1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

s4:kdc: Add get_claims_set_for_principal()

Add a new function, get_claims_set_for_principal(), that returns the
claims as a CLAIMS_SET structure rather than as a blob. To accommodate
this, move the call to encode_claims_set() out of get_all_claims() and
into get_claims_blob_for_principal().

Being able to get the unencoded claims will save us from having to
decode claims that we just needlessly encoded.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 14 05:51:45 UTC 2023 on atb-devel-224
This commit is contained in:
Joseph Sutton 2023-08-11 10:54:52 +12:00 committed by Andrew Bartlett
parent 21e0c25895
commit c01c206d76
2 changed files with 51 additions and 20 deletions

View File

@ -793,7 +793,7 @@ static int get_all_claims(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
const struct ldb_message *principal,
uint32_t principal_class_id,
DATA_BLOB *claims_blob)
struct CLAIMS_SET **claims_set_out)
{
TALLOC_CTX *tmp_ctx = NULL;
@ -803,7 +803,6 @@ static int get_all_claims(struct ldb_context *ldb,
struct ldb_dn *claim_types_child = NULL;
struct ldb_dn *config_dn = ldb_get_config_basedn(ldb);
struct ldb_dn *schema_dn = ldb_get_schema_basedn(ldb);
NTSTATUS status;
bool ok;
int ret;
struct ldb_result *res = NULL;
@ -837,7 +836,7 @@ static int get_all_claims(struct ldb_context *ldb,
struct assigned_silo assigned_silo = new_assigned_silo();
*claims_blob = data_blob_null;
*claims_set_out = NULL;
tmp_ctx = talloc_new(mem_ctx);
if (tmp_ctx == NULL) {
@ -1241,32 +1240,24 @@ static int get_all_claims(struct ldb_context *ldb,
}
}
if (claims_set->claims_array_count == 0) {
/* If we have no claims, we're done. */
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}
/* Encode the claims ready to go into a PAC buffer. */
status = encode_claims_set(mem_ctx, claims_set, claims_blob);
if (!NT_STATUS_IS_OK(status)) {
ret = LDB_ERR_OPERATIONS_ERROR;
if (claims_set->claims_array_count) {
*claims_set_out = talloc_steal(mem_ctx, claims_set);
}
talloc_free(tmp_ctx);
return ret;
return LDB_SUCCESS;
}
int get_claims_blob_for_principal(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
const struct ldb_message *principal,
DATA_BLOB *claims_blob_out)
int get_claims_set_for_principal(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
const struct ldb_message *principal,
struct CLAIMS_SET **claims_set_out)
{
struct ldb_message_element *principal_class_el = NULL;
struct dsdb_schema *schema = NULL;
const struct dsdb_class *principal_class = NULL;
*claims_blob_out = data_blob_null;
*claims_set_out = NULL;
if (!ad_claims_are_issued(ldb)) {
return LDB_SUCCESS;
@ -1292,5 +1283,38 @@ int get_claims_blob_for_principal(struct ldb_context *ldb,
mem_ctx,
principal,
principal_class->governsID_id,
claims_blob_out);
claims_set_out);
}
int get_claims_blob_for_principal(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
const struct ldb_message *principal,
DATA_BLOB *claims_blob_out)
{
struct CLAIMS_SET *claims_set = NULL;
int ret;
NTSTATUS status;
*claims_blob_out = data_blob_null;
ret = get_claims_set_for_principal(ldb,
mem_ctx,
principal,
&claims_set);
if (ret) {
return ret;
}
if (claims_set == NULL) {
return LDB_SUCCESS;
}
/* Encode the claims ready to go into a PAC buffer. */
status = encode_claims_set(mem_ctx, claims_set, claims_blob_out);
if (!NT_STATUS_IS_OK(status)) {
ret = LDB_ERR_OPERATIONS_ERROR;
talloc_free(claims_set);
}
return ret;
}

View File

@ -24,8 +24,15 @@
#include "lib/util/data_blob.h"
#include "ldb.h"
struct CLAIMS_SET;
bool ad_claims_are_issued(struct ldb_context *samdb);
int get_claims_set_for_principal(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
const struct ldb_message *principal,
struct CLAIMS_SET **claims_set_out);
int get_claims_blob_for_principal(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
const struct ldb_message *principal,