From 72459f690e283542b0e2acf7b62e48f2998d5b9d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 19 Feb 2025 13:55:22 +0100 Subject: [PATCH] s4:kdc: let samba_kdc_get_claims_blob() take struct claims_data as input. It means samba_kdc_update_pac() does not call samba_kdc_get_claims_data_from_db() twice, as it's already called by samba_kdc_get_claims_data(). Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- source4/kdc/pac-glue.c | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index e3d008bc571..67d369a7984 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -1112,13 +1112,11 @@ krb5_error_code samba_kdc_get_claims_data_from_db(struct ldb_context *samdb, static NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx, - struct samba_kdc_entry *p, + struct claims_data *claims_data, const DATA_BLOB **_claims_blob) { DATA_BLOB *claims_blob = NULL; - struct claims_data *claims_data = NULL; NTSTATUS nt_status; - int ret; SMB_ASSERT(_claims_blob != NULL); @@ -1129,17 +1127,6 @@ NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - ret = samba_kdc_get_claims_data_from_db(p->kdc_db_ctx->samdb, - p, - &claims_data); - if (ret != LDB_SUCCESS) { - nt_status = dsdb_ldb_err_to_ntstatus(ret); - DBG_ERR("Building claims failed: %s\n", - nt_errstr(nt_status)); - talloc_free(claims_blob); - return nt_status; - } - nt_status = claims_data_encoded_claims_set(claims_blob, claims_data, claims_blob); @@ -2946,7 +2933,7 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx, /* Don't trust RODC-issued claims. Regenerate them. */ nt_status = samba_kdc_get_claims_blob(tmp_ctx, - client.entry, + pac_claims.user_claims, &client_claims_blob); if (!NT_STATUS_IS_OK(nt_status)) { DBG_ERR("samba_kdc_get_claims_blob failed: %s\n", -- 2.47.2