1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

s4:kdc: Make [client,device]_claims_blob const pointers

This is so that we can have them point to ‘null_data’ if we so choose.

We can’t assign the result of data_blob_talloc() to a const pointer, so
we go through an intermediary non-const pointer for the
device_claims_blob case.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Joseph Sutton 2023-06-26 11:10:51 +12:00 committed by Stefan Metzmacher
parent ebc27cf32a
commit 7a4fa2c564
4 changed files with 16 additions and 12 deletions

View File

@ -473,7 +473,7 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
DATA_BLOB *pcred_blob = NULL; DATA_BLOB *pcred_blob = NULL;
DATA_BLOB *pac_attrs_blob = NULL; DATA_BLOB *pac_attrs_blob = NULL;
DATA_BLOB *requester_sid_blob = NULL; DATA_BLOB *requester_sid_blob = NULL;
DATA_BLOB *client_claims_blob = NULL; const DATA_BLOB *client_claims_blob = NULL;
NTSTATUS nt_status; NTSTATUS nt_status;
krb5_error_code code; krb5_error_code code;
struct samba_kdc_entry *skdc_entry; struct samba_kdc_entry *skdc_entry;

View File

@ -1130,7 +1130,7 @@ NTSTATUS samba_kdc_get_requester_sid_blob(TALLOC_CTX *mem_ctx,
NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx, NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
const struct samba_kdc_entry *p, const struct samba_kdc_entry *p,
DATA_BLOB **_claims_blob) const DATA_BLOB **_claims_blob)
{ {
DATA_BLOB *claims_blob = NULL; DATA_BLOB *claims_blob = NULL;
NTSTATUS nt_status; NTSTATUS nt_status;
@ -2364,11 +2364,11 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
DATA_BLOB *upn_blob = NULL; DATA_BLOB *upn_blob = NULL;
DATA_BLOB *deleg_blob = NULL; DATA_BLOB *deleg_blob = NULL;
DATA_BLOB *requester_sid_blob = NULL; DATA_BLOB *requester_sid_blob = NULL;
DATA_BLOB *client_claims_blob = NULL; const DATA_BLOB *client_claims_blob = NULL;
bool client_pac_is_trusted = flags & SAMBA_KDC_FLAG_KRBTGT_IS_TRUSTED; bool client_pac_is_trusted = flags & SAMBA_KDC_FLAG_KRBTGT_IS_TRUSTED;
bool device_pac_is_trusted = flags & SAMBA_KDC_FLAG_DEVICE_KRBTGT_IS_TRUSTED; bool device_pac_is_trusted = flags & SAMBA_KDC_FLAG_DEVICE_KRBTGT_IS_TRUSTED;
bool delegated_proxy_pac_is_trusted = flags & SAMBA_KDC_FLAG_DELEGATED_PROXY_IS_TRUSTED; bool delegated_proxy_pac_is_trusted = flags & SAMBA_KDC_FLAG_DELEGATED_PROXY_IS_TRUSTED;
DATA_BLOB *device_claims_blob = NULL; const DATA_BLOB *device_claims_blob = NULL;
DATA_BLOB *device_info_blob = NULL; DATA_BLOB *device_info_blob = NULL;
int is_tgs = false; int is_tgs = false;
struct auth_user_info_dc *user_info_dc = NULL; struct auth_user_info_dc *user_info_dc = NULL;
@ -2422,23 +2422,27 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
} else if (code != 0) { } else if (code != 0) {
goto done; goto done;
} else { } else {
device_claims_blob = talloc_zero(mem_ctx, DATA_BLOB); DATA_BLOB *device_claims = NULL;
if (device_claims_blob == NULL) {
device_claims = talloc_zero(mem_ctx, DATA_BLOB);
if (device_claims == NULL) {
smb_krb5_free_data_contents(context, &device_claims_data); smb_krb5_free_data_contents(context, &device_claims_data);
code = ENOMEM; code = ENOMEM;
goto done; goto done;
} }
*device_claims_blob = data_blob_talloc(mem_ctx, *device_claims = data_blob_talloc(mem_ctx,
device_claims_data.data, device_claims_data.data,
device_claims_data.length); device_claims_data.length);
if (device_claims_blob->data == NULL && device_claims_data.length != 0) { if (device_claims->data == NULL && device_claims_data.length != 0) {
smb_krb5_free_data_contents(context, &device_claims_data); smb_krb5_free_data_contents(context, &device_claims_data);
code = ENOMEM; code = ENOMEM;
goto done; goto done;
} }
smb_krb5_free_data_contents(context, &device_claims_data); smb_krb5_free_data_contents(context, &device_claims_data);
device_claims_blob = device_claims;
} }
code = samba_kdc_create_device_info_blob(mem_ctx, code = samba_kdc_create_device_info_blob(mem_ctx,

View File

@ -168,7 +168,7 @@ NTSTATUS samba_kdc_get_requester_sid_blob(TALLOC_CTX *mem_ctx,
DATA_BLOB **_requester_sid_blob); DATA_BLOB **_requester_sid_blob);
NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx, NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
const struct samba_kdc_entry *p, const struct samba_kdc_entry *p,
DATA_BLOB **_claims_blob); const DATA_BLOB **_claims_blob);
krb5_error_code samba_kdc_allowed_to_authenticate_to(TALLOC_CTX *mem_ctx, krb5_error_code samba_kdc_allowed_to_authenticate_to(TALLOC_CTX *mem_ctx,
struct ldb_context *samdb, struct ldb_context *samdb,

View File

@ -106,7 +106,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv,
DATA_BLOB *upn_blob = NULL; DATA_BLOB *upn_blob = NULL;
DATA_BLOB *pac_attrs_blob = NULL; DATA_BLOB *pac_attrs_blob = NULL;
DATA_BLOB *requester_sid_blob = NULL; DATA_BLOB *requester_sid_blob = NULL;
DATA_BLOB *client_claims_blob = NULL; const DATA_BLOB *client_claims_blob = NULL;
krb5_error_code ret; krb5_error_code ret;
NTSTATUS nt_status; NTSTATUS nt_status;
struct samba_kdc_entry *skdc_entry = struct samba_kdc_entry *skdc_entry =