sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

s4:kdc: Switch to using samdb_result_dom_sid_buf()

Browse Source 
This function doesn’t require a heap allocation.

We also check the result of the function, which we weren’t doing before.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2023-08-11 10:13:38 +12:00 committed by Andrew Bartlett
parent 7d6ebfe4e3
commit 914f170099
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
source4/kdc/pac-glue.c
View File

@ -1514,7 +1514,7 @@ static krb5_error_code samba_kdc_validate_pac_blob(
{ {
TALLOC_CTX *frame = talloc_stackframe(); TALLOC_CTX *frame = talloc_stackframe();
struct auth_user_info_dc *pac_user_info = NULL; struct auth_user_info_dc *pac_user_info = NULL;
struct dom_sid *client_sid = NULL; struct dom_sid client_sid;
struct dom_sid pac_sid; struct dom_sid pac_sid;
krb5_error_code code; krb5_error_code code;
bool ok; bool ok;
@ -1551,11 +1551,14 @@ static krb5_error_code samba_kdc_validate_pac_blob(
goto out; goto out;
} }
client_sid = samdb_result_dom_sid(frame, code = samdb_result_dom_sid_buf(client_skdc_entry->msg,
client_skdc_entry->msg, "objectSid",
"objectSid"); &client_sid);
if (code) {
goto out;
}
ok = dom_sid_equal(&pac_sid, client_sid); ok = dom_sid_equal(&pac_sid, &client_sid);
if (!ok) { if (!ok) {
struct dom_sid_buf buf1; struct dom_sid_buf buf1;
struct dom_sid_buf buf2; struct dom_sid_buf buf2;
@ -1563,7 +1566,7 @@ static krb5_error_code samba_kdc_validate_pac_blob(
DBG_ERR("SID mismatch between PAC and looked up client: " DBG_ERR("SID mismatch between PAC and looked up client: "
"PAC[%s] != CLI[%s]\n", "PAC[%s] != CLI[%s]\n",
dom_sid_str_buf(&pac_sid, &buf1), dom_sid_str_buf(&pac_sid, &buf1),
dom_sid_str_buf(client_sid, &buf2)); dom_sid_str_buf(&client_sid, &buf2));
code = KRB5KDC_ERR_TGT_REVOKED; code = KRB5KDC_ERR_TGT_REVOKED;
goto out; goto out;
} }