From 9859711513d18a7ceba2ef80fcb3a3acfb51a888 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 5 Oct 2023 15:34:41 +1300
Subject: [PATCH] s4:kdc: Modify samba_kdc_get_claims_blob() to use claims_data
 functions
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

The chief advantage of these functions is that the claims got from the
database are retained in the âsamba_kdc_entryâ object, allowing them to
be reused should they be needed later during the same request.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/kdc/pac-glue.c | 18 +++++++++++++-----
 source4/kdc/pac-glue.h |  2 +-
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 46ed6b54fb0..d41ec9cd9eb 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -1085,10 +1085,11 @@ NTSTATUS samba_kdc_get_requester_sid_blob(TALLOC_CTX *mem_ctx,
 }
 
 NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
-				   const struct samba_kdc_entry *p,
+				   struct samba_kdc_entry *p,
 				   const DATA_BLOB **_claims_blob)
 {
 	DATA_BLOB *claims_blob = NULL;
+	struct claims_data *claims_data = NULL;
 	NTSTATUS nt_status;
 	int ret;
 
@@ -1101,10 +1102,9 @@ NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	ret = get_claims_blob_for_principal(p->kdc_db_ctx->samdb,
-					    claims_blob,
-					    p->msg,
-					    claims_blob);
+	ret = samba_kdc_get_claims_data_from_db(p->kdc_db_ctx->samdb,
+						p,
+						&claims_data);
 	if (ret != LDB_SUCCESS) {
 		nt_status = dsdb_ldb_err_to_ntstatus(ret);
 		DBG_ERR("Building claims failed: %s\n",
@@ -1113,6 +1113,14 @@ NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
 		return nt_status;
 	}
 
+	nt_status = claims_data_encoded_claims_set(claims_blob,
+						   claims_data,
+						   claims_blob);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(claims_blob);
+		return nt_status;
+	}
+
 	*_claims_blob = claims_blob;
 
 	return NT_STATUS_OK;
diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h
index 9b7ea2fa5e5..d36ac8d9645 100644
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@@ -161,7 +161,7 @@ NTSTATUS samba_kdc_get_requester_sid_blob(TALLOC_CTX *mem_ctx,
 					  const struct auth_user_info_dc *user_info_dc,
 					  DATA_BLOB **_requester_sid_blob);
 NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
-				   const struct samba_kdc_entry *p,
+				   struct samba_kdc_entry *p,
 				   const DATA_BLOB **_claims_blob);
 
 krb5_error_code samba_kdc_allowed_to_authenticate_to(TALLOC_CTX *mem_ctx,
-- 
2.47.3