From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 19 Feb 2025 16:38:19 +0000 (+0100)
Subject: s4:kdc: let samba_kdc_get_pac() use samba_kdc_get_claims_blob()
X-Git-Tag: tevent-0.17.0~649
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b6ffb47b42163f1274b7752b57ec353931ed16e;p=thirdparty%2Fsamba.git

s4:kdc: let samba_kdc_get_pac() use samba_kdc_get_claims_blob()

We should avoid calling claims_data_encoded_claims_set() directly,
we'll have to do more than claims_data_encoded_claims_set() in future,
so make sure we always go via the common samba_kdc_get_claims_blob()
helper.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 67d369a7984..f85ed073348 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -2327,7 +2327,7 @@ krb5_error_code samba_kdc_get_pac(TALLOC_CTX *mem_ctx,
 	DATA_BLOB *upn_blob = NULL;
 	DATA_BLOB *pac_attrs_blob = NULL;
 	DATA_BLOB *requester_sid_blob = NULL;
-	DATA_BLOB client_claims_blob = {};
+	const DATA_BLOB *client_claims_blob = NULL;
 	krb5_error_code ret;
 	NTSTATUS nt_status;
 	bool is_krbtgt = false;
@@ -2431,9 +2431,9 @@ krb5_error_code samba_kdc_get_pac(TALLOC_CTX *mem_ctx,
 		return ret;
 	}
 
-	nt_status = claims_data_encoded_claims_set(frame,
-						   auth_claims.user_claims,
-						   &client_claims_blob);
+	nt_status = samba_kdc_get_claims_blob(frame,
+					      auth_claims.user_claims,
+					      &client_claims_blob);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		talloc_free(mem_ctx);
 		return map_errno_from_nt_status(nt_status);
@@ -2554,7 +2554,7 @@ krb5_error_code samba_kdc_get_pac(TALLOC_CTX *mem_ctx,
 				  pac_attrs_blob,
 				  requester_sid_blob,
 				  NULL, /* deleg_blob */
-				  &client_claims_blob,
+				  client_claims_blob,
 				  NULL, /* device_info_blob */
 				  NULL, /* device_claims_blob */
 				  new_pac);