From 914f1700991cca15fe9fd3d9e3174b044963049c Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Fri, 11 Aug 2023 10:13:38 +1200 Subject: [PATCH] s4:kdc: Switch to using samdb_result_dom_sid_buf() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This function doesn’t require a heap allocation. We also check the result of the function, which we weren’t doing before. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- source4/kdc/pac-glue.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 0eae0145ffb..b8efb754c04 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -1514,7 +1514,7 @@ static krb5_error_code samba_kdc_validate_pac_blob( { TALLOC_CTX *frame = talloc_stackframe(); struct auth_user_info_dc *pac_user_info = NULL; - struct dom_sid *client_sid = NULL; + struct dom_sid client_sid; struct dom_sid pac_sid; krb5_error_code code; bool ok; @@ -1551,11 +1551,14 @@ static krb5_error_code samba_kdc_validate_pac_blob( goto out; } - client_sid = samdb_result_dom_sid(frame, - client_skdc_entry->msg, - "objectSid"); + code = samdb_result_dom_sid_buf(client_skdc_entry->msg, + "objectSid", + &client_sid); + if (code) { + goto out; + } - ok = dom_sid_equal(&pac_sid, client_sid); + ok = dom_sid_equal(&pac_sid, &client_sid); if (!ok) { struct dom_sid_buf buf1; struct dom_sid_buf buf2; @@ -1563,7 +1566,7 @@ static krb5_error_code samba_kdc_validate_pac_blob( DBG_ERR("SID mismatch between PAC and looked up client: " "PAC[%s] != CLI[%s]\n", dom_sid_str_buf(&pac_sid, &buf1), - dom_sid_str_buf(client_sid, &buf2)); + dom_sid_str_buf(&client_sid, &buf2)); code = KRB5KDC_ERR_TGT_REVOKED; goto out; }