sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

libcli/security: int wire claims drop uniqueness check

Browse Source 
And we allocate all the values together as an array, because
we might as well.

This and the next couple of commits might look like steps backwards,
and they are, but they allow us to get a run-up to leap over a big
fence.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2023-11-22 14:54:25 +13:00 committed by Andrew Bartlett
parent 10fd3e5836
commit 08096fd5b4
2 changed files with 27 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
libcli/security/claims-conversions.c
View File

@ -771,6 +771,7 @@ NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
{
const struct CLAIM_INT64 *values = &claim_entry->values.claim_int64;
uint32_t k;
int64_t *claim_values_int64 = NULL;
n_values = values->value_count;
value_type = CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64;
@ -782,31 +783,17 @@ NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
talloc_free(claims);
return NT_STATUS_NO_MEMORY;
}
claim_values_int64 = talloc_array(claims,
int64_t,
n_values);
if (claim_values_int64 == NULL) {
talloc_free(claims);
return NT_STATUS_NO_MEMORY;
}
for (k = 0; k < n_values; ++k) {
int64_t *value = NULL;
uint32_t m;
/*
* Ensure that there are no duplicate
* values (very inefficiently, in
* O(n²)).
*/
for (m = 0; m < k; ++m) {
if (values->values[m] == values->values[k]) {
talloc_free(claims);
return NT_STATUS_INVALID_PARAMETER;
}
}
value = talloc(claims, int64_t);
if (value == NULL) {
talloc_free(claims);
return NT_STATUS_NO_MEMORY;
}
*value = values->values[k];
claim_values[k].int_value = value;
claim_values_int64[k] = values->values[k];
claim_values[k].int_value = &claim_values_int64[k];
}
break;
@ -816,6 +803,7 @@ NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
{
const struct CLAIM_UINT64 *values = &claim_entry->values.claim_uint64;
uint32_t k;
uint64_t *claim_values_uint64 = NULL;
n_values = values->value_count;
value_type = (claim_entry->type == CLAIM_TYPE_UINT64)
@ -830,30 +818,17 @@ NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
claim_values_uint64 = talloc_array(claims,
uint64_t,
n_values);
if (claim_values_uint64 == NULL) {
talloc_free(claims);
return NT_STATUS_NO_MEMORY;
}
for (k = 0; k < n_values; ++k) {
uint64_t *value = NULL;
uint32_t m;
/*
* Ensure that there are no duplicate
* values (very inefficiently, in
* O(n²)).
*/
for (m = 0; m < k; ++m) {
if (values->values[m] == values->values[k]) {
talloc_free(claims);
return NT_STATUS_INVALID_PARAMETER;
}
}
value = talloc(claims, uint64_t);
if (value == NULL) {
talloc_free(claims);
return NT_STATUS_NO_MEMORY;
}
*value = values->values[k];
claim_values[k].uint_value = value;
claim_values_uint64[k] = values->values[k];
claim_values[k].uint_value = &claim_values_uint64[k];
}
break;

6
selftest/knownfail.d/krb5-conditional-aces Normal file
View File

@ -0,0 +1,6 @@
^samba.tests.krb5.conditional_ace_tests.+ConditionalAceTests.test_pac_claim_cmp__1_a_1_42_42_42___a_equals_a_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.+ConditionalAceTests.test_pac_claim_cmp__1_a_2_42_42___a_equals_a_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.+ConditionalAceTests.test_pac_claim_cmp__1_a_6_0_0___a_equals_a_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.+ConditionalAceTests.test_pac_claim_cmp__1_false_booleans_6_0_0___false_booleans_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.+ConditionalAceTests.test_pac_claim_cmp__1_zero_ints_1_0_0___zero_ints_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.+ConditionalAceTests.test_pac_claim_cmp__1_zero_uints_2_0_0___zero_uints_\(ad_dc\)