From: Joseph Sutton Date: Thu, 5 Oct 2023 02:11:42 +0000 (+1300) Subject: s4:auth: Have claims_data_encoded_claims_set() return a reference to the encoded... X-Git-Tag: tevent-0.16.0~113 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3e5aba62ecdc227466879d2e74d7314b5f21e6c0;p=thirdparty%2Fsamba.git s4:auth: Have claims_data_encoded_claims_set() return a reference to the encoded claims Having the lifetime of the encoded claims be tied in a predictable fashion to a caller‐controlled memory context is less prone to error. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- diff --git a/source4/auth/session.c b/source4/auth/session.c index 818fdf583df..8f98f75c652 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -612,9 +612,13 @@ NTSTATUS claims_data_from_claims_set(TALLOC_CTX *claims_data_ctx, * From a ‘claims_data’ structure, return an encoded claims blob that can be put * into a PAC. */ -NTSTATUS claims_data_encoded_claims_set(struct claims_data *claims_data, +NTSTATUS claims_data_encoded_claims_set(TALLOC_CTX *mem_ctx, + struct claims_data *claims_data, DATA_BLOB *encoded_claims_set_out) { + uint8_t *data = NULL; + size_t len; + if (encoded_claims_set_out == NULL) { return NT_STATUS_INVALID_PARAMETER; } @@ -643,7 +647,15 @@ NTSTATUS claims_data_encoded_claims_set(struct claims_data *claims_data, claims_data->flags |= CLAIMS_DATA_ENCODED_CLAIMS_PRESENT; } - *encoded_claims_set_out = claims_data->encoded_claims_set; + if (claims_data->encoded_claims_set.data != NULL) { + data = talloc_reference(mem_ctx, claims_data->encoded_claims_set.data); + if (data == NULL) { + return NT_STATUS_NO_MEMORY; + } + } + len = claims_data->encoded_claims_set.length; + + *encoded_claims_set_out = data_blob_const(data, len); return NT_STATUS_OK; } diff --git a/source4/auth/session.h b/source4/auth/session.h index 391fcc34bf7..3258c807137 100644 --- a/source4/auth/session.h +++ b/source4/auth/session.h @@ -136,7 +136,8 @@ NTSTATUS claims_data_from_claims_set(TALLOC_CTX *claims_data_ctx, * From a ‘claims_data’ structure, return an encoded claims blob that can be put * into a PAC. */ -NTSTATUS claims_data_encoded_claims_set(struct claims_data *claims_data, +NTSTATUS claims_data_encoded_claims_set(TALLOC_CTX *mem_ctx, + struct claims_data *claims_data, DATA_BLOB *encoded_claims_set_out); /*