summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-06-27 09:59:57 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-07-06 11:44:45 -0400
commit69905bf968003216d444fc68d8597e139362f2e6 (patch)
treeb9e8f4da8167d7b9936218ffb697cba7ab008609
parent71062d4494bbe9c24358e21fa3a40ae747eae0f6 (diff)
downloadsssd-69905bf968003216d444fc68d8597e139362f2e6.tar.gz
sssd-69905bf968003216d444fc68d8597e139362f2e6.tar.bz2
sssd-69905bf968003216d444fc68d8597e139362f2e6.zip
KRB5: Drop memctx parameter of krb5_try_kdcip
This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.
-rw-r--r--src/providers/ipa/ipa_common.c2
-rw-r--r--src/providers/krb5/krb5_common.c23
-rw-r--r--src/providers/krb5/krb5_common.h5
-rw-r--r--src/providers/ldap/ldap_common.c2
4 files changed, 17 insertions, 15 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index b816f997..148a8b71 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -672,7 +672,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts,
/* If there is no KDC, try the deprecated krb5_kdcip option, too */
/* FIXME - this can be removed in a future version */
- ret = krb5_try_kdcip(ipa_opts, cdb, conf_path, ipa_opts->auth, KRB5_KDC);
+ ret = krb5_try_kdcip(cdb, conf_path, ipa_opts->auth, KRB5_KDC);
if (ret != EOK) {
DEBUG(1, ("sss_krb5_try_kdcip failed.\n"));
goto done;
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index d7586aa5..e0682701 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -221,9 +221,8 @@ errno_t check_and_export_options(struct dp_option *opts,
return EOK;
}
-errno_t krb5_try_kdcip(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
- const char *conf_path, struct dp_option *opts,
- int opt_id)
+errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path,
+ struct dp_option *opts, int opt_id)
{
char *krb5_servers = NULL;
errno_t ret;
@@ -231,7 +230,7 @@ errno_t krb5_try_kdcip(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
krb5_servers = dp_opt_get_string(opts, opt_id);
if (krb5_servers == NULL) {
DEBUG(4, ("No KDC found in configuration, trying legacy option\n"));
- ret = confdb_get_string(cdb, memctx, conf_path,
+ ret = confdb_get_string(cdb, NULL, conf_path,
"krb5_kdcip", NULL, &krb5_servers);
if (ret != EOK) {
DEBUG(1, ("confdb_get_string failed.\n"));
@@ -247,11 +246,15 @@ errno_t krb5_try_kdcip(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
return ret;
}
- DEBUG(9, ("Set krb5 server [%s] based on legacy krb5_kdcip option\n",
- krb5_servers));
- DEBUG(0, ("Your configuration uses the deprecated option 'krb5_kdcip' "
- "to specify the KDC. Please change the configuration to use "
- "the 'krb5_server' option instead.\n"));
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ ("Set krb5 server [%s] based on legacy krb5_kdcip option\n",
+ krb5_servers));
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ ("Your configuration uses the deprecated option "
+ "'krb5_kdcip' to specify the KDC. Please change the "
+ "configuration to use the 'krb5_server' option "
+ "instead.\n"));
+ talloc_free(krb5_servers);
}
}
@@ -279,7 +282,7 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
/* If there is no KDC, try the deprecated krb5_kdcip option, too */
/* FIXME - this can be removed in a future version */
- ret = krb5_try_kdcip(memctx, cdb, conf_path, opts, KRB5_KDC);
+ ret = krb5_try_kdcip(cdb, conf_path, opts, KRB5_KDC);
if (ret != EOK) {
DEBUG(1, ("sss_krb5_try_kdcip failed.\n"));
goto done;
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index 029ebf6e..ec4fc050 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -137,9 +137,8 @@ errno_t check_and_export_options(struct dp_option *opts,
struct sss_domain_info *dom,
struct krb5_ctx *krb5_ctx);
-errno_t krb5_try_kdcip(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
- const char *conf_path, struct dp_option *opts,
- int opt_id);
+errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path,
+ struct dp_option *opts, int opt_id);
errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
const char *conf_path, struct dp_option **_opts);
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 64c06cd5..84857549 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -289,7 +289,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
/* If there is no KDC, try the deprecated krb5_kdcip option, too */
/* FIXME - this can be removed in a future version */
- ret = krb5_try_kdcip(memctx, cdb, conf_path, opts->basic, SDAP_KRB5_KDC);
+ ret = krb5_try_kdcip(cdb, conf_path, opts->basic, SDAP_KRB5_KDC);
if (ret != EOK) {
DEBUG(1, ("sss_krb5_try_kdcip failed.\n"));
goto done;