sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-03 13:47:25 +03:00
Code

s4:auth: Return a talloc‐allocated resource groups structure

Browse Source 
Future callers will rely on resource_groups_out being talloc‐allocated.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2023-09-21 14:20:29 +12:00 committed by Andrew Bartlett
parent 219ee05d6e
commit 0a9f248642
1 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
source4/auth/kerberos/kerberos_pac.c
View File

@ -328,7 +328,8 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
union PAC_INFO _upn_dns_info;
struct PAC_UPN_DNS_INFO *upn_dns_info = NULL;
struct auth_user_info_dc *user_info_dc_out;
struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups_in = NULL;
const struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups_in = NULL;
struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups_out = NULL;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
@ -344,11 +345,7 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
pac_logon_info_in = data_blob_const(k5pac_logon_info_in.data, k5pac_logon_info_in.length);
/*
* Allocate this structure on mem_ctx so we can return its resource
* groups to the caller.
*/
ndr_err = ndr_pull_union_blob(&pac_logon_info_in, mem_ctx, &info,
ndr_err = ndr_pull_union_blob(&pac_logon_info_in, tmp_ctx, &info,
PAC_TYPE_LOGON_INFO,
(ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
smb_krb5_free_data_contents(context, &k5pac_logon_info_in);
@ -480,10 +477,25 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
*/
resource_groups_in = &info.logon_info.info->resource_groups;
if (resource_groups != NULL && resource_groups_in->groups.count != 0) {
*resource_groups = resource_groups_in;
resource_groups_out = talloc(tmp_ctx, struct PAC_DOMAIN_GROUP_MEMBERSHIP);
if (resource_groups_out == NULL) {
talloc_free(tmp_ctx);
return ENOMEM;
}
*resource_groups_out = (struct PAC_DOMAIN_GROUP_MEMBERSHIP) {
.domain_sid = talloc_steal(resource_groups_out, resource_groups_in->domain_sid),
.groups = {
.count = resource_groups_in->groups.count,
.rids = talloc_steal(resource_groups_out, resource_groups_in->groups.rids),
},
};
}
*user_info_dc = user_info_dc_out;
if (resource_groups_out != NULL) {
*resource_groups = talloc_steal(mem_ctx, resource_groups_out);
}
return 0;
}