s3:kerberos Rework smb_krb5_unparse_name() to take a talloc context

Signed-off-by: Günther Deschner <gd@samba.org>

4 files changed, 22 insertions, 21 deletions

diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 9f0f68ed7b..0032e9e4f6 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -469,7 +469,7 @@ out:
 	data_blob_free(&sesskey1);
 	data_blob_free(&sesskey2);
 
-	SAFE_FREE(client_princ_out);
+	TALLOC_FREE(client_princ_out);
 
 	return status;
 }
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 52cb975a6c..c476f59ff5 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -545,7 +545,7 @@ krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context,
 	
 		/* look under the old key.  If this fails, just use the standard key */
 
-		if (smb_krb5_unparse_name(context, host_princ, &unparsed_name) != 0) {
+		if (smb_krb5_unparse_name(talloc_tos(), context, host_princ, &unparsed_name) != 0) {
 			return (krb5_principal)NULL;
 		}
 		if ((salt_princ_s = kerberos_secrets_fetch_salting_principal(unparsed_name, enctype)) == NULL) {
@@ -558,7 +558,7 @@ krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context,
 		ret_princ = NULL;
 	}
 	
-	SAFE_FREE(unparsed_name);
+	TALLOC_FREE(unparsed_name);
 	SAFE_FREE(salt_princ_s);
 	
 	return ret_princ;
@@ -603,7 +603,7 @@ bool kerberos_secrets_store_salting_principal(const char *service,
 		goto out;
 		
 	}
-	if (smb_krb5_unparse_name(context, princ, &unparsed_name) != 0) {
+	if (smb_krb5_unparse_name(talloc_tos(), context, princ, &unparsed_name) != 0) {
 		goto out;
 	}
 
@@ -623,7 +623,7 @@ bool kerberos_secrets_store_salting_principal(const char *service,
 
 	SAFE_FREE(key);
 	SAFE_FREE(princ_s);
-	SAFE_FREE(unparsed_name);
+	TALLOC_FREE(unparsed_name);
 
 	if (princ) {
 		krb5_free_principal(context, princ);
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 7c028cb78f..4fede259ab 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -64,7 +64,7 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
 		while(!krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) {
 			bool compare_name_ok = False;
 
-			ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc);
+			ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal, &ktprinc);
 			if (ret) {
 				DEBUG(1,("smb_krb5_kt_add_entry_ext: smb_krb5_unparse_name failed (%s)\n",
 					error_message(ret)));
@@ -91,7 +91,7 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
 					ktprinc, kt_entry.vno));
 			}
 
-			SAFE_FREE(ktprinc);
+			TALLOC_FREE(ktprinc);
 
 			if (compare_name_ok) {
 				if (kt_entry.vno == kvno - 1) {
@@ -549,13 +549,12 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 		}
 	}
 
-	TALLOC_FREE( ctx );
-
 	/* Now loop through the keytab and update any other existing entries... */
 	
 	kvno = (krb5_kvno) ads_get_machine_kvno(ads, machine_name);
 	if (kvno == -1) {
 		DEBUG(1,("ads_keytab_create_default: ads_get_machine_kvno failed to determine the system's kvno.\n"));
+		TALLOC_FREE(ctx);
 		return -1;
 	}
 	
@@ -569,6 +568,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 	ret = krb5_init_context(&context);
 	if (ret) {
 		DEBUG(1,("ads_keytab_create_default: could not krb5_init_context: %s\n",error_message(ret)));
+		TALLOC_FREE(ctx);
 		return ret;
 	}
 
@@ -599,7 +599,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 	if (!found) {
 		goto done;
 	}
-	oldEntries = SMB_MALLOC_ARRAY(char *, found );
+	oldEntries = talloc_array(ctx, char *, found );
 	if (!oldEntries) {
 		DEBUG(1,("ads_keytab_create_default: Failed to allocate space to store the old keytab entries (malloc failed?).\n"));
 		ret = -1;
@@ -615,7 +615,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 				char *p;
 
