: } KDC_LIB_FUNCTION void KDC_LIB_CALL -_kdc_free_ent(krb5_context context, hdb_entry_ex *ent) +_kdc_free_ent(krb5_context context, HDB *db, hdb_entry_ex *ent) { - hdb_free_entry (context, ent); + hdb_free_entry (context, db, ent); free (ent); } diff --git a/kdc/mit_dump.c b/kdc/mit_dump.c index 3e4b47d7e..409eae40e 100644 --- a/kdc/mit_dump.c +++ b/kdc/mit_dump.c @@ -209,7 +209,7 @@ mit_prop_dump(void *arg, const char *file) continue; } ret = v5_prop(pd->context, NULL, &ent, arg); - hdb_free_entry(pd->context, &ent); + hdb_free_entry(pd->context, NULL, &ent); /* XXX */ if (ret) break; } diff --git a/kdc/mssfu.c b/kdc/mssfu.c index 2f97b86d8..84c7c6012 100644 --- a/kdc/mssfu.c +++ b/kdc/mssfu.c @@ -100,6 +100,7 @@ static void update_client_names(astgs_request_t r, char **s4ucname, krb5_principal *s4u_client_name, + HDB **s4u_clientdb, hdb_entry_ex **s4u_client, krb5_principal *s4u_canon_client_name, krb5_pac *s4u_pac) @@ -111,9 +112,11 @@ update_client_names(astgs_request_t r, r->client_princ = *s4u_client_name; *s4u_client_name = NULL; - _kdc_free_ent(r->context, r->client); + _kdc_free_ent(r->context, r->clientdb, r->client); r->client = *s4u_client; *s4u_client = NULL; + r->clientdb = *s4u_clientdb; + *s4u_clientdb = NULL; krb5_free_principal(r->context, r->canon_client_princ); r->canon_client_princ = *s4u_canon_client_name; @@ -334,12 +337,13 @@ validate_protocol_transition(astgs_request_t r) * impersonated client. (The audit entry containing the original * client name will have been created before this point.) */ - update_client_names(r, &s4ucname, &s4u_client_name, &s4u_client, + update_client_names(r, &s4ucname, &s4u_client_name, + &s4u_clientdb, &s4u_client, &s4u_canon_client_name, &s4u_pac); out: if (s4u_client) - _kdc_free_ent(r->context, s4u_client); + _kdc_free_ent(r->context, s4u_clientdb, s4u_client); krb5_free_principal(r->context, s4u_client_name); krb5_xfree(s4ucname); krb5_free_principal(r->context, s4u_canon_client_name); @@ -368,6 +372,7 @@ validate_constrained_delegation(astgs_request_t r) uint64_t s4u_pac_attributes; char *s4ucname = NULL, *s4usname = NULL; EncTicketPart evidence_tkt; + HDB *s4u_clientdb; hdb_entry_ex *s4u_client = NULL; krb5_boolean ad_kdc_issued = FALSE; Key *clientkey; @@ -476,7 +481,7 @@ validate_constrained_delegation(astgs_request_t r) /* Try lookup the delegated client in DB */ ret = _kdc_db_fetch_client(r->context, r->config, flags, s4u_client_name, s4ucname, local_realm, - NULL, &s4u_client); + &s4u_clientdb, &s4u_client); if (ret) goto out; @@ -539,13 +544,14 @@ validate_constrained_delegation(astgs_request_t r) * impersonated client. (The audit entry containing the original * client name will have been created before this point.) */ - update_client_names(r, &s4ucname, &s4u_client_name, &s4u_client, + update_client_names(r, &s4ucname, &s4u_client_name, + &s4u_clientdb, &s4u_client, &s4u_canon_client_name, &s4u_pac); r->pac_attributes = s4u_pac_attributes; out: if (s4u_client) - _kdc_free_ent(r->context, s4u_client); + _kdc_free_ent(r->context, s4u_clientdb, s4u_client); krb5_free_principal(r->context, s4u_client_name); krb5_xfree(s4ucname); krb5_free_principal(r->context, s4u_server_name); diff --git a/lib/hdb/Makefile.am b/lib/hdb/Makefile.am index d528276ec..968f80658 100644 --- a/lib/hdb/Makefile.am +++ b/lib/hdb/Makefile.am @@ -146,10 +146,7 @@ $(srcdir)/hdb-private.h: $(dist_libhdb_la_SOURCES) $(gen_files_hdb) hdb_asn1.h hdb_asn1-priv.h: hdb_asn1_files hdb_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/hdb.asn1 - $(ASN1_COMPILE) --sequence=HDB-extensions \ - --sequence=HDB-Ext-KeyRotation \ - --sequence=HDB-Ext-KeySet \ - --sequence=Keys $(srcdir)/hdb.asn1 hdb_asn1 + $(ASN1_COMPILE) --option-file=$(srcdir)/hdb.opt $(srcdir)/hdb.asn1 hdb_asn1 # to help stupid solaris make diff --git a/lib/hdb/NTMakefile b/lib/hdb/NTMakefile index 5692450f3..f4801f7c5 100644 --- a/lib/hdb/NTMakefile +++ b/lib/hdb/NTMakefile @@ -37,7 +37,7 @@ intcflags=-DASN1_LIB $(OBJ)\asn1_hdb_asn1.c $(OBJ)\hdb_asn1.h $(OBJ)\hdb_asn1-priv.h: $(BINDIR)\asn1_compile.exe hdb.asn1 cd $(OBJ) - $(BINDIR)\asn1_compile.exe --sequence=HDB-extensions --sequence=HDB-Ext-KeyRotation --sequence=HDB-Ext-KeySet --sequence=Keys --one-code-file $(SRCDIR)\hdb.asn1 hdb_asn1 + $(BINDIR)\asn1_compile.exe --one-code-file --option-file=$(SRCDIR)\hdb.opt $(SRCDIR)\hdb.asn1 hdb_asn1 cd $(SRCDIR) !ifdef OPENLDAP_MODULE diff --git a/lib/hdb/common.c b/lib/hdb/common.c index 5ffbe2091..55176e27e 100644 --- a/lib/hdb/common.c +++ b/lib/hdb/common.c @@ -233,13 +233,13 @@ _hdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal, /* Decrypt the current keys */ ret = hdb_unseal_keys(context, db, &entry->entry); if (ret) { - hdb_free_entry(context, entry); + hdb_free_entry(context, db, entry); return ret; } /* Decrypt the key history too */ ret = hdb_unseal_keys_kvno(context, db, 0, flags, &entry->entry); if (ret) { - hdb_free_entry(context, entry); + hdb_free_entry(context, db, entry); return ret; } } else if ((flags & HDB_F_DECRYPT)) { @@ -247,7 +247,7 @@ _hdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal, /* Decrypt the current keys */ ret = hdb_unseal_keys(context, db, &entry->entry); if (ret) { - hdb_free_entry(context, entry); + hdb_free_entry(context, db, entry); return ret; } } else { @@ -259,7 +259,7 @@ _hdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal, */ ret = hdb_unseal_keys_kvno(context, db, kvno, flags, &entry->entry); if (ret) { - hdb_free_entry(context, entry); + hdb_free_entry(context, db, entry); return ret; } } @@ -273,7 +273,7 @@ _hdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal, */ ret = add_default_salts(context, db, &entry->entry); if (ret) { - hdb_free_entry(context, entry); + hdb_free_entry(context, db, entry); return ret; } } @@ -1567,7 +1567,7 @@ fetch_it(krb5_context context, ret = pick_kvno(context, db, flags, t, kvno, ent); } if (ret) - hdb_free_entry(context, ent); + hdb_free_entry(context, db, ent); krb5_free_principal(context, nsprinc); free(host); return ret; diff --git a/lib/hdb/db.c b/lib/hdb/db.c index 6e415b95f..e845bae02 100644 --- a/lib/hdb/db.c +++ b/lib/hdb/db.c @@ -143,14 +143,14 @@ DB_seq(krb5_context context, HDB *db, if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { code = hdb_unseal_keys (context, db, &entry->entry); if (code) - hdb_free_entry (context, entry); + hdb_free_entry (context, db, entry); } if (code == 0 && entry->entry.principal == NULL) { entry->entry.principal = malloc(sizeof(*entry->entry.principal)); if (entry->entry.principal == NULL) { code = ENOMEM; krb5_set_error_message(context, code, "malloc: out of memory"); - hdb_free_entry (context, entry); + hdb_free_entry (context, db, entry); } else { hdb_key2principal(context, &key_data, entry->entry.principal); } diff --git a/lib/hdb/db3.c b/lib/hdb/db3.c index 0daa25bbe..181f41515 100644 --- a/lib/hdb/db3.c +++ b/lib/hdb/db3.c @@ -161,12 +161,12 @@ DB_seq(krb5_context context, HDB *db, if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { code = hdb_unseal_keys (context, db, &entry->entry); if (code) - hdb_free_entry (context, entry); + hdb_free_entry (context, db, entry); } if (entry->entry.principal == NULL) { entry->entry.principal = malloc(sizeof(*entry->entry.principal)); if (entry->entry.principal == NULL) { - hdb_free_entry (context, entry); + hdb_free_entry (context, db, entry); krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } else { diff --git a/lib/hdb/hdb-ldap.c b/lib/hdb/hdb-ldap.c index 4c5d66529..5bdb36c0d 100644 --- a/lib/hdb/hdb-ldap.c +++ b/lib/hdb/hdb-ldap.c @@ -767,7 +767,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, } if (msg) - hdb_free_entry(context, &orig); + hdb_free_entry(context, db, &orig); return ret; } @@ -1467,7 +1467,7 @@ out: free(ntPasswordIN); if (ret) - hdb_free_entry(context, ent); + hdb_free_entry(context, db, ent); return ret; } @@ -1552,7 +1552,7 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry) if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { ret = hdb_unseal_keys(context, db, &entry->entry); if (ret) - hdb_free_entry(context, entry); + hdb_free_entry(context, db, entry); } } @@ -1712,7 +1712,7 @@ LDAP_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal, if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { ret = hdb_unseal_keys(context, db, &entry->entry); if (ret) - hdb_free_entry(context, entry); + hdb_free_entry(context, db, entry); } } diff --git a/lib/hdb/hdb-mdb.c b/lib/hdb/hdb-mdb.c index cabda277f..114744680 100644 --- a/lib/hdb/hdb-mdb.c +++ b/lib/hdb/hdb-mdb.c @@ -411,12 +411,12 @@ DB_seq(krb5_context context, HDB *db, if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { code = hdb_unseal_keys (context, db, &entry->entry); if (code) - hdb_free_entry (context, entry); + hdb_free_entry (context, db, entry); } if (entry->entry.principal == NULL) { entry->entry.principal = malloc(sizeof(*entry->entry.principal)); if (entry->entry.principal == NULL) { - hdb_free_entry (context, entry); + hdb_free_entry (context, db, entry); krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } else { diff --git a/lib/hdb/hdb-mitdb.c b/lib/hdb/hdb-mitdb.c index 2614d3f06..94e9c6971 100644 --- a/lib/hdb/hdb-mitdb.c +++ b/lib/hdb/hdb-mitdb.c @@ -802,7 +802,7 @@ mdb_seq(krb5_context context, HDB *db, if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { code = hdb_unseal_keys (context, db, &entry->entry); if (code) - hdb_free_entry (context, entry); + hdb_free_entry (context, db, entry); } return code; @@ -961,7 +961,7 @@ mdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal, if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { ret = hdb_unseal_keys (context, db, &entry->entry); if (ret) { - hdb_free_entry(context, entry); + hdb_free_entry(context, db, entry); return ret; } } diff --git a/lib/hdb/hdb-sqlite.c b/lib/hdb/hdb-sqlite.c index 3cab91789..655c5c8da 100644 --- a/lib/hdb/hdb-sqlite.c +++ b/lib/hdb/hdb-sqlite.c @@ -548,7 +548,7 @@ hdb_sqlite_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal princi if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { ret = hdb_unseal_keys(context, db, &entry->entry); if(ret) { - hdb_free_entry(context, entry); + hdb_free_entry(context, db, entry); goto out; } } diff --git a/lib/hdb/hdb.c b/lib/hdb/hdb.c index 3e379d04e..11015b44f 100644 --- a/lib/hdb/hdb.c +++ b/lib/hdb/hdb.c @@ -397,13 +397,13 @@ hdb_unlock(int fd) } void -hdb_free_entry(krb5_context context, hdb_entry_ex *ent) +hdb_free_entry(krb5_context context, HDB *db, hdb_entry_ex *ent) { Key *k; size_t i; - if (ent->free_entry) - (*ent->free_entry)(context, ent); + if (db && db->hdb_free_entry_context) + db->hdb_free_entry_context(context, db, ent); for(i = 0; i < ent->entry.keys.len; i++) { k = &ent->entry.keys.val[i]; @@ -430,7 +430,7 @@ hdb_foreach(krb5_context context, krb5_clear_error_message(context); while(ret == 0){ ret = (*func)(context, db, &entry, data); - hdb_free_entry(context, &entry); + hdb_free_entry(context, db, &entry); if(ret == 0) ret = db->hdb_nextkey(context, db, flags, &entry); } diff --git a/lib/hdb/hdb.h b/lib/hdb/hdb.h index a3bfd5e35..9b561e2d7 100644 --- a/lib/hdb/hdb.h +++ b/lib/hdb/hdb.h @@ -110,9 +110,7 @@ typedef struct hdb_master_key_data *hdb_master_key; */ typedef struct hdb_entry_ex { - void *ctx; hdb_entry entry; - void (*free_entry)(krb5_context, struct hdb_entry_ex *); } hdb_entry_ex; @@ -165,9 +163,9 @@ typedef struct HDB { */ krb5_error_code (*hdb_close)(krb5_context, struct HDB*); /** - * Free an entry after use. + * Free backend-specific entry context. */ - void (*hdb_free)(krb5_context, struct HDB*, hdb_entry_ex*); + void (*hdb_free_entry_context)(krb5_context, struct HDB*, hdb_entry_ex*); /** * Fetch an entry from the backend * diff --git a/lib/hdb/hdb.opt b/lib/hdb/hdb.opt new file mode 100644 index 000000000..626f8c7b0 --- /dev/null +++ b/lib/hdb/hdb.opt @@ -0,0 +1,5 @@ +--sequence=HDB-extensions +--sequence=HDB-Ext-KeyRotation +--sequence=HDB-Ext-KeySet +--sequence=Keys +--decorate=HDB_entry:void:context?::: diff --git a/lib/hdb/keytab.c b/lib/hdb/keytab.c index df321d6c2..fc8621391 100644 --- a/lib/hdb/keytab.c +++ b/lib/hdb/keytab.c @@ -227,7 +227,7 @@ hdb_get_entry(krb5_context context, goto out; if(kvno && (krb5_kvno)ent.entry.kvno != kvno) { - hdb_free_entry(context, &ent); + hdb_free_entry(context, db, &ent); ret = KRB5_KT_NOTFOUND; goto out; } @@ -246,7 +246,7 @@ hdb_get_entry(krb5_context context, break; } } - hdb_free_entry(context, &ent); + hdb_free_entry(context, db, &ent); out: (*db->hdb_close)(context, db); (*db->hdb_destroy)(context, db); @@ -337,7 +337,7 @@ hdb_next_entry(krb5_context context, return ret; if (c->hdb_entry.entry.keys.len == 0) - hdb_free_entry(context, &c->hdb_entry); + hdb_free_entry(context, c->db, &c->hdb_entry); else c->next = FALSE; } @@ -354,7 +354,7 @@ hdb_next_entry(krb5_context context, /* If no keys on this entry, try again */ if (c->hdb_entry.entry.keys.len == 0) - hdb_free_entry(context, &c->hdb_entry); + hdb_free_entry(context, c->db, &c->hdb_entry); else c->next = FALSE; } @@ -387,7 +387,7 @@ hdb_next_entry(krb5_context context, */ if ((size_t)c->key_idx == c->hdb_entry.entry.keys.len) { - hdb_free_entry(context, &c->hdb_entry); + hdb_free_entry(context, c->db, &c->hdb_entry); c->next = TRUE; c->key_idx = 0; } @@ -404,7 +404,7 @@ hdb_end_seq_get(krb5_context context, struct hdb_cursor *c = cursor->data; if (!c->next) - hdb_free_entry(context, &c->hdb_entry); + hdb_free_entry(context, c->db, &c->hdb_entry); (c->db->hdb_close)(context, c->db); (c->db->hdb_destroy)(context, c->db); diff --git a/lib/hdb/ndbm.c b/lib/hdb/ndbm.c index 4e3a340fe..92773f22b 100644 --- a/lib/hdb/ndbm.c +++ b/lib/hdb/ndbm.c @@ -104,12 +104,12 @@ NDBM_seq(krb5_context context, HDB *db, if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { ret = hdb_unseal_keys (context, db, &entry->entry); if (ret) - hdb_free_entry (context, entry); + hdb_free_entry (context, db, entry); } if (ret == 0 && entry->entry.principal == NULL) { entry->entry.principal = malloc (sizeof(*entry->entry.principal)); if (entry->entry.principal == NULL) { - hdb_free_entry (context, entry); + hdb_free_entry (context, db, entry); ret = ENOMEM; krb5_set_error_message(context, ret, "malloc: out of memory"); } else { diff --git a/lib/hdb/test_namespace.c b/lib/hdb/test_namespace.c index e4690ea5a..189888564 100644 --- a/lib/hdb/test_namespace.c +++ b/lib/hdb/test_namespace.c @@ -346,8 +346,6 @@ make_namespace(krb5_context context, HDB *db, const char *name) /* Setup the HDB entry */ memset(&e, 0, sizeof(e)); - e.ctx = 0; - e.free_entry = 0; e.entry.created_by.time = krs[0].epoch; e.entry.valid_start = e.entry.valid_end = e.entry.pw_end = 0; e.entry.generation = 0; @@ -424,7 +422,7 @@ make_namespace(krb5_context context, HDB *db, const char *name) if (ret) krb5_err(context, 1, ret, "failed to setup a namespace principal"); free_Key(&k); - hdb_free_entry(context, &e); + hdb_free_entry(context, db, &e); } #define WK_PREFIX "WELLKNOWN/" HDB_WK_NAMESPACE "/" @@ -936,7 +934,7 @@ main(int argc, char **argv) /* Cleanup */ for (i = 0; ret == 0 && i < sizeof(e) / sizeof(e[0]); i++) - hdb_free_entry(context, &e[i]); + hdb_free_entry(context, db, &e[i]); db->hdb_destroy(context, db); krb5_free_context(context); return 0; diff --git a/lib/kadm5/chpass_s.c b/lib/kadm5/chpass_s.c index e0d63d2ef..6ec0ec8b8 100644 --- a/lib/kadm5/chpass_s.c +++ b/lib/kadm5/chpass_s.c @@ -249,7 +249,7 @@ change(void *server_handle, n_ks_tuple, ks_tuple, password); out3: - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); out2: (void) kadm5_log_end(context); out: @@ -437,7 +437,7 @@ kadm5_s_chpass_principal_with_key(void *server_handle, n_key_data, key_data); out3: - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); out2: (void) kadm5_log_end(context); out: diff --git a/lib/kadm5/create_s.c