sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

s4:kdc: Properly allocate claims set on a talloc context

Browse Source 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2023-08-11 12:10:46 +12:00 committed by Andrew Bartlett
parent c6cd6b25ff
commit 58371c33e9
1 changed files with 32 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
source4/kdc/ad_claims.c
View File

@ -458,7 +458,13 @@ static int fill_claim_entry(TALLOC_CTX *mem_ctx,
struct CLAIM_ENTRY *claim_entry)
{
claim_entry->id = (const char *)name.data;
claim_entry->id = talloc_strndup(mem_ctx,
(const char *)name.data,
name.length);
if (claim_entry->id == NULL) {
return ldb_oom(ldb);
}
claim_entry->type = claim_type;
switch (claim_type) {
@ -821,7 +827,7 @@ static int get_all_claims(struct ldb_context *ldb,
unsigned i;
/* The structure which we'll use to build up the claims. */
struct CLAIMS_SET claims_set = {};
struct CLAIMS_SET *claims_set = NULL;
struct CLAIMS_ARRAY *ad_sourced_constructed = NULL;
@ -834,6 +840,12 @@ static int get_all_claims(struct ldb_context *ldb,
return ldb_oom(ldb);
}
claims_set = talloc_zero(tmp_ctx, struct CLAIMS_SET);
if (claims_set == NULL) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
schema = dsdb_get_schema(ldb, tmp_ctx);
if (schema == NULL) {
talloc_free(tmp_ctx);
@ -1060,16 +1072,16 @@ static int get_all_claims(struct ldb_context *ldb,
}
if (ad_sourced_constructed == NULL) {
claims_set.claims_arrays = talloc_realloc(tmp_ctx,
claims_set.claims_arrays,
struct CLAIMS_ARRAY,
claims_set.claims_array_count + 1);
if (claims_set.claims_arrays == NULL) {
claims_set->claims_arrays = talloc_realloc(claims_set,
claims_set->claims_arrays,
struct CLAIMS_ARRAY,
claims_set->claims_array_count + 1);
if (claims_set->claims_arrays == NULL) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
ad_sourced_constructed = &claims_set.claims_arrays[claims_set.claims_array_count++];
ad_sourced_constructed = &claims_set->claims_arrays[claims_set->claims_array_count++];
*ad_sourced_constructed = (struct CLAIMS_ARRAY) {
.claims_source_type = CLAIMS_SOURCE_TYPE_AD,
};
@ -1077,7 +1089,7 @@ static int get_all_claims(struct ldb_context *ldb,
/* Add the claim to the array. */
ad_sourced_constructed->claim_entries = talloc_realloc(
tmp_ctx,
claims_set->claims_arrays,
ad_sourced_constructed->claim_entries,
struct CLAIM_ENTRY,
ad_sourced_constructed->claims_count + 1);
@ -1161,7 +1173,7 @@ static int get_all_claims(struct ldb_context *ldb,
for (i = 0; i < ad_claims_count; ++i) {
const struct ldb_message_element *principal_attribute = NULL;
struct CLAIM_ENTRY *claim_entry = NULL;
uint32_t new_claims_array_count = claims_set.claims_array_count;
uint32_t new_claims_array_count = claims_set->claims_array_count;
/* Get the value of the claim attribute for the principal. */
principal_attribute = ldb_msg_find_element(principal_msg,
@ -1173,23 +1185,23 @@ static int get_all_claims(struct ldb_context *ldb,
/* Add the claim to the array. */
if (ad_sourced_constructed == NULL) {
claims_set.claims_arrays = talloc_realloc(tmp_ctx,
claims_set.claims_arrays,
struct CLAIMS_ARRAY,
new_claims_array_count + 1);
if (claims_set.claims_arrays == NULL) {
claims_set->claims_arrays = talloc_realloc(claims_set,
claims_set->claims_arrays,
struct CLAIMS_ARRAY,
new_claims_array_count + 1);
if (claims_set->claims_arrays == NULL) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
}
ad_sourced_constructed = &claims_set.claims_arrays[new_claims_array_count++];
ad_sourced_constructed = &claims_set->claims_arrays[new_claims_array_count++];
*ad_sourced_constructed = (struct CLAIMS_ARRAY) {
.claims_source_type = CLAIMS_SOURCE_TYPE_AD,
};
}
ad_sourced_constructed->claim_entries = talloc_realloc(
tmp_ctx,
claims_set->claims_arrays,
ad_sourced_constructed->claim_entries,
struct CLAIM_ENTRY,
ad_sourced_constructed->claims_count + 1);
@ -1220,19 +1232,19 @@ static int get_all_claims(struct ldb_context *ldb,
* array(s).
*/
++ad_sourced_constructed->claims_count;
claims_set.claims_array_count = new_claims_array_count;
claims_set->claims_array_count = new_claims_array_count;
}
}
}
if (claims_set.claims_array_count == 0) {
if (claims_set->claims_array_count == 0) {
/* If we have no claims, we're done. */
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}
/* Encode the claims ready to go into a PAC buffer. */
status = encode_claims_set(mem_ctx, &claims_set, claims_blob);
status = encode_claims_set(mem_ctx, claims_set, claims_blob);
if (!NT_STATUS_IS_OK(status)) {
ret = LDB_ERR_OPERATIONS_ERROR;
}