 				/* This returns a malloc'ed string in ktprinc. */
-				ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc);
+				ret = smb_krb5_unparse_name(oldEntries, context, kt_entry.principal, &ktprinc);
 				if (ret) {
 					DEBUG(1,("smb_krb5_unparse_name failed (%s)\n", error_message(ret)));
 					goto done;
@@ -640,12 +640,12 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 						break;
 					}
 					if (!strcmp(oldEntries[i], ktprinc)) {
-						SAFE_FREE(ktprinc);
+						TALLOC_FREE(ktprinc);
 						break;
 					}
 				}
 				if (i == found) {
-					SAFE_FREE(ktprinc);
+					TALLOC_FREE(ktprinc);
 				}
 			}
 			smb_krb5_kt_free_entry(context, &kt_entry);
@@ -654,7 +654,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 		ret = 0;
 		for (i = 0; oldEntries[i]; i++) {
 			ret |= ads_keytab_add_entry(ads, oldEntries[i]);
-			SAFE_FREE(oldEntries[i]);
+			TALLOC_FREE(oldEntries[i]);
 		}
 		krb5_kt_end_seq_get(context, keytab, &cursor);
 	}
@@ -662,7 +662,8 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 
 done:
 
-	SAFE_FREE(oldEntries);
+	TALLOC_FREE(oldEntries);
+	TALLOC_FREE(ctx);
 
 	{
 		krb5_keytab_entry zero_kt_entry;
@@ -728,7 +729,7 @@ int ads_keytab_list(const char *keytab_name)
 		char *etype_s = NULL;
 		krb5_enctype enctype = 0;
 
-		ret = smb_krb5_unparse_name(context, kt_entry.principal, &princ_s);
+		ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal, &princ_s);
 		if (ret) {
 			goto out;
 		}
@@ -739,14 +740,14 @@ int ads_keytab_list(const char *keytab_name)
 		if (ret) {
 			if (asprintf(&etype_s, "UNKNOWN: %d\n", enctype) == -1)
 			{
-				SAFE_FREE(princ_s);
+				TALLOC_FREE(princ_s);
 				goto out;
 			}
 		}
 
 		printf("%3d  %s\t\t %s\n", kt_entry.vno, etype_s, princ_s);
 
-		SAFE_FREE(princ_s);
+		TALLOC_FREE(princ_s);
 		SAFE_FREE(etype_s);
 
 		ret = smb_krb5_kt_free_entry(context, &kt_entry);
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index b903b2a6eb..8502902963 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -192,7 +192,7 @@ static bool ads_keytab_verify_ticket(krb5_context context,
 	}
   
 	while (!auth_ok && (krb5_kt_next_entry(context, keytab, &kt_entry, &kt_cursor) == 0)) {
-		ret = smb_krb5_unparse_name(context, kt_entry.principal, &entry_princ_s);
+		ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal, &entry_princ_s);
 		if (ret) {
 			DEBUG(1, ("ads_keytab_verify_ticket: smb_krb5_unparse_name failed (%s)\n",
 				error_message(ret)));
@@ -242,7 +242,7 @@ static bool ads_keytab_verify_ticket(krb5_context context,
 		}
 
 		/* Free the name we parsed. */
-		SAFE_FREE(entry_princ_s);
+		TALLOC_FREE(entry_princ_s);
 
 		/* Free the entry we just read. */
 		smb_krb5_kt_free_entry(context, &kt_entry);
@@ -636,7 +636,7 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
 #endif
 #endif
 
-	if ((ret = smb_krb5_unparse_name(context, client_principal, principal))) {
+	if ((ret = smb_krb5_unparse_name(mem_ctx, context, client_principal, principal))) {
 		DEBUG(3,("ads_verify_ticket: smb_krb5_unparse_name failed (%s)\n", 
 			 error_message(ret)));
 		sret = NT_STATUS_LOGON_FAILURE;