ldb: sync DLIST_DEMOTE_SHORT() changes to include/dlinklist.h

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

lib/util: sync DLIST_DEMOTE_SHORT() changes to dlinklist.h

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

tevent: introduce DLIST_DEMOTE_SHORT()

It turns out that the overhead of DLIST_DEMOTE() implemented
as DLIST_REMOVE();DLIST_ADD_END(), is very high if the list
contains only 1 or 2 elements.

The next commits will make use of DLIST_DEMOTE_SHORT() for
multiplexing multiple tevent_fd structures for a single fd
and the most important and common case is a list with just
one element.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

wintest: Fix invalid escape sequences

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 13 04:55:06 UTC 2023 on atb-devel-224

selftest: Use now() instead of utcnow()

utcnow() is deprecated and will be removed in a future version of Python.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:torture: Use assertEqual() instead of assertEquals()

assertEquals() was removed in Python 3.12.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:tests: Use loadTestsFromTestCase() instead of makeSuite()

makeSuite() is deprecated and will be removed in Python 3.13.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:tests: Fix assertion messages

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:tests: Remove unused variables

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:tests: Remove unused imports

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:script: Remove semicolons

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Fix assertion messages

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Use assertEqual() instead of assertEquals()

assertEquals() was removed in Python 3.12.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Use now() instead of utcnow()

utcnow() is deprecated and will be removed in a future version of Python.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Remove semicolons

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Correct search expression

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Fix comment

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Fix exception message

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Use assertEqual() instead of assertEquals()

assertEquals() was removed in Python 3.12.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:subunit: Use now() instead of utcnow()

utcnow() is deprecated and will be removed in a future version of Python.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:colour: Fix exception message

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

examples: Fix invalid escape sequences

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

examples: Don’t use deprecated method ‘has_key()’

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

buildtools: Remove semicolons

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4-torture: add another test to demonstrate identical functions

Create a spoolss_EnumPrinters request and send it to both endpoints and
verify they deliver identical replies.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 13 03:19:59 UTC 2023 on atb-devel-224

s3-iremotewinspool: check for correct object_uuid in dispatch fn.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4-torture: add testcase to iremotewinspool suite to explore object_uuid handling

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3-iremotewinspool: properly map incoming PAR to RPRN requests.

Map the incoming iremotewinspool opnum to match the appropriate call in
the spoolss server in the pull path.

There is no 1:1 mapping in the opnums between the procols, only in the
corresponding functions.

Without doing the mapping we currently forward
e.g. winspool_AsyncOpenPrinter() to spoolss_EnumPrinters() leading to
all sorts of errors.

A correct mapping was in place earlier with an handsorted server call
table but it got removed with the rpc server rewrite.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3-iremotewinspool: add PAR->RPRN mapping table

There is no 1:1 mapping between the opcodes but between the functions
(including _Ex and _2 naming extensions):

e.g.
winspool_AsyncOpenPrinter  (0x00) -> spoolss_OpenPrinterEx (0x45)
winspool_AsyncClosePrinter (0x14) -> spoolss_ClosePrinter  (0x1d)

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: Check return values of gnutls functions (CID 1452111)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: Check mkdir() return value (CID 1034649)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ntvfs: Correctly acknowledge PVFS_FLAG_STRICT_SYNC flag (CID 241154)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ntvfs: Remove dead code path

‘pending’ will never be NULL.

View with ‘git show -b’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ntvfs: Remove unneeded NULL check (CID 240771)

We’ve already dereferenced ‘pending’ in the init‐clause of the loop, and
won’t reassign it during the loop.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:messaging: Remove redundant code

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:libcli: Check return value of convert_string_talloc() (CID 1272839)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:libcli: Remove unnecessary casts

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Don’t overwrite existing error code (CID 1445263)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Log correct ldb error

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Replace early ‘continue’ with ‘if’ statement (CID 1414738)

A ‘continue’ statement creates the misleading impression that this loop
executes more than once.

This also avoids ‘mem_ctx’ being leaked.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Check return value of ldb_msg_add_empty() (CID 1272827)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Fix unreachable code (CID 1435967)

Commit ede668e8e24c86f0836dfa5740e76d8aca1e0824 removed this condition
for some unexplained reason, causing the following code to become
unreachable.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Remove unreachable code (CID 1034686)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Check return code (CID 1444824/1444844)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Permit forward link to be missing in linked_attributes_fix_forward_link()

We don’t care if a forward link is missing from an object being renamed
during the deletion process.

Nothing yet checks the value returned from this function, so there
should be no change in behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Check whether ‘p’ is NULL before dereferencing it (CID 240875)

Commit 6baf7608dfc3517cb3798fc53db849f49c6d157a added a NULL check in
one place, but not everywhere ‘p’ was dereferenced.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dns_server: Check return value of ldb_transaction_commit() (CID 1034631)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dns_server: Merge similar code paths

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:auth: Remove event context on failure

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:auth: Fix resource leak (CID 1107222)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Check return value of cli_RNetServiceEnum() (CID 1273313)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Avoid integer overflow (CID 1035488)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smb2_server: Check status codes (CID 1474441)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smb2_server: Remove unreachable code (CID 1444981)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Revert "smbd: Fix CID 1504457 Resource leak"

We cannot free ‘enc’ — it may be a copy of ‘buffer’, in which parameter
both construct_reply_chain() and smb_request_done() pass arrays of
automatic storage duration!

