From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 3 Oct 2023 07:04:44 +0000 (+1300)
Subject: s4:kdc: Simplify memory management with talloc stackframe
X-Git-Tag: tevent-0.16.0~125
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2bb86bc54a53ecf9f89a9fb3bff750ed6273f6e;p=thirdparty%2Fsamba.git

s4:kdc: Simplify memory management with talloc stackframe

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index f0b934c9c56..58822678e6e 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -1187,6 +1187,7 @@ static krb5_error_code samba_kdc_get_user_info_from_pac(TALLOC_CTX *mem_ctx,
 							struct auth_user_info_dc **info_out,
 							struct PAC_DOMAIN_GROUP_MEMBERSHIP **resource_groups_out)
 {
+	TALLOC_CTX *frame = NULL;
 	struct auth_user_info_dc *info = NULL;
 	struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups = NULL;
 	struct PAC_DOMAIN_GROUP_MEMBERSHIP **resource_groups_ptr = NULL;
@@ -1198,6 +1199,8 @@ static krb5_error_code samba_kdc_get_user_info_from_pac(TALLOC_CTX *mem_ctx,
 		*resource_groups_out = NULL;
 	}
 
+	frame = talloc_stackframe();
+
 	if (resource_groups_out != NULL && group_inclusion == AUTH_EXCLUDE_RESOURCE_GROUPS) {
 		/*
 		 * Since we are creating a TGT, resource groups from our domain
@@ -1208,7 +1211,7 @@ static krb5_error_code samba_kdc_get_user_info_from_pac(TALLOC_CTX *mem_ctx,
 		resource_groups_ptr = &resource_groups;
 	}
 
-	ret = kerberos_pac_to_user_info_dc(mem_ctx,
+	ret = kerberos_pac_to_user_info_dc(frame,
 					   entry.pac,
 					   context,
 					   &info,
@@ -1229,7 +1232,7 @@ static krb5_error_code samba_kdc_get_user_info_from_pac(TALLOC_CTX *mem_ctx,
 	 * We need to expand group memberships within our local domain,
 	 * as the token might be generated by a trusted domain.
 	 */
-	nt_status = authsam_update_user_info_dc(mem_ctx,
+	nt_status = authsam_update_user_info_dc(frame,
 						samdb,
 						info);
 	if (!NT_STATUS_IS_OK(nt_status)) {
@@ -1240,18 +1243,14 @@ static krb5_error_code samba_kdc_get_user_info_from_pac(TALLOC_CTX *mem_ctx,
 		goto out;
 	}
 
-	*info_out = info;
-	info = NULL;
+	*info_out = talloc_steal(mem_ctx, info);
 
 	if (resource_groups_out != NULL) {
-		*resource_groups_out = resource_groups;
-		resource_groups = NULL;
+		*resource_groups_out = talloc_steal(mem_ctx, resource_groups);
 	}
 
 out:
-	TALLOC_FREE(info);
-	TALLOC_FREE(resource_groups);
-
+	talloc_free(frame);
 	return ret;
 }