From: Joseph Sutton Date: Mon, 2 Oct 2023 22:58:05 +0000 (+1300) Subject: s4:kdc: Replace calls to samba_kdc_get_user_info_from_db() with calls to samba_kdc_ge... X-Git-Tag: tevent-0.16.0~144 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0a61dc6ce98b49826b461765a9a9789cf3c1e5cb;p=thirdparty%2Fsamba.git s4:kdc: Replace calls to samba_kdc_get_user_info_from_db() with calls to samba_kdc_get_user_info_dc() The latter function behaves identically, except that it makes a shallow copy of the returned structure, thus avoiding lifetime issues. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index c47aa69b035..4def9a9128f 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -1471,7 +1471,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, if (ent_type == SAMBA_KDC_ENT_TYPE_CLIENT && (flags & SDB_F_FOR_AS_REQ)) { int result; - const struct auth_user_info_dc *user_info_dc = NULL; + struct auth_user_info_dc *user_info_dc = NULL; /* * These protections only apply to clients, so servers in the * Protected Users group may still have service tickets to them @@ -1484,7 +1484,10 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, * and computers should never be members of Protected Users, or * they may fail to authenticate. */ - status = samba_kdc_get_user_info_from_db(p, msg, &user_info_dc); + status = samba_kdc_get_user_info_dc(tmp_ctx, + p, + msg, + &user_info_dc); if (!NT_STATUS_IS_OK(status)) { ret = EINVAL; goto out; diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c index 635f720f9ef..eb24ae8d024 100644 --- a/source4/kdc/mit_samba.c +++ b/source4/kdc/mit_samba.c @@ -903,7 +903,7 @@ krb5_error_code mit_samba_kpasswd_change_password(struct mit_samba_context *ctx, enum samPwdChangeReason reject_reason; struct samr_DomInfo1 *dominfo; const char *error_string = NULL; - const struct auth_user_info_dc *user_info_dc = NULL; + struct auth_user_info_dc *user_info_dc = NULL; struct samba_kdc_entry *p = talloc_get_type_abort(db_entry->e_data, struct samba_kdc_entry); krb5_error_code code = 0; @@ -917,11 +917,12 @@ krb5_error_code mit_samba_kpasswd_change_password(struct mit_samba_context *ctx, return ENOMEM; } - status = samba_kdc_get_user_info_from_db(p, - p->msg, - &user_info_dc); + status = samba_kdc_get_user_info_dc(tmp_ctx, + p, + p->msg, + &user_info_dc); if (!NT_STATUS_IS_OK(status)) { - DBG_WARNING("samba_kdc_get_user_info_from_db failed: %s\n", + DBG_WARNING("samba_kdc_get_user_info_dc failed: %s\n", nt_errstr(status)); code = EINVAL; goto out; diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index f3e3ef14636..291f9e20579 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -2166,7 +2166,7 @@ krb5_error_code samba_kdc_verify_pac(TALLOC_CTX *mem_ctx, } if (!samba_krb5_pac_is_trusted(client)) { - const struct auth_user_info_dc *user_info_dc = NULL; + struct auth_user_info_dc *user_info_dc = NULL; WERROR werr; struct dom_sid *object_sids = NULL; @@ -2177,9 +2177,10 @@ krb5_error_code samba_kdc_verify_pac(TALLOC_CTX *mem_ctx, goto done; } - nt_status = samba_kdc_get_user_info_from_db(client.entry, - client.entry->msg, - &user_info_dc); + nt_status = samba_kdc_get_user_info_dc(tmp_ctx, + client.entry, + client.entry->msg, + &user_info_dc); if (!NT_STATUS_IS_OK(nt_status)) { DBG_ERR("Getting user info for PAC failed: %s\n", nt_errstr(nt_status));