From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 21 Sep 2023 02:48:02 +0000 (+1200)
Subject: s4:kdc: Move encode_claims_set() into the auth_session subsystem
X-Git-Tag: tevent-0.16.0~350
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e164cc2d662c0d7c13ae2d588f79c394f671b39;p=thirdparty%2Fsamba.git

s4:kdc: Move encode_claims_set() into the auth_session subsystem

Some functions in the auth_session subsystem will need to be able to
call encode_claims_set(). Moving said function lets them do that whilst
avoiding circular dependencies and additional public dependencies.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/auth/session.c b/source4/auth/session.c
index c56917a6f1e..23bb7bf78d1 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -449,3 +449,62 @@ void auth_session_info_debug(int dbg_lev,
 	security_token_debug(DBGC_AUTH, dbg_lev,
 			     session_info->security_token);
 }
+
+NTSTATUS encode_claims_set(TALLOC_CTX *mem_ctx,
+			   struct CLAIMS_SET *claims_set,
+			   DATA_BLOB *claims_blob)
+{
+	TALLOC_CTX *tmp_ctx = NULL;
+	enum ndr_err_code ndr_err;
+	struct CLAIMS_SET_NDR *claims_set_info = NULL;
+	struct CLAIMS_SET_METADATA *metadata = NULL;
+	struct CLAIMS_SET_METADATA_NDR *metadata_ndr = NULL;
+
+	if (claims_blob == NULL) {
+		return NT_STATUS_INVALID_PARAMETER_3;
+	}
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	metadata_ndr = talloc_zero(tmp_ctx, struct CLAIMS_SET_METADATA_NDR);
+	if (metadata_ndr == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	metadata = talloc_zero(metadata_ndr, struct CLAIMS_SET_METADATA);
+	if (metadata == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	claims_set_info = talloc_zero(metadata, struct CLAIMS_SET_NDR);
+	if (claims_set_info == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	metadata_ndr->claims.metadata = metadata;
+
+	metadata->claims_set = claims_set_info;
+	metadata->compression_format = CLAIMS_COMPRESSION_FORMAT_XPRESS_HUFF;
+
+	claims_set_info->claims.claims = claims_set;
+
+	ndr_err = ndr_push_struct_blob(claims_blob, mem_ctx, metadata_ndr,
+				       (ndr_push_flags_fn_t)ndr_push_CLAIMS_SET_METADATA_NDR);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+		DBG_ERR("CLAIMS_SET_METADATA_NDR push failed: %s\n",
+			nt_errstr(nt_status));
+
+		talloc_free(tmp_ctx);
+		return nt_status;
+	}
+
+	talloc_free(tmp_ctx);
+	return NT_STATUS_OK;
+}
diff --git a/source4/auth/session.h b/source4/auth/session.h
index 011d6bcd35e..0e52c6b1932 100644
--- a/source4/auth/session.h
+++ b/source4/auth/session.h
@@ -81,5 +81,8 @@ struct auth_session_info *admin_session(TALLOC_CTX *mem_ctx,
 					struct loadparm_context *lp_ctx,
 					struct dom_sid *domain_sid);
 
+NTSTATUS encode_claims_set(TALLOC_CTX *mem_ctx,
+			   struct CLAIMS_SET *claims_set,
+			   DATA_BLOB *claims_blob);
 
 #endif /* _SAMBA_AUTH_SESSION_H */
diff --git a/source4/kdc/ad_claims.c b/source4/kdc/ad_claims.c
index 5ab750601ee..b8c355a11ed 100644
--- a/source4/kdc/ad_claims.c
+++ b/source4/kdc/ad_claims.c
@@ -34,6 +34,7 @@
 #include "librpc/gen_ndr/ndr_krb5pac.h"
 #include "lzxpress_huffman.h"
 #include "lib/util/binsearch.h"
+#include "auth/session.h"
 
 #undef strcasecmp
 
@@ -679,65 +680,6 @@ static uint32_t claim_get_value_count(const struct CLAIM_ENTRY *claim)
 	return 0;
 }
 
-static NTSTATUS encode_claims_set(TALLOC_CTX *mem_ctx,
-				  struct CLAIMS_SET *claims_set,
-				  DATA_BLOB *claims_blob)
-{
-	TALLOC_CTX *tmp_ctx = NULL;
-	enum ndr_err_code ndr_err;
-	struct CLAIMS_SET_NDR *claims_set_info = NULL;
-	struct CLAIMS_SET_METADATA *metadata = NULL;
-	struct CLAIMS_SET_METADATA_NDR *metadata_ndr = NULL;
-
-	if (claims_blob == NULL) {
-		return NT_STATUS_INVALID_PARAMETER_3;
-	}
-
-	tmp_ctx = talloc_new(mem_ctx);
-	if (tmp_ctx == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	metadata_ndr = talloc_zero(tmp_ctx, struct CLAIMS_SET_METADATA_NDR);
-	if (metadata_ndr == NULL) {
-		talloc_free(tmp_ctx);
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	metadata = talloc_zero(metadata_ndr, struct CLAIMS_SET_METADATA);
-	if (metadata == NULL) {
-		talloc_free(tmp_ctx);
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	claims_set_info = talloc_zero(metadata, struct CLAIMS_SET_NDR);
-	if (claims_set_info == NULL) {
-		talloc_free(tmp_ctx);
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	metadata_ndr->claims.metadata = metadata;
-
-	metadata->claims_set = claims_set_info;
-	metadata->compression_format = CLAIMS_COMPRESSION_FORMAT_XPRESS_HUFF;
-
-	claims_set_info->claims.claims = claims_set;
-
-	ndr_err = ndr_push_struct_blob(claims_blob, mem_ctx, metadata_ndr,
-				       (ndr_push_flags_fn_t)ndr_push_CLAIMS_SET_METADATA_NDR);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
-		DBG_ERR("CLAIMS_SET_METADATA_NDR push failed: %s\n",
-			nt_errstr(nt_status));
-
-		talloc_free(tmp_ctx);
-		return nt_status;
-	}
-
-	talloc_free(tmp_ctx);
-	return NT_STATUS_OK;
-}
-
 static bool is_schema_dn(struct ldb_dn *dn,
 			 struct ldb_dn *schema_dn)
 {