b/lib/kadm5/create_s.c index 42125e28a..656c958ba 100644 --- a/lib/kadm5/create_s.c +++ b/lib/kadm5/create_s.c @@ -194,7 +194,7 @@ kadm5_s_create_principal_with_key(void *server_handle, if (!context->keep_open) { ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if (ret) { - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); return ret; } } @@ -227,7 +227,7 @@ kadm5_s_create_principal_with_key(void *server_handle, if (ret == 0 && ret2 != 0) ret = ret2; } - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); return _kadm5_error_code(ret); } @@ -315,7 +315,7 @@ kadm5_s_create_principal(void *server_handle, if (!context->keep_open) { ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if (ret) { - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); return ret; } } @@ -351,7 +351,7 @@ kadm5_s_create_principal(void *server_handle, if (ret == 0 && ret2 != 0) ret = ret2; } - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); return _kadm5_error_code(ret); } diff --git a/lib/kadm5/delete_s.c b/lib/kadm5/delete_s.c index 6942148db..ead87fe60 100644 --- a/lib/kadm5/delete_s.c +++ b/lib/kadm5/delete_s.c @@ -131,7 +131,7 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ) (void) delete_principal_hook(context, KADM5_HOOK_STAGE_POSTCOMMIT, ret, princ); out3: - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); out2: (void) kadm5_log_end(context); out: diff --git a/lib/kadm5/get_s.c b/lib/kadm5/get_s.c index 3b04cc744..d719fbbff 100644 --- a/lib/kadm5/get_s.c +++ b/lib/kadm5/get_s.c @@ -404,7 +404,7 @@ kadm5_s_get_principal(void *server_handle, out: if (ret) kadm5_free_principal_ent(context, out); - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); return _kadm5_error_code(ret); } diff --git a/lib/kadm5/ipropd_slave.c b/lib/kadm5/ipropd_slave.c index cd9a6f57a..bceb8f6e1 100644 --- a/lib/kadm5/ipropd_slave.c +++ b/lib/kadm5/ipropd_slave.c @@ -589,7 +589,7 @@ receive_everything(krb5_context context, int fd, if (ret) krb5_err(context, IPROPD_RESTART_SLOW, ret, "hdb_store"); - hdb_free_entry(context, &entry); + hdb_free_entry(context, mydb, &entry); krb5_data_free(&data); } else if (opcode == NOW_YOU_HAVE) ; diff --git a/lib/kadm5/log.c b/lib/kadm5/log.c index 376cecd9e..ae0799c2f 100644 --- a/lib/kadm5/log.c +++ b/lib/kadm5/log.c @@ -979,8 +979,6 @@ kadm5_log_create(kadm5_server_context *context, hdb_entry *entry) memset(&existing, 0, sizeof(existing)); memset(&ent, 0, sizeof(ent)); - ent.ctx = 0; - ent.free_entry = 0; ent.entry = *entry; /* @@ -993,11 +991,11 @@ kadm5_log_create(kadm5_server_context *context, hdb_entry *entry) return ret; if (ret == 0 && !ent.entry.flags.materialize && (existing.entry.flags.virtual || existing.entry.flags.virtual_keys)) { - hdb_free_entry(context->context, &existing); + hdb_free_entry(context->context, context->db, &existing); return HDB_ERR_EXISTS; } if (ret == 0) - hdb_free_entry(context->context, &existing); + hdb_free_entry(context->context, context->db, &existing); ent.entry.flags.materialize = 0; /* Clear in stored entry */ /* @@ -1076,7 +1074,7 @@ kadm5_log_replay_create(kadm5_server_context *context, return ret; } ret = context->db->hdb_store(context->context, context->db, 