sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-01 04:58:35 +03:00
Code

s4:kdc: Replace 'is_untrusted' with 'is_trusted'

Browse Source 
A double negative is just confusing and prone to error.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2023-03-16 14:29:15 +13:00 committed by Andrew Bartlett
parent eb74be91bb
commit 6fd5afd042
4 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
source4/kdc/mit_samba.c
View File

@ -579,7 +579,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
krb5_principal delegated_proxy_principal = NULL;
krb5_pac new_pac = NULL;
bool is_in_db = false;
bool is_untrusted = false;
bool is_trusted = false;
uint32_t flags = SAMBA_KDC_FLAG_SKIP_PAC_BUFFER;
/* Create a memory context early so code can use talloc_stackframe() */
@ -613,13 +613,13 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
code = samba_krbtgt_is_in_db(krbtgt_skdc_entry,
&is_in_db,
&is_untrusted);
&is_trusted);
if (code != 0) {
goto done;
}
if (is_untrusted) {
flags |= SAMBA_KDC_FLAG_KRBTGT_IS_UNTRUSTED;
if (is_trusted) {
flags |= SAMBA_KDC_FLAG_KRBTGT_IS_TRUSTED;
}
if (is_in_db) {
@ -687,7 +687,7 @@ krb5_error_code mit_samba_update_pac(struct mit_samba_context *ctx,
struct samba_kdc_entry *server_skdc_entry = NULL;
struct samba_kdc_entry *krbtgt_skdc_entry = NULL;
bool is_in_db = false;
bool is_untrusted = false;
bool is_trusted = false;
uint32_t flags = SAMBA_KDC_FLAG_SKIP_PAC_BUFFER;
/* Create a memory context early so code can use talloc_stackframe() */
@ -725,13 +725,13 @@ krb5_error_code mit_samba_update_pac(struct mit_samba_context *ctx,
*/
code = samba_krbtgt_is_in_db(krbtgt_skdc_entry,
&is_in_db,
&is_untrusted);
&is_trusted);
if (code != 0) {
goto done;
}
if (is_untrusted) {
flags |= SAMBA_KDC_FLAG_KRBTGT_IS_UNTRUSTED;
if (is_trusted) {
flags |= SAMBA_KDC_FLAG_KRBTGT_IS_TRUSTED;
}
if (is_in_db) {

22
source4/kdc/pac-glue.c
View File

@ -745,7 +745,7 @@ int samba_client_requested_pac(krb5_context context,
/* Was the krbtgt in this DB (ie, should we check the incoming signature) and was it an RODC */
int samba_krbtgt_is_in_db(struct samba_kdc_entry *p,
bool *is_in_db,
bool *is_untrusted)
bool *is_trusted)
{
NTSTATUS status;
int rodc_krbtgt_number, trust_direction;
@ -765,7 +765,7 @@ int samba_krbtgt_is_in_db(struct samba_kdc_entry *p,
validation when we do inter-foreest trusts
*/
talloc_free(mem_ctx);
*is_untrusted = false;
*is_trusted = true;
*is_in_db = false;
return 0;
}
@ -783,32 +783,32 @@ int samba_krbtgt_is_in_db(struct samba_kdc_entry *p,
if (p->kdc_db_ctx->my_krbtgt_number == 0) {
if (rid == DOMAIN_RID_KRBTGT) {
*is_untrusted = false;
*is_trusted = true;
*is_in_db = true;
talloc_free(mem_ctx);
return 0;
} else if (rodc_krbtgt_number != -1) {
*is_in_db = true;
*is_untrusted = true;
*is_trusted = false;
talloc_free(mem_ctx);
return 0;
}
} else if ((rid != DOMAIN_RID_KRBTGT) && (rodc_krbtgt_number == p->kdc_db_ctx->my_krbtgt_number)) {
talloc_free(mem_ctx);
*is_untrusted = false;
*is_trusted = true;
*is_in_db = true;
return 0;
} else if (rid == DOMAIN_RID_KRBTGT) {
/* krbtgt viewed from an RODC */
talloc_free(mem_ctx);
*is_untrusted = false;
*is_trusted = true;
*is_in_db = false;
return 0;
}
/* Another RODC */
talloc_free(mem_ctx);
*is_untrusted = true;
*is_trusted = false;
*is_in_db = false;
return 0;
}
@ -1498,7 +1498,7 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
DATA_BLOB *deleg_blob = NULL;
DATA_BLOB *requester_sid_blob = NULL;
DATA_BLOB *client_claims_blob = NULL;
bool is_untrusted = flags & SAMBA_KDC_FLAG_KRBTGT_IS_UNTRUSTED;
bool is_trusted = flags & SAMBA_KDC_FLAG_KRBTGT_IS_TRUSTED;
int is_tgs = false;
enum auth_group_inclusion group_inclusion;
size_t num_types = 0;
@ -1572,7 +1572,7 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
}
}
if (is_untrusted) {
if (!is_trusted) {
struct auth_user_info_dc *user_info_dc = NULL;
WERROR werr;
@ -1869,7 +1869,7 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
goto done;
}
if (!is_untrusted && !is_tgs) {
if (is_trusted && !is_tgs) {
/*
* The client may have requested no PAC when obtaining the
* TGT.
@ -2003,7 +2003,7 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
break;
case PAC_TYPE_ATTRIBUTES_INFO:
if (!is_untrusted && is_tgs) {
if (is_trusted && is_tgs) {
/* just copy... */
break;
}

