From f784c4726c4223108170fe7398601b8cc8c775c9 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 18 Jan 2017 11:52:48 +0100
Subject: [PATCH] Add free_principal_e_data KDB method

Add an optional method to kdb_vftabl to free e_data pointer in a
principal entry, in case it was populated by a module using a more
complex structure than a single memory region.

[ghudson@mit.edu: handled minor version bump; simplified code; rewrote
commit message]

ticket: 8538
target_version: 1.15-next
tags: pullup

(cherry picked from commit 87d8d1c6da227ff9410413de39ee64e4566429e5)
---
 src/include/kdb.h  | 11 +++++++++++
 src/lib/kdb/kdb5.c | 14 +++++++++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/src/include/kdb.h b/src/include/kdb.h
index e9d1a84ba..da04724fc 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -1382,6 +1382,17 @@ typedef struct _kdb_vftabl {
                                                  krb5_const_principal client,
                                                  const krb5_db_entry *server,
                                                  krb5_const_principal proxy);
+
+    /* End of minor version 0. */
+
+    /*
+     * Optional: Free the e_data pointer of a database entry.  If this method
+     * is not implemented, the e_data pointer in principal entries will be
+     * freed with free() as seen by libkdb5.
+     */
+    void (*free_principal_e_data)(krb5_context kcontext, krb5_octet *e_data);
+
+    /* End of minor version 1 for major version 6. */
 } kdb_vftabl;
 
 #endif /* !defined(_WIN32) */
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index ee4127231..4adf0fcbb 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -323,6 +323,12 @@ copy_vtable(const kdb_vftabl *in, kdb_vftabl *out)
     out->refresh_config = in->refresh_config;
     out->check_allowed_to_delegate = in->check_allowed_to_delegate;
 
+    /* Copy fields for minor version 1 (major version 6). */
+    assert(KRB5_KDB_DAL_MAJOR_VERSION == 6);
+    out->free_principal_e_data = NULL;
+    if (in->min_ver >= 1)
+        out->free_principal_e_data = in->free_principal_e_data;
+
     /* Set defaults for optional fields. */
     if (out->fetch_master_key == NULL)
         out->fetch_master_key = krb5_db_def_fetch_mkey;
@@ -820,11 +826,17 @@ free_tl_data(krb5_tl_data *list)
 void
 krb5_db_free_principal(krb5_context kcontext, krb5_db_entry *entry)
 {
+    kdb_vftabl *v;
     int i;
 
     if (entry == NULL)
         return;
-    free(entry->e_data);
+    if (entry->e_data != NULL) {
+        if (get_vftabl(kcontext, &v) == 0 && v->free_principal_e_data != NULL)
+            v->free_principal_e_data(kcontext, entry->e_data);
+        else
+            free(entry->e_data);
+    }
     krb5_free_principal(kcontext, entry->princ);
     free_tl_data(entry->tl_data);
     for (i = 0; i < entry->n_key_data; i++)