0, &ent); - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); return ret; } @@ -1202,8 +1200,6 @@ kadm5_log_rename(kadm5_server_context *context, kadm5_log_context *log_context = &context->log_context; memset(&ent, 0, sizeof(ent)); - ent.ctx = 0; - ent.free_entry = 0; ent.entry = *entry; if (strcmp(log_context->log_file, "/dev/null") == 0) { @@ -1340,7 +1336,7 @@ kadm5_log_replay_rename(kadm5_server_context *context, } ret = context->db->hdb_store(context->context, context->db, 0, &target_ent); - hdb_free_entry(context->context, &target_ent); + hdb_free_entry(context->context, context->db, &target_ent); if (ret) { krb5_free_principal(context->context, source); return ret; @@ -1368,8 +1364,6 @@ kadm5_log_modify(kadm5_server_context *context, kadm5_log_context *log_context = &context->log_context; memset(&ent, 0, sizeof(ent)); - ent.ctx = 0; - ent.free_entry = 0; ent.entry = *entry; if (strcmp(log_context->log_file, "/dev/null") == 0) @@ -1641,8 +1635,8 @@ kadm5_log_replay_modify(kadm5_server_context *context, ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); out: - hdb_free_entry(context->context, &ent); - hdb_free_entry(context->context, &log_ent); + hdb_free_entry(context->context, context->db, &ent); + hdb_free_entry(context->context, context->db, &log_ent); return ret; } diff --git a/lib/kadm5/modify_s.c b/lib/kadm5/modify_s.c index cb2e1fd1d..7e4f54323 100644 --- a/lib/kadm5/modify_s.c +++ b/lib/kadm5/modify_s.c @@ -188,7 +188,7 @@ modify_principal(void *server_handle, ret, princ, mask); out3: - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); out2: (void) kadm5_log_end(context); out: diff --git a/lib/kadm5/prune_s.c b/lib/kadm5/prune_s.c index e5d77f6cf..659fb4bfa 100644 --- a/lib/kadm5/prune_s.c +++ b/lib/kadm5/prune_s.c @@ -135,7 +135,7 @@ kadm5_s_prune_principal(void *server_handle, ret, princ, kvno); out3: - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); out2: (void) kadm5_log_end(context); out: diff --git a/lib/kadm5/randkey_s.c b/lib/kadm5/randkey_s.c index 9bb83cd14..d6fd5a8c7 100644 --- a/lib/kadm5/randkey_s.c +++ b/lib/kadm5/randkey_s.c @@ -190,7 +190,7 @@ kadm5_s_randkey_principal(void *server_handle, *n_keys = 0; } out3: - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); out2: (void) kadm5_log_end(context); out: diff --git a/lib/kadm5/rename_s.c b/lib/kadm5/rename_s.c index 1052042af..341e50359 100644 --- a/lib/kadm5/rename_s.c +++ b/lib/kadm5/rename_s.c @@ -170,7 +170,7 @@ kadm5_s_rename_principal(void *server_handle, out3: ent.entry.principal = oldname; /* Unborrow target */ - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); out2: (void) kadm5_log_end(context); diff --git a/lib/kadm5/setkey3_s.c b/lib/kadm5/setkey3_s.c index 2f8eda54c..279ac19f8 100644 --- a/lib/kadm5/setkey3_s.c +++ b/lib/kadm5/setkey3_s.c @@ -212,7 +212,7 @@ kadm5_s_setkey_principal_3(void *server_handle, princ, keepold, n_ks_tuple, ks_tuple, n_keys, keyblocks); - hdb_free_entry(context->context, &ent); + hdb_free_entry(context->context, context->db, &ent); (void) kadm5_log_end(context); if (!context->keep_open) context->db->hdb_close(context->context, context->db);