author | Neng Xue <neng.xue@oracle.com> |
Mon, 26 Sep 2016 15:58:55 -0700 | |
changeset 6978 | 14cbeb78966a |
parent 6599 | 1d033832c5e7 |
permissions | -rw-r--r-- |
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
1 |
# |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
2 |
# Fix up some issues with the KDB LDAP backend. One involves providing a |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
3 |
# default for the service password and is associated with this ticket: Ticket |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
4 |
# #8295 kdb5_ldap_stash_service_password() stash file logic needs tweaking |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
5 |
# |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
6 |
# Another issue deals with potential memory leaks: |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
7 |
# Ticket #8331 potential memleak of pol_entry->name in populate_policy() |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
8 |
# |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
9 |
# I've also alerted MIT to the fact that the ldap_handle.c code can leak LDAP |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
10 |
# handles. They've said I don't need to open a ticket on this since it isn't |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
11 |
# user visible: |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
12 |
# |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
13 |
# On 12/23/2015 02:43 PM, Will Fiveash wrote: |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
14 |
# > On Fri, Dec 18, 2015 at 07:47:49PM -0500, Greg Hudson wrote: |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
15 |
# >> On 12/18/2015 07:27 PM, Will Fiveash wrote: |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
16 |
# >>> Shouldn't the code unbind the ldap_handle? |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
17 |
# >> |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
18 |
# >> Probably. In practice the KDC process is going to exit anyway, so it's |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
19 |
# >> not a leak with any consequences. |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
20 |
# >> |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
21 |
# >> That whole area of code is a bit of a mess; it maintains a pool of LDAP |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
22 |
# >> handles but we only ever use the first one. (Or that was my reading the |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
23 |
# >> last time I looked at it.) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
24 |
# > |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
25 |
# > Should I open a ticket on this? |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
26 |
# |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
27 |
# I think we don't need a ticket for this, since it isn't really a |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
28 |
# user-visible bug. |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
29 |
# Patch source: in-house |
6599
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
30 |
--- a/src/man/kdc.conf.man |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
31 |
+++ b/src/man/kdc.conf.man |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
32 |
@@ -533,6 +533,8 @@ passwords (created by \fBkdb5_ldap_util stashsrvpw\fP) for the |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
33 |
\fBldap_kdc_dn\fP and \fBldap_kadmind_dn\fP objects, or for the |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
34 |
\fBldap_kdc_sasl_authcid\fP or \fBldap_kadmind_sasl_authcid\fP names |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
35 |
for SASL authentication. This file must be kept secure. |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
36 |
+If \fBldap_service_password_file\fP is not specified the default |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
37 |
+of \fB@LOCALSTATEDIR@\fP\fB/krb5\fP\fB/service_passwd\fP is used. |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
38 |
.TP |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
39 |
.B \fBunlockiter\fP |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
40 |
If set to \fBtrue\fP, this DB2\-specific tag causes iteration |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
41 |
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
42 |
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
43 |
@@ -125,7 +125,8 @@ kdb5_ldap_stash_service_password(int argc, char **argv) |
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
44 |
} |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
45 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
46 |
profile_get_string (util_context->profile, KDB_MODULE_SECTION, section, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
47 |
- "ldap_service_password_file", NULL, &file_name); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
48 |
+ "ldap_service_password_file", |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
49 |
+ DEF_SERVICE_PASSWD_FILE, &file_name); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
50 |
} |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
51 |
done: |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
52 |
|
6599
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
53 |
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
54 |
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h |
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
55 |
@@ -32,8 +32,6 @@ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
56 |
#define MAX_LEN 1024 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
57 |
#define MAX_SERVICE_PASSWD_LEN 256 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
58 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
59 |
-#define DEF_SERVICE_PASSWD_FILE KDC_DIR "/service_passwd" |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
60 |
- |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
61 |
extern int tohex(krb5_data, krb5_data *); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
62 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
63 |
extern void kdb5_ldap_stash_service_password(int argc, char **argv); |
6599
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
64 |
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
65 |
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
66 |
@@ -176,6 +176,7 @@ krb5_ldap_cleanup_handles(krb5_ldap_server_info *ldap_server_info) |
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
67 |
ldap_server_handle = ldap_server_info->ldap_server_handles; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
68 |
ldap_server_info->ldap_server_handles = ldap_server_handle->next; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
69 |
/* ldap_unbind_s(ldap_server_handle); */ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
70 |
+ ldap_unbind_s(ldap_server_handle->ldap_handle); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
71 |
free (ldap_server_handle); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
72 |
ldap_server_handle = NULL; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
73 |
} |
6599
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
74 |
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
75 |
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
76 |
@@ -360,6 +360,17 @@ krb5_ldap_read_server_params(krb5_context context, char *conf_section, |
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
77 |
&ldap_context->service_password_file); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
78 |
if (ret) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
79 |
return ret; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
80 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
81 |
+ if (ldap_context->service_password_file == NULL) { |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
82 |
+ ret = profile_get_string (context->profile, KDB_MODULE_DEF_SECTION, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
83 |
+ KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
84 |
+ NULL, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
85 |
+ DEF_SERVICE_PASSWD_FILE, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
86 |
+ &ldap_context->service_password_file); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
87 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
88 |
+ if (ret) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
89 |
+ return ret; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
90 |
+ } |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
91 |
} |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
92 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
93 |
if (ldap_context->sasl_mech == NULL) { |
6599
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
94 |
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
95 |
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h |
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
96 |
@@ -36,6 +36,8 @@ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
97 |
#ifndef _HAVE_LDAP_MISC_H |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
98 |
#define _HAVE_LDAP_MISC_H 1 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
99 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
100 |
+#define DEF_SERVICE_PASSWD_FILE KDC_DIR "/service_passwd" |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
101 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
102 |
/* misc functions */ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
103 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
104 |
krb5_boolean |
6599
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
105 |
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
106 |
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c |
1d033832c5e7
24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
107 |
@@ -461,7 +461,8 @@ krb5_ldap_iterate_password_policy(krb5_context context, char *match_expr, |
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
108 |
} |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
109 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
110 |
cleanup: |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
111 |
- free(entry); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
112 |
+ if (st && entry) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
113 |
+ krb5_ldap_free_password_policy(context, entry); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
114 |
free(policy); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
115 |
ldap_msgfree(result); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
116 |
krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle); |