s4:kdc: Make [client,device]_claims_blob const pointers

This is so that we can have them point to ‘null_data’ if we so choose.

We can’t assign the result of data_blob_talloc() to a const pointer, so
we go through an intermediary non-const pointer for the
device_claims_blob case.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 691ac105a2c85fbc55681b17de6e1f1a147e7cee..d0bfe86b099630d7a75c63e0231481634ba77007 100644 (file)
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -473,7 +473,7 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
        DATA_BLOB *pcred_blob = NULL;
        DATA_BLOB *pac_attrs_blob = NULL;
        DATA_BLOB *requester_sid_blob = NULL;
-       DATA_BLOB *client_claims_blob = NULL;
+       const DATA_BLOB *client_claims_blob = NULL;
        NTSTATUS nt_status;
        krb5_error_code code;
        struct samba_kdc_entry *skdc_entry;

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 9ddeaa51c24ae72a6ae00f6f75a024b6175ce224..168b3a4d246651d013a9110b33db41d8e5aad3e8 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -1130,7 +1130,7 @@ NTSTATUS samba_kdc_get_requester_sid_blob(TALLOC_CTX *mem_ctx,
 
 NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
                                   const struct samba_kdc_entry *p,
-                                  DATA_BLOB **_claims_blob)
+                                  const DATA_BLOB **_claims_blob)
 {
        DATA_BLOB *claims_blob = NULL;
        NTSTATUS nt_status;
@@ -2364,11 +2364,11 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
        DATA_BLOB *upn_blob = NULL;
        DATA_BLOB *deleg_blob = NULL;
        DATA_BLOB *requester_sid_blob = NULL;
-       DATA_BLOB *client_claims_blob = NULL;
+       const DATA_BLOB *client_claims_blob = NULL;
        bool client_pac_is_trusted = flags & SAMBA_KDC_FLAG_KRBTGT_IS_TRUSTED;
        bool device_pac_is_trusted = flags & SAMBA_KDC_FLAG_DEVICE_KRBTGT_IS_TRUSTED;
        bool delegated_proxy_pac_is_trusted = flags & SAMBA_KDC_FLAