s4:kdc: Modify samba_kdc_get_claims_blob() to use claims_data functions

author Joseph Sutton <josephsutton@catalyst.net.nz>

Thu, 5 Oct 2023 02:34:41 +0000 (15:34 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Thu, 12 Oct 2023 23:13:32 +0000 (23:13 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Thu, 5 Oct 2023 02:34:41 +0000 (15:34 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Thu, 12 Oct 2023 23:13:32 +0000 (23:13 +0000)
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c

index 46ed6b54fb0b9244ffe038537155edfc7a690b47..d41ec9cd9eb7e24d6146a3aab26dd7da2beed2d3 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -1085,10 +1085,11 @@ NTSTATUS samba_kdc_get_requester_sid_blob(TALLOC_CTX *mem_ctx,
  }
  
  NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
-                                  const struct samba_kdc_entry *p,
+                                  struct samba_kdc_entry *p,
                                    const DATA_BLOB **_claims_blob)
  {
         DATA_BLOB *claims_blob = NULL;
+       struct claims_data *claims_data = NULL;
         NTSTATUS nt_status;
         int ret;
  
@@ -1101,10 +1102,9 @@ NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
                 return NT_STATUS_NO_MEMORY;
         }
  
-       ret = get_claims_blob_for_principal(p->kdc_db_ctx->samdb,
-                                           claims_blob,
-                                           p->msg,
-                                           claims_blob);
+       ret = samba_kdc_get_claims_data_from_db(p->kdc_db_ctx->samdb,
+                                               p,
+                                               &claims_data);
         if (ret != LDB_SUCCESS) {
                 nt_status = dsdb_ldb_err_to_ntstatus(ret);
                 DBG_ERR("Building claims failed: %s\n",
@@ -1113,6 +1113,14 @@ NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
                 return nt_status;
         }
  
+       nt_status = claims_data_encoded_claims_set(claims_blob,
+                                                  claims_data,
+                                                  claims_blob);
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               talloc_free(claims_blob);
+               return nt_status;
+       }
+
         *_claims_blob = claims_blob;
  
         return NT_STATUS_OK;
diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h

index 9b7ea2fa5e5467ecc91fbb61dbc773aa2088e158..d36ac8d9645c777b4ef5e27eadf3581f0d28ff0b 100644 (file)
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@@ -161,7 +161,7 @@ NTSTATUS samba_kdc_get_requester_sid_blob(TALLOC_CTX *mem_ctx,
                                           const struct auth_user_info_dc *user_info_dc,
                                           DATA_BLOB **_requester_sid_blob);
  NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
-                                  const struct samba_kdc_entry *p,
+                                  struct samba_kdc_entry *p,
                                    const DATA_BLOB **_claims_blob);
  
  krb5_error_code samba_kdc_allowed_to_authenticate_to(TALLOC_CTX *mem_ctx,
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Thu, 5 Oct 2023 02:34:41 +0000 (15:34 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Thu, 12 Oct 2023 23:13:32 +0000 (23:13 +0000)
source4/kdc/pac-glue.c		patch \| blob \| blame \| history
source4/kdc/pac-glue.h		patch \| blob \| blame \| history