s4:kdc: let samba_kdc_get_claims_blob() take struct claims_data as input.

It means samba_kdc_update_pac() does not call
samba_kdc_get_claims_data_from_db() twice,
as it's already called by samba_kdc_get_claims_data().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index e3d008bc571705578b784d81b3d5b8c253b6f51c..67d369a7984f4a811678865954a45b4eece4bdc5 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -1112,13 +1112,11 @@ krb5_error_code samba_kdc_get_claims_data_from_db(struct ldb_context *samdb,
 
 static
 NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
-                                  struct samba_kdc_entry *p,
+                                  struct claims_data *claims_data,
                                   const DATA_BLOB **_claims_blob)
 {
        DATA_BLOB *claims_blob = NULL;
-       struct claims_data *claims_data = NULL;
        NTSTATUS nt_status;
-       int ret;
 
        SMB_ASSERT(_claims_blob != NULL);
 
@@ -1129,17 +1127,6 @@ NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
                return NT_STATUS_NO_MEMORY;
        }
 
-       ret = samba_kdc_get_claims_data_from_db(p->kdc_db_ctx->samdb,
-                                               p,
-                                               &claims_data);
-       if (ret != LDB_SUCCESS) {
-               nt_status = dsdb_ldb_err_to_ntstatus(ret);
-               DBG_ERR("Building claims failed: %s\n",
-                       nt_errstr(nt_status));
-               talloc_free(claims_blob);
-               return nt_status;
-       }
-
        nt_status = claims_data_encoded_claims_set(claims_blob,
                                                   claims_data,
                                                   claims_blob);
@@ -2946,7 +2933,7 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
 
                /* Don't trust RODC-issued claims. Regenerate them. */
                nt_status = samba_kdc_get_claims_blob(tmp_ctx,
-                                                     client.entry,
+                                                     pac_claims.user_claims,
                                                      &client_claims_blob);
                if (!NT_STATUS_IS_OK(nt_status)) {
                        DBG_ERR("samba_kdc_get_claims_blob failed: %s\n",