Fixes CID 1505354.

This reverts commit a395f752f0748751d4ade533c41066903f26c2dd.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:smbd: Avoid integer overflow (CID 1035487)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpcclient: Do not pass uninitialized pointer to printf() (CID 1476170)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:nmbd: Remove redundant code (CID 1414756)

‘buf’ is reassigned a few lines down.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:modules: Initialize mask_permset (CID 1435850)

If this code had ever run, sys_acl_clear_perms() would have attempted to
write to some random address in memory. ‘mask_permset’ must be a valid
non‐NULL pointer.

Commit 9b79d5f2a2f8af75ef13bdc41d2dc296e19ba098 seems to have been a
previous attempt to fix this issue.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:modules: Remove unreachable code (CID 1508998)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libsmb: Fix array traversal (CID 1034683)

Commit 033185e2a1b2892fe8dc74a18a38e5e13e08cb22 changed the sentinel
value to an empty character array, but failed to update the traversal
code to match.

Commit 48a453996ac161d7c7a7cb15a047e57cbdbb1e87 then tried to fix the
situation, but did not do so correctly.

Fix this code by forgetting about sentinel values altogether.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libnet: Remove always‐false comparison (CID 241309)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Revert "s3:libads: Don’t do first loop iteration if ‘attr’ is NULL"

Fixes CID 1547073: Control flow issues (DEADCODE).

This reverts commit 184a48d65772f359bd81f83256daada8c9e500b3.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:lib: Rearrange preprocessor directives to avoid structurally dead code (CID 242032)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:client: Correctly call setgroups() (CID 1449449)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbXcli: Remove unreachable code (CID 1444978)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:util: Remove always‐false comparison (CID 242193)

‘id’ is an unsigned variable, and so it can never be less than zero.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

util: Remove redundant assertion (CID 1497841)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tdb: Do not pass non–null‐terminated strings to strcmp() (CID 1449485)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:replace: Properly check result of write() and read() (CID 1034925)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:printer_driver: Check return value of gp_inifile_enum_section() (CID 1444835)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:compression: Correctly fix sign extension of long matches (CID 1517275)

Commit 6b4d94c9877ec59081b9da946c00fa2647cad928 was a previous attempt
to fix this issue.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Always regard device info when checking a server authentication policy

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 13 00:11:08 UTC 2023 on atb-devel-224

s4:dsdb: Skip allocation of empty device SIDs array

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Use claims to evaluate RBCD conditions

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Use device info to evaluate RBCD conditions

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Pass claims and device info into samba_kdc_check_s4u2proxy_rbcd()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Rename ‘user_info_dc’ to ‘client_info’

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Call samba_kdc_get_user_info_dc() to get client information

Among other things, this function can deal with RODC‐issued PACs.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Add comment regarding RODC‐issued evidence tickets for constrained delegation

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Factor creation of user_info_dc out of samba_kdc_check_s4u2proxy_rbcd() into its callers

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Adapt interface to new Heimdal revision

NOTE: This commit finally works again!

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

third_party/heimdal: import lorikeet-heimdal-202310092248 (commit cd12cddd8058d9fe627b5b203e471b8d761dcfbb)

NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

third_party/heimdal: Fix PKINIT freshness token memory handling (Import lorikeet-heimdal-202310092148 (commit 38aa80e35b6b1e16b081fa9c005c03b1e6994204))

The issue here is that only the size of the pointer, not the size
of the struture was allocated with calloc().

This means that the malloc() for the freshness token bytes would
have the memory address written beyond the end of the allocated memory.

Additionally, the allocation was not free()ed, resulting in a memory
leak.  This means that a user could trigger ongoing memory allocation
in the server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15491

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Use claims and device info to evaluate server authentication policy

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Make samba_kdc_get_user_info_dc() non‐static

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Use ‘claims_data’ functions to create client claims blob

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Use device claims to evaluate client authentication policy

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Use claims and device info to evaluate server authentication policy

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Have samba_kdc_allowed_to_authenticate_to() take claims and device info

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Fetch device claims for server restrictions

View with ‘git show -b’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Do not perform compound authentication for services without Compound Identity support

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Correctly test services that do not support Compound Identity

These two tests now pass against Windows.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Make samba_kdc_add_compounded_auth() static

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Remove ‘compounded_auth’ parameter from samba_kdc_add_compounded_auth()

It’s only ever equal to SAMBA_COMPOUNDED_AUTH_INCLUDE.

View with ‘git show -b’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Change the type of ‘compounded_auth’ to boolean

View with ‘git show -b’.

This allows us to make the call to authsam_shallow_copy_user_info_dc()
and samba_kdc_add_compounded_auth() only if required.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Remove ‘claims_valid’ parameter from samba_kdc_add_claims_valid()

It’s only ever equal to SAMBA_CLAIMS_VALID_INCLUDE.

View with ‘git show -b’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Introduce helper variable ‘server_restrictions_present’

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Simplify creation of device claims blob

Let samba_kdc_get_claims_data() and claims_data_encoded_claims_set()
handle the work for us.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Note use of parent memory context

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>