* krb5_ldap_policydn_to_name wasn't freeing rdn, and was using the
wrong function to free dn, in the HAVE_LDAP_STR2DN CASE.
* populate_krb5_db_entry wasn't freeing the tl_data generated from
ber_tl_data.
* populate_krb5_db_entry was using the wrong function to free
a password policy when finding pw_max_life.
* krb5_ldap_put_principal wasn't freeing ber_tl_data.
* krb5_update_tl_kadm_data had a bad contract. Change the contract
to be more like krb5_dbe_update_mod_princ_data and simplify its
memory management.
ticket: 6924
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24984
dc483132-0cff-0310-8789-
dd5450dbe970
LDAPDN dn;
rdn = strndup(policy_dn, len2 - len1 - 1); /* 1 character for ',' */
- if (ldap_str2dn (rdn, &dn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PEDANTIC) != 0) {
+ st = ldap_str2dn(rdn, &dn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PEDANTIC);
+ free(rdn);
+ if (st != 0) {
st = EINVAL;
goto cleanup;
}
st = EINVAL;
}
- ldap_memfree (dn);
+ ldap_dnfree(dn);
}
#elif defined HAVE_LDAP_EXPLODE_DN
{
&attr_present)) != 0)
goto cleanup;
if (attr_present == TRUE) {
- krb5_tl_data kadm_tl_data;
-
mask |= KDB_PWD_POL_REF_ATTR;
/* Ensure that the policy is inside the realm container */
if ((st = krb5_ldap_policydn_to_name (context, pwdpolicydn, &polname)) != 0)
goto cleanup;
- if ((st = krb5_update_tl_kadm_data(polname, &kadm_tl_data)) != 0) {
+ if ((st = krb5_update_tl_kadm_data(context, entry, polname)) != 0)
goto cleanup;
- }
- krb5_dbe_update_tl_data(context, entry, &kadm_tl_data);
}
/* KRBSECRETKEY */
for (i = 0; ber_tl_data[i] != NULL; i++) {
if ((st = berval2tl_data (ber_tl_data[i] , &ptr)) != 0)
break;
- if ((st = krb5_dbe_update_tl_data(context, entry, ptr)) != 0)
+ st = krb5_dbe_update_tl_data(context, entry, ptr);
+ free(ptr->tl_data_contents);
+ free(ptr);
+ if (st != 0)
break;
}
ldap_value_free_len (ber_tl_data);
if ((st=krb5_ldap_get_password_policy(context, polname, &pwdpol)) != 0)
goto cleanup;
pw_max_life = pwdpol->pw_max_life;
- free (pwdpol);
+ krb5_ldap_free_password_policy(context, pwdpol);
if (pw_max_life > 0) {
if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0)
break;
j++;
}
- if (st != 0) {
- for (j = 0; ber_tl_data[j] != NULL; j++) {
- free (ber_tl_data[j]->bv_val);
- free (ber_tl_data[j]);
- }
- free (ber_tl_data);
- goto cleanup;
+ if (st == 0) {
+ ber_tl_data[count] = NULL;
+ st=krb5_add_ber_mem_ldap_mod(&mods, "krbExtraData",
+ LDAP_MOD_REPLACE |
+ LDAP_MOD_BVALUES, ber_tl_data);
}
- ber_tl_data[count] = NULL;
- if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbExtraData",
- LDAP_MOD_REPLACE | LDAP_MOD_BVALUES,
- ber_tl_data)) != 0)
+ for (j = 0; ber_tl_data[j] != NULL; j++) {
+ free(ber_tl_data[j]->bv_val);
+ free(ber_tl_data[j]);
+ }
+ free(ber_tl_data);
+ if (st != 0)
goto cleanup;
}
if ((st=krb5_dbe_lookup_last_admin_unlock(context, entry,
}
krb5_error_code
-krb5_update_tl_kadm_data(policy_dn, new_tl_data)
- char * policy_dn;
- krb5_tl_data * new_tl_data;
+krb5_update_tl_kadm_data(krb5_context context, krb5_db_entry *entry,
+ char *policy_dn)
{
XDR xdrs;
- osa_princ_ent_t princ_entry;
+ osa_princ_ent_rec princ_entry;
+ krb5_tl_data tl_data;
+ krb5_error_code retval;
- if ((princ_entry = (osa_princ_ent_t) malloc(sizeof(osa_princ_ent_rec))) == NULL)
- return ENOMEM;
-
- memset(princ_entry, 0, sizeof(osa_princ_ent_rec));
- princ_entry->admin_history_kvno = 2;
- princ_entry->aux_attributes = KADM5_POLICY;
- princ_entry->policy = policy_dn;
+ memset(&princ_entry, 0, sizeof(osa_princ_ent_rec));
+ princ_entry.admin_history_kvno = 2;
+ princ_entry.aux_attributes = KADM5_POLICY;
+ princ_entry.policy = policy_dn;
xdralloc_create(&xdrs, XDR_ENCODE);
- if (! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
+ if (! ldap_xdr_osa_princ_ent_rec(&xdrs, &princ_entry)) {
xdr_destroy(&xdrs);
- return(KADM5_XDR_FAILURE);
+ return KADM5_XDR_FAILURE;
}
- new_tl_data->tl_data_type = KRB5_TL_KADM_DATA;
- new_tl_data->tl_data_length = xdr_getpos(&xdrs);
- new_tl_data->tl_data_contents = (krb5_octet *)xdralloc_getdata(&xdrs);
-
- /*
- xdr_destroy(&xdrs);
- ldap_osa_free_princ_ent(princ_entry);
- */
- return(0);
+ tl_data.tl_data_type = KRB5_TL_KADM_DATA;
+ tl_data.tl_data_length = xdr_getpos(&xdrs);
+ tl_data.tl_data_contents = (krb5_octet *)xdralloc_getdata(&xdrs);
+ retval = krb5_dbe_update_tl_data(context, entry, &tl_data);
+ xdr_destroy(&xdrs);
+ return retval;
}
krb5_lookup_tl_kadm_data(krb5_tl_data *tl_data, osa_princ_ent_rec *princ_entry);
krb5_error_code
-krb5_update_tl_kadm_data(char *, krb5_tl_data *);
+krb5_update_tl_kadm_data(krb5_context context, krb5_db_entry *entry,
+ char *policy_dn);
#endif
projects / krb5.git / commitdiff