From: Stefan Metzmacher Date: Tue, 22 Mar 2022 16:04:22 +0000 (+0100) Subject: s4:kdc: let samba_kdc_entry take references to sdb_entry and kdc_entry X-Git-Tag: tevent-0.12.0~324 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c2eb50861d52dbf32e021beb7a100f4446e1629b;p=thirdparty%2Fsamba.git s4:kdc: let samba_kdc_entry take references to sdb_entry and kdc_entry kdc_entry can be hdb_entry or krb5_db_entry. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 3c9540eb348..592285511ce 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -252,6 +252,21 @@ static struct SDBFlags uf2SDBFlags(krb5_context context, uint32_t userAccountCon static int samba_kdc_entry_destructor(struct samba_kdc_entry *p) { + if (p->db_entry != NULL) { + /* + * A sdb_entry still has a reference + */ + return -1; + } + + if (p->kdc_entry != NULL) { + /* + * hdb_entry or krb5_db_entry still + * have a reference... + */ + return -1; + } + return 0; } diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index dcd9c3979aa..0c903afe35c 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -101,14 +101,17 @@ static void hdb_samba4_free_entry_context(krb5_context context, struct HDB *db, * 'context' set, so we have to check that the context is not NULL. */ if (entry->context != NULL) { + struct samba_kdc_entry *skdc_entry = + talloc_get_type_abort(entry->context, + struct samba_kdc_entry); + /* this function is called only from hdb_free_entry(). * Make sure we neutralize the destructor or we will * get a double free later when hdb_free_entry() will * try to call free_hdb_entry() */ - talloc_set_destructor(entry->context, NULL); - - /* now proceed to free the talloc part */ - talloc_free(entry->context); + entry->context = NULL; + skdc_entry->kdc_entry = NULL; + TALLOC_FREE(skdc_entry); } } diff --git a/source4/kdc/mit-kdb/kdb_samba.c b/source4/kdc/mit-kdb/kdb_samba.c index 650df06882f..0ff1bfe6c5c 100644 --- a/source4/kdc/mit-kdb/kdb_samba.c +++ b/source4/kdc/mit-kdb/kdb_samba.c @@ -27,6 +27,7 @@ #include #include +#include "kdc/samba_kdc.h" #include "kdc/mit_samba.h" #include "kdb_samba.h" @@ -133,7 +134,7 @@ static void kdb_samba_db_free_principal_e_data(krb5_context context, skdc_entry = talloc_get_type_abort(e_data, struct samba_kdc_entry); - talloc_set_destructor(skdc_entry, NULL); + skdc_entry->kdc_entry = NULL; TALLOC_FREE(skdc_entry); } diff --git a/source4/kdc/mit-kdb/kdb_samba_principals.c b/source4/kdc/mit-kdb/kdb_samba_principals.c index 3917b9824c6..31983a7da6c 100644 --- a/source4/kdc/mit-kdb/kdb_samba_principals.c +++ b/source4/kdc/mit-kdb/kdb_samba_principals.c @@ -27,6 +27,7 @@ #include #include +#include "kdc/samba_kdc.h" #include "kdc/mit_samba.h" #include "kdb_samba.h" @@ -68,7 +69,7 @@ static void ks_free_principal_e_data(krb5_context context, krb5_octet *e_data) skdc_entry = talloc_get_type_abort(e_data, struct samba_kdc_entry); - talloc_set_destructor(skdc_entry, NULL); + skdc_entry->kdc_entry = NULL; TALLOC_FREE(skdc_entry); } diff --git a/source4/kdc/samba_kdc.h b/source4/kdc/samba_kdc.h index 4a0b4eff22e..2caefd58ae9 100644 --- a/source4/kdc/samba_kdc.h +++ b/source4/kdc/samba_kdc.h @@ -54,6 +54,8 @@ struct samba_kdc_db_context { struct samba_kdc_entry { struct samba_kdc_db_context *kdc_db_ctx; + const struct sdb_entry *db_entry; /* this is only temporary valid */ + const void *kdc_entry; /* this is a reference to hdb_entry/krb5_db_entry */ struct ldb_message *msg; struct ldb_dn *realm_dn; struct auth_user_info_dc *user_info_dc; diff --git a/source4/kdc/sdb.c b/source4/kdc/sdb.c index 3296e509e37..37784529f84 100644 --- a/source4/kdc/sdb.c +++ b/source4/kdc/sdb.c @@ -24,6 +24,7 @@ #include "includes.h" #include "system/kerberos.h" #include "sdb.h" +#include "samba_kdc.h" #include "lib/krb5_wrap/krb5_samba.h" static void free_sdb_entry(struct sdb_entry *s); @@ -73,6 +74,11 @@ void sdb_keys_free(struct sdb_keys *keys) static void free_sdb_entry(struct sdb_entry *s) { + if (s->skdc_entry != NULL) { + s->skdc_entry->db_entry = NULL; + TALLOC_FREE(s->skdc_entry); + } + /* * Passing NULL as the Kerberos context is intentional here, as both * Heimdal and MIT libraries don't use the context when clearing the diff --git a/source4/kdc/sdb_to_hdb.c b/source4/kdc/sdb_to_hdb.c index 800dace005e..9cce5ead7ee 100644 --- a/source4/kdc/sdb_to_hdb.c +++ b/source4/kdc/sdb_to_hdb.c @@ -294,6 +294,9 @@ static int sdb_entry_to_hdb_entry(krb5_context context, } h->context = ske; + if (ske != NULL) { + ske->kdc_entry = h; + } return 0; error: free_hdb_entry(h); diff --git a/source4/kdc/sdb_to_kdb.c b/source4/kdc/sdb_to_kdb.c index a4a85537ac0..e617845ed78 100644 --- a/source4/kdc/sdb_to_kdb.c +++ b/source4/kdc/sdb_to_kdb.c @@ -311,6 +311,9 @@ static int sdb_entry_ex_to_krb5_db_entry(krb5_context context, } k->e_data = (void *)ske; + if (ske != NULL) { + ske->kdc_entry = k; + } return 0; }