s4:kdc: Don't pass a NULL pointer to krb5_pac_add_buffer()

Heimdal contains an assertion that the data pointer is not NULL. We need
to pass in a pointer to some dummy data instead.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 97dac1bc79e59921a5c18d5b77169d46641c4d0b..70c36c4b9533e565d1d4bbdf9062adbf1d385b77 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -819,10 +819,8 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
 {
        krb5_data logon_data;
        krb5_error_code ret;
-#ifdef SAMBA4_USES_HEIMDAL
        char null_byte = '\0';
        krb5_data null_data = smb_krb5_make_data(&null_byte, 0);
-#endif
 
        /* The user account may be set not to want the PAC */
        if (logon_blob == NULL) {
@@ -846,10 +844,19 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
        }
 
        if (client_claims_blob != NULL) {
-               krb5_data client_claims_data = smb_krb5_data_from_blob(*client_claims_blob);
+               krb5_data client_claims_data;
+               krb5_data *data = NULL;
+
+               if (client_claims_blob->length != 0) {
+                       client_claims_data = smb_krb5_data_from_blob(*client_claims_blob);
+                       data = &client_claims_data;
+               } else {
+                       data = &null_data;
+               }
+
                ret = krb5_pac_add_buffer(context, pac,
                                          PAC_TYPE_CLIENT_CLAIMS_INFO,
-                                         &client_claims_data);
+                                         data);
                if (ret != 0) {
                        return ret;
                }