s3:libads: improve the logic in get_kdc_ip_string()

This fixes possible memory leaks on 'mem_ctx' and
always adds :88 (also for ipv4 addresses).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12515

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index c8aa9191c7ee6f307a2a1640da074880b0bebfee..c5eb2920d6d284a2108874ee7186b5024e039d8e 100644 (file)
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -356,31 +356,6 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, size_t *num_addr
        *num_addrs += 1;
 }
 
-/* print_canonical_sockaddr prints an ipv6 addr in the form of
-* [ipv6.addr]. This string, when put in a generated krb5.conf file is not
-* always properly dealt with by some older krb5 libraries. Adding the hard-coded
-* portnumber workarounds the issue. - gd */
-
-static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx,
-                                               const struct sockaddr_storage *pss)
-{
-       char *str = NULL;
-
-       str = print_canonical_sockaddr(mem_ctx, pss);
-       if (str == NULL) {
-               return NULL;
-       }
-
-       if (pss->ss_family != AF_INET6) {
-               return str;
-       }
-
-#if defined(HAVE_IPV6)
-       str = talloc_asprintf_append(str, ":88");
-#endif
-       return str;
-}
-
 static char *get_kdc_ip_string(char *mem_ctx,
                const char *realm,
                const char *sitename,
@@ -399,12 +374,26 @@ static char *get_kdc_ip_string(char *mem_ctx,
        char *result = NULL;
        struct netlogon_samlogon_response **responses = NULL;
        NTSTATUS status;
-       char *kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n", "",
-                                       print_canonical_sockaddr_with_port(mem_ctx, pss));
+       char *addr_str = NULL;
+       const uint16_t kdc_port = 88;
 
-       if (kdc_str == NULL) {
-               TALLOC_FREE(frame);
-               return NULL;
+       addr_str = print_canonical_sockaddr(talloc_tos(), pss);
+       if (addr_str == NULL) {
+               goto out;
+       }
+
+       /*
+        * print_canonical_sockaddr prints an ipv6 addr in the form of
+        * [ipv6.addr]. This string, when put in a generated krb5.conf file is
+        * not always properly dealt with by some older krb5 libraries. Adding
+        * the hard-coded portnumber workarounds the issue. - gd
+        */
+       result = talloc_asprintf(mem_ctx,
+                                "\t\tkdc = %s:%u\n",
+                                addr_str, kdc_port);
+       TALLOC_FREE(addr_str);
+       if (result == NULL) {
+               goto out;
        }
 
        /*
@@ -495,27 +484,32 @@ static char *get_kdc_ip_string(char *mem_ctx,
        }
 
        for (i=0; i<num_dcs; i++) {
-               char *new_kdc_str;
+               char *new_str = NULL;
 
                if (responses[i] == NULL) {
                        continue;
                }
 
+               addr_str = print_canonical_sockaddr(talloc_tos(),
+                                                   &dc_addrs[i]);
+               if (addr_str == NULL) {
+                       goto out;
+               }
+
                /* Append to the string - inefficient but not done often. */
-               new_kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n",
-                                             kdc_str,
-                                             print_canonical_sockaddr_with_port(mem_ctx, &dc_addrs[i]));
-               if (new_kdc_str == NULL) {
+               new_str = talloc_asprintf_append_buffer(result,
+                                       "\t\tkdc = %s:%u\n",
+                                       addr_str, kdc_port);
+               TALLOC_FREE(addr_str);
+               if (new_str == NULL) {
                        goto out;
                }
-               TALLOC_FREE(kdc_str);
-               kdc_str = new_kdc_str;
+               result = new_str;
        }
 
 out:
-       DEBUG(10, ("get_kdc_ip_string: Returning %s\n", kdc_str));
+       DEBUG(10, ("get_kdc_ip_string: Returning \n%s", result));
 
-       result = kdc_str;
        SAFE_FREE(ip_srv_site);
        SAFE_FREE(ip_srv_nonsite);
        TALLOC_FREE(frame);