1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

libcli/security: wire claims conversion: remove strings uniqueness check

This changes the behaviour when one of the strings is NULL. Previously
a single NULL string would be ignored, and two would cause an error.
That will be restored in the next commit.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2023-11-22 14:57:09 +13:00 committed by Andrew Bartlett
parent 08096fd5b4
commit 1c88dfc6ac
2 changed files with 13 additions and 31 deletions

View File

@ -836,7 +836,7 @@ NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
case CLAIM_TYPE_STRING:
{
const struct CLAIM_STRING *values = &claim_entry->values.claim_string;
uint32_t k;
uint32_t k, m;
n_values = values->value_count;
value_type = CLAIM_SECURITY_ATTRIBUTE_TYPE_STRING;
@ -849,29 +849,9 @@ NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
m = 0;
for (k = 0; k < n_values; ++k) {
const char *string_value = NULL;
uint32_t m;
/*
* Ensure that there are no duplicate
* values (very inefficiently, in
* O(n²)).
*/
for (m = 0; m < k; ++m) {
if (values->values[m] == NULL && values->values[k] == NULL) {
talloc_free(claims);
return NT_STATUS_INVALID_PARAMETER;
}
if (values->values[m] != NULL &&
values->values[k] != NULL &&
strcasecmp_m(values->values[m], values->values[k]) == 0)
{
talloc_free(claims);
return NT_STATUS_INVALID_PARAMETER;
}
}
if (values->values[k] != NULL) {
string_value = talloc_strdup(claim_values, values->values[k]);
@ -879,11 +859,11 @@ NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
talloc_free(claims);
return NT_STATUS_NO_MEMORY;
}
claim_values[m].string_value = string_value;
m++;
}
claim_values[k].string_value = string_value;
}
n_values = m;
break;
}
default:

View File

@ -1,6 +1,8 @@
^samba.tests.krb5.conditional_ace_tests.+ConditionalAceTests.test_pac_claim_cmp__1_a_1_42_42_42___a_equals_a_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.+ConditionalAceTests.test_pac_claim_cmp__1_a_2_42_42___a_equals_a_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.+ConditionalAceTests.test_pac_claim_cmp__1_a_6_0_0___a_equals_a_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.+ConditionalAceTests.test_pac_claim_cmp__1_false_booleans_6_0_0___false_booleans_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.+ConditionalAceTests.test_pac_claim_cmp__1_zero_ints_1_0_0___zero_ints_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.+ConditionalAceTests.test_pac_claim_cmp__1_zero_uints_2_0_0___zero_uints_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_pac_claim_cmp__1_a_1_42_42_42___a_equals_a_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_pac_claim_cmp__1_a_2_42_42___a_equals_a_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_pac_claim_cmp__1_a_3_FOO_foo___a_equals_a_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_pac_claim_cmp__1_a_3_foo_foo___a_equals_a_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_pac_claim_cmp__1_a_6_0_0___a_equals_a_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_pac_claim_cmp__1_false_booleans_6_0_0___false_booleans_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_pac_claim_cmp__1_zero_ints_1_0_0___zero_ints_\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_pac_claim_cmp__1_zero_uints_2_0_0___zero_uints_\(ad_dc\)