Free verto context later in KDC cleanup

The KDC supplies the verto context to kdcpreauth modules via the loop
method (added in commit 83b4ecd20e50ad330cd761977d5dadefe30a785b).
This context should remain valid until kdcpreauth modules are
unloaded, as modules might refer to it during cleanup.  In particular,
the OTP module references the verto context when freeing the RADIUS
client object (commit e89abc2d4ea1fea1ec28d470f297514b828e4842), which
can cause a memory error during KDC shutdown without this change.

(cherry picked from commit 8dcace04945723cd6a3c8ea2c1ba467c22eb6584)

ticket: 9064
version_fixed: 1.19.4

diff --git a/src/kdc/main.c b/src/kdc/main.c
index 3be6dcb074277b2cfc8cfedd8531ad26e7c5c91d..57e87573c57a71c7164807f194ef6fcde68e54ea 100644 (file)
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -1065,7 +1065,6 @@ int main(int argc, char **argv)
     kau_kdc_start(kcontext, TRUE);
 
     verto_run(ctx);
-    loop_free(ctx);
     kau_kdc_stop(kcontext, TRUE);
     krb5_klog_syslog(LOG_INFO, _("shutting down"));
     unload_preauth_plugins(kcontext);
@@ -1079,6 +1078,7 @@ int main(int argc, char **argv)
 #ifndef NOCACHE
     kdc_free_lookaside(kcontext);
 #endif
+    loop_free(ctx);
     krb5_free_context(kcontext);
     return errout;
 }