4
source4/kdc/pac-glue.h
View File

@ -33,7 +33,7 @@ enum {
SAMBA_KDC_FLAG_PROTOCOL_TRANSITION = 0x00000001,
SAMBA_KDC_FLAG_CONSTRAINED_DELEGATION = 0x00000002,
SAMBA_KDC_FLAG_KRBTGT_IN_DB = 0x00000004,
SAMBA_KDC_FLAG_KRBTGT_IS_UNTRUSTED = 0x00000008,
SAMBA_KDC_FLAG_KRBTGT_IS_TRUSTED = 0x00000008,
SAMBA_KDC_FLAG_SKIP_PAC_BUFFER = 0x00000010,
};
@ -64,7 +64,7 @@ int samba_client_requested_pac(krb5_context context,
int samba_krbtgt_is_in_db(struct samba_kdc_entry *skdc_entry,
bool *is_in_db,
bool *is_untrusted);
bool *is_trusted);
NTSTATUS samba_kdc_get_user_info_from_db(struct samba_kdc_entry *skdc_entry,
const struct ldb_message *msg,

8
source4/kdc/wdc-samba4.c
View File

@ -245,7 +245,7 @@ static krb5_error_code samba_wdc_reget_pac2(astgs_request_t r,
krb5_error_code ret;
bool is_s4u2self = samba_wdc_is_s4u2self_req(r);
bool is_in_db = false;
bool is_untrusted = false;
bool is_trusted = false;
uint32_t flags = 0;
PAC_OPTIONS_FLAGS pac_options = {};
@ -292,7 +292,7 @@ static krb5_error_code samba_wdc_reget_pac2(astgs_request_t r,
* sure that the record in 'client' matches the SID in the
* original PAC.
*/
ret = samba_krbtgt_is_in_db(krbtgt_skdc_entry, &is_in_db, &is_untrusted);
ret = samba_krbtgt_is_in_db(krbtgt_skdc_entry, &is_in_db, &is_trusted);
if (ret != 0) {
goto out;
}
@ -348,8 +348,8 @@ static krb5_error_code samba_wdc_reget_pac2(astgs_request_t r,
flags |= SAMBA_KDC_FLAG_CONSTRAINED_DELEGATION;
}
if (is_untrusted) {
flags |= SAMBA_KDC_FLAG_KRBTGT_IS_UNTRUSTED;
if (is_trusted) {
flags |= SAMBA_KDC_FLAG_KRBTGT_IS_TRUSTED;
}
if (is_in_db) {