From e8632e2af50588dd47dc00fb72e85a398c844622 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 26 Aug 2016 11:51:52 +0200 Subject: [PATCH] krb5_wrap: Rename kerberos_free_data_contents() Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett --- lib/krb5_wrap/krb5_samba.c | 17 +++++-- lib/krb5_wrap/krb5_samba.h | 2 +- source3/libads/krb5_setpw.c | 8 +-- source4/auth/gensec/gensec_krb5.c | 10 ++-- source4/auth/kerberos/kerberos_pac.c | 8 +-- .../dsdb/samdb/ldb_modules/password_hash.c | 2 +- source4/kdc/db-glue.c | 10 ++-- source4/kdc/kdc-server.c | 2 +- source4/kdc/kpasswd-heimdal.c | 2 +- source4/kdc/pac-glue.c | 50 +++++++++---------- source4/kdc/sdb.c | 2 +- source4/kdc/wdc-samba4.c | 2 +- source4/torture/ndr/krb5pac.c | 2 +- 13 files changed, 63 insertions(+), 54 deletions(-) diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 3cdaaa1fb41d..b8c1d634ec21 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -277,7 +277,7 @@ int smb_krb5_create_key_from_string(krb5_context context, * @param host_princ The krb5_principal to create the salt for * @param psalt A pointer to a krb5_data struct * -* caller has to free the contents of psalt with kerberos_free_data_contents +* caller has to free the contents of psalt with smb_krb5_free_data_contents * when function has succeeded * * @return krb5_error_code, returns 0 on success, error code otherwise @@ -804,7 +804,16 @@ cleanup_princ: return retval; } -void kerberos_free_data_contents(krb5_context context, krb5_data *pdata) +/** + * @brief Free the contents of a krb5_data structure and zero the data field. + * + * @param[in] context The krb5 context + * + * @param[in] pdata The data structure to free contents of + * + * This function frees the contents, not the structure itself. + */ +void smb_krb5_free_data_contents(krb5_context context, krb5_data *pdata) { #if defined(HAVE_KRB5_FREE_DATA_CONTENTS) if (pdata->data) { @@ -825,7 +834,7 @@ void kerberos_free_data_contents(krb5_context context, krb5_data *pdata) * @param[in] length The length of the data to copy * @return krb5_error_code * - * Caller has to free krb5_data with kerberos_free_data_contents(). + * Caller has to free krb5_data with smb_krb5_free_data_contents(). */ krb5_error_code krb5_copy_data_contents(krb5_data *p, @@ -916,7 +925,7 @@ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx, *ticket = data_blob_talloc(mem_ctx, packet.data, packet.length); - kerberos_free_data_contents(context, &packet); + smb_krb5_free_data_contents(context, &packet); failed: diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 4841d69cbb49..e28bb73974b8 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -181,7 +181,7 @@ bool get_krb5_smb_session_key(TALLOC_CTX *mem_ctx, krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry); void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype); bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2); -void kerberos_free_data_contents(krb5_context context, krb5_data *pdata); +void smb_krb5_free_data_contents(krb5_context context, krb5_data *pdata); krb5_error_code smb_krb5_parse_name_norealm(krb5_context context, const char *name, krb5_principal *principal); diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index c63349567c83..446278a580a7 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -121,8 +121,8 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *principal, aret = ADS_SUCCESS; done: - kerberos_free_data_contents(context, &result_code_string); - kerberos_free_data_contents(context, &result_string); + smb_krb5_free_data_contents(context, &result_code_string); + smb_krb5_free_data_contents(context, &result_string); krb5_free_principal(context, princ); krb5_cc_close(context, ccache); krb5_free_context(context); @@ -261,8 +261,8 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, aret = ADS_SUCCESS; done: - kerberos_free_data_contents(context, &result_code_string); - kerberos_free_data_contents(context, &result_string); + smb_krb5_free_data_contents(context, &result_code_string); + smb_krb5_free_data_contents(context, &result_string); krb5_free_principal(context, princ); krb5_free_context(context); diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index fb3e46564703..9de4d2c59a0d 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -70,7 +70,7 @@ static int gensec_krb5_destroy(struct gensec_krb5_state *gensec_krb5_state) return 0; } if (gensec_krb5_state->enc_ticket.length) { - kerberos_free_data_contents(gensec_krb5_state->smb_krb5_context->krb5_context, + smb_krb5_free_data_contents(gensec_krb5_state->smb_krb5_context->krb5_context, &gensec_krb5_state->enc_ticket); } @@ -674,7 +674,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, } else { *out = data_blob_talloc(out_mem_ctx, outbuf.data, outbuf.length); } - kerberos_free_data_contents(gensec_krb5_state->smb_krb5_context->krb5_context, + smb_krb5_free_data_contents(gensec_krb5_state->smb_krb5_context->krb5_context, &outbuf); return NT_STATUS_OK; } @@ -777,7 +777,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security } else { /* Found pac */ pac_blob = data_blob_talloc(tmp_ctx, pac_data.data, pac_data.length); - kerberos_free_data_contents(context, &pac_data); + smb_krb5_free_data_contents(context, &pac_data); if (!pac_blob.data) { free(principal_string); krb5_free_principal(context, client_principal); @@ -854,7 +854,7 @@ static NTSTATUS gensec_krb5_wrap(struct gensec_security *gensec_security, } *out = data_blob_talloc(mem_ctx, output.data, output.length); - kerberos_free_data_contents(context, &output); + smb_krb5_free_data_contents(context, &output); } else { return NT_STATUS_ACCESS_DENIED; } @@ -885,7 +885,7 @@ static NTSTATUS gensec_krb5_unwrap(struct gensec_security *gensec_security, } *out = data_blob_talloc(mem_ctx, output.data, output.length); - kerberos_free_data_contents(context, &output); + smb_krb5_free_data_contents(context, &output); } else { return NT_STATUS_ACCESS_DENIED; } diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c index f511aae7a883..cd5a31a74087 100644 --- a/source4/auth/kerberos/kerberos_pac.c +++ b/source4/auth/kerberos/kerberos_pac.c @@ -313,7 +313,7 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx, ndr_err = ndr_pull_union_blob(&pac_logon_info_in, tmp_ctx, &info, PAC_TYPE_LOGON_INFO, (ndr_pull_flags_fn_t)ndr_pull_PAC_INFO); - kerberos_free_data_contents(context, &k5pac_logon_info_in); + smb_krb5_free_data_contents(context, &k5pac_logon_info_in); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { nt_status = ndr_map_error2ntstatus(ndr_err); DEBUG(0,("can't parse the PAC LOGON_INFO: %s\n", nt_errstr(nt_status))); @@ -345,7 +345,7 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx, &_upn_dns_info, PAC_TYPE_UPN_DNS_INFO, (ndr_pull_flags_fn_t)ndr_pull_PAC_INFO); - kerberos_free_data_contents(context, &k5pac_upn_dns_info_in); + smb_krb5_free_data_contents(context, &k5pac_upn_dns_info_in); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { nt_status = ndr_map_error2ntstatus(ndr_err); DEBUG(0,("can't parse the PAC UPN_DNS_INFO: %s\n", @@ -378,7 +378,7 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx, ndr_err = ndr_pull_struct_blob(&pac_srv_checksum_in, pac_srv_sig, pac_srv_sig, (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA); - kerberos_free_data_contents(context, &k5pac_srv_checksum_in); + smb_krb5_free_data_contents(context, &k5pac_srv_checksum_in); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { nt_status = ndr_map_error2ntstatus(ndr_err); DEBUG(0,("can't parse the KDC signature: %s\n", @@ -399,7 +399,7 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx, ndr_err = ndr_pull_struct_blob(&pac_kdc_checksum_in, pac_kdc_sig, pac_kdc_sig, (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA); - kerberos_free_data_contents(context, &k5pac_kdc_checksum_in); + smb_krb5_free_data_contents(context, &k5pac_kdc_checksum_in); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { nt_status = ndr_map_error2ntstatus(ndr_err); DEBUG(0,("can't parse the KDC signature: %s\n", diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index bb8679c79aad..ec3d27eac110 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -755,7 +755,7 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io) io->g.salt = talloc_strndup(io->ac, (char *)salt.data, salt.length); - kerberos_free_data_contents(io->smb_krb5_context->krb5_context, &salt); + smb_krb5_free_data_contents(io->smb_krb5_context->krb5_context, &salt); if (!io->g.salt) { return ldb_oom(ldb); } diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 013efbffa082..5884607799eb 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -523,7 +523,7 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context, } if (ret) { if (key.salt) { - kerberos_free_data_contents(context, &key.salt->salt); + smb_krb5_free_data_contents(context, &key.salt->salt); free(key.salt); key.salt = NULL; } @@ -573,7 +573,7 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context, &key.key); if (ret) { if (key.salt) { - kerberos_free_data_contents(context, &key.salt->salt); + smb_krb5_free_data_contents(context, &key.salt->salt); free(key.salt); key.salt = NULL; } @@ -1367,7 +1367,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, ENCTYPE_AES256_CTS_HMAC_SHA1_96, &key.key); if (ret != 0) { - kerberos_free_data_contents(context, &salt); + smb_krb5_free_data_contents(context, &salt); goto out; } @@ -1383,7 +1383,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, ENCTYPE_AES128_CTS_HMAC_SHA1_96, &key.key); if (ret != 0) { - kerberos_free_data_contents(context, &salt); + smb_krb5_free_data_contents(context, &salt); goto out; } @@ -1391,7 +1391,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, entry_ex->entry.keys.len++; } - kerberos_free_data_contents(context, &salt); + smb_krb5_free_data_contents(context, &salt); } if (password_hash != NULL) { diff --git a/source4/kdc/kdc-server.c b/source4/kdc/kdc-server.c index 5b8463bb7008..7854f497b05f 100644 --- a/source4/kdc/kdc-server.c +++ b/source4/kdc/kdc-server.c @@ -90,7 +90,7 @@ static NTSTATUS kdc_proxy_unavailable_error(struct kdc_server *kdc, } *out = data_blob_talloc(mem_ctx, enc_error.data, enc_error.length); - kerberos_free_data_contents(kdc->smb_krb5_context->krb5_context, + smb_krb5_free_data_contents(kdc->smb_krb5_context->krb5_context, &enc_error); if (!out->data) { return NT_STATUS_NO_MEMORY; diff --git a/source4/kdc/kpasswd-heimdal.c b/source4/kdc/kpasswd-heimdal.c index e61dfd42a169..ff2f6af92081 100644 --- a/source4/kdc/kpasswd-heimdal.c +++ b/source4/kdc/kpasswd-heimdal.c @@ -86,7 +86,7 @@ static bool kpasswdd_make_unauth_error_reply(struct kdc_server *kdc, return false; } *error_blob = data_blob_talloc(mem_ctx, k5_error_blob.data, k5_error_blob.length); - kerberos_free_data_contents(kdc->smb_krb5_context->krb5_context, + smb_krb5_free_data_contents(kdc->smb_krb5_context->krb5_context, &k5_error_blob); if (!error_blob->data) { return false; diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index ad72e2e7b3ab..b232f6a29f00 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -445,7 +445,7 @@ krb5_error_code samba_make_krb5_pac(krb5_context context, cred_blob->data, cred_blob->length); if (ret != 0) { - kerberos_free_data_contents(context, &logon_data); + smb_krb5_free_data_contents(context, &logon_data); return ret; } } @@ -456,8 +456,8 @@ krb5_error_code samba_make_krb5_pac(krb5_context context, upn_blob->data, upn_blob->length); if (ret != 0) { - kerberos_free_data_contents(context, &logon_data); - kerberos_free_data_contents(context, &cred_data); + smb_krb5_free_data_contents(context, &logon_data); + smb_krb5_free_data_contents(context, &cred_data); return ret; } } @@ -468,28 +468,28 @@ krb5_error_code samba_make_krb5_pac(krb5_context context, deleg_blob->data, deleg_blob->length); if (ret != 0) { - kerberos_free_data_contents(context, &logon_data); - kerberos_free_data_contents(context, &cred_data); - kerberos_free_data_contents(context, &upn_data); + smb_krb5_free_data_contents(context, &logon_data); + smb_krb5_free_data_contents(context, &cred_data); + smb_krb5_free_data_contents(context, &upn_data); return ret; } } ret = krb5_pac_init(context, pac); if (ret != 0) { - kerberos_free_data_contents(context, &logon_data); - kerberos_free_data_contents(context, &cred_data); - kerberos_free_data_contents(context, &upn_data); - kerberos_free_data_contents(context, &deleg_data); + smb_krb5_free_data_contents(context, &logon_data); + smb_krb5_free_data_contents(context, &cred_data); + smb_krb5_free_data_contents(context, &upn_data); + smb_krb5_free_data_contents(context, &deleg_data); return ret; } ret = krb5_pac_add_buffer(context, *pac, PAC_TYPE_LOGON_INFO, &logon_data); - kerberos_free_data_contents(context, &logon_data); + smb_krb5_free_data_contents(context, &logon_data); if (ret != 0) { - kerberos_free_data_contents(context, &upn_data); - kerberos_free_data_contents(context, &cred_data); - kerberos_free_data_contents(context, &deleg_data); + smb_krb5_free_data_contents(context, &upn_data); + smb_krb5_free_data_contents(context, &cred_data); + smb_krb5_free_data_contents(context, &deleg_data); return ret; } @@ -497,10 +497,10 @@ krb5_error_code samba_make_krb5_pac(krb5_context context, ret = krb5_pac_add_buffer(context, *pac, PAC_TYPE_CREDENTIAL_INFO, &cred_data); - kerberos_free_data_contents(context, &cred_data); + smb_krb5_free_data_contents(context, &cred_data); if (ret != 0) { - kerberos_free_data_contents(context, &upn_data); - kerberos_free_data_contents(context, &deleg_data); + smb_krb5_free_data_contents(context, &upn_data); + smb_krb5_free_data_contents(context, &deleg_data); return ret; } } @@ -514,8 +514,8 @@ krb5_error_code samba_make_krb5_pac(krb5_context context, PAC_TYPE_LOGON_NAME, &null_data); if (ret != 0) { - kerberos_free_data_contents(context, &upn_data); - kerberos_free_data_contents(context, &deleg_data); + smb_krb5_free_data_contents(context, &upn_data); + smb_krb5_free_data_contents(context, &deleg_data); return ret; } @@ -523,9 +523,9 @@ krb5_error_code samba_make_krb5_pac(krb5_context context, ret = krb5_pac_add_buffer(context, *pac, PAC_TYPE_UPN_DNS_INFO, &upn_data); - kerberos_free_data_contents(context, &upn_data); + smb_krb5_free_data_contents(context, &upn_data); if (ret != 0) { - kerberos_free_data_contents(context, &deleg_data); + smb_krb5_free_data_contents(context, &deleg_data); return ret; } } @@ -534,7 +534,7 @@ krb5_error_code samba_make_krb5_pac(krb5_context context, ret = krb5_pac_add_buffer(context, *pac, PAC_TYPE_CONSTRAINED_DELEGATION, &deleg_data); - kerberos_free_data_contents(context, &deleg_data); + smb_krb5_free_data_contents(context, &deleg_data); if (ret != 0) { return ret; } @@ -803,7 +803,7 @@ NTSTATUS samba_kdc_update_delegation_info_blob(TALLOC_CTX *mem_ctx, &info, PAC_TYPE_CONSTRAINED_DELEGATION, (ndr_pull_flags_fn_t)ndr_pull_PAC_INFO); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - kerberos_free_data_contents(context, &old_data); + smb_krb5_free_data_contents(context, &old_data); nt_status = ndr_map_error2ntstatus(ndr_err); DEBUG(0,("can't parse the PAC LOGON_INFO: %s\n", nt_errstr(nt_status))); talloc_free(tmp_ctx); @@ -813,7 +813,7 @@ NTSTATUS samba_kdc_update_delegation_info_blob(TALLOC_CTX *mem_ctx, ZERO_STRUCT(_d); info.constrained_delegation.info = &_d; } - kerberos_free_data_contents(context, &old_data); + smb_krb5_free_data_contents(context, &old_data); ret = krb5_unparse_name(context, server_principal, &server); if (ret) { @@ -843,7 +843,7 @@ NTSTATUS samba_kdc_update_delegation_info_blob(TALLOC_CTX *mem_ctx, SAFE_FREE(server); SAFE_FREE(proxy); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - kerberos_free_data_contents(context, &old_data); + smb_krb5_free_data_contents(context, &old_data); nt_status = ndr_map_error2ntstatus(ndr_err); DEBUG(0,("can't parse the PAC LOGON_INFO: %s\n", nt_errstr(nt_status))); talloc_free(tmp_ctx); diff --git a/source4/kdc/sdb.c b/source4/kdc/sdb.c index d7c99520678d..ca6b38d1a323 100644 --- a/source4/kdc/sdb.c +++ b/source4/kdc/sdb.c @@ -62,7 +62,7 @@ static void free_sdb_key(struct sdb_key *k) /* keyblock not alloced */ if (k->salt) { - kerberos_free_data_contents(NULL, &k->salt->salt); + smb_krb5_free_data_contents(NULL, &k->salt->salt); } ZERO_STRUCTP(k); diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c index fddf342787f3..0b1573472c68 100644 --- a/source4/kdc/wdc-samba4.c +++ b/source4/kdc/wdc-samba4.c @@ -451,7 +451,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context, ret = krb5_pac_add_buffer(context, new_pac, type, &type_data); - kerberos_free_data_contents(context, &type_data); + smb_krb5_free_data_contents(context, &type_data); if (ret != 0) { SAFE_FREE(types); krb5_pac_free(context, new_pac); diff --git a/source4/torture/ndr/krb5pac.c b/source4/torture/ndr/krb5pac.c index 1deac73705d9..d78729bda67c 100644 --- a/source4/torture/ndr/krb5pac.c +++ b/source4/torture/ndr/krb5pac.c @@ -500,7 +500,7 @@ static bool PAC_DATA_pkinit(struct torture_context *tctx, torture_assert_int_equal(tctx, plain_data.length, 112, "plain_data.length"); plain_data_blob = data_blob_talloc(tctx, plain_data.data, plain_data.length); torture_assert_int_equal(tctx, plain_data_blob.length, 112, "plain_data_blob.length"); - kerberos_free_data_contents(ctx, &plain_data); + smb_krb5_free_data_contents(ctx, &plain_data); krb5_free_keyblock_contents(ctx, &reply_key); krb5_free_context(ctx); torture_assert_data_blob_equal(tctx, -- 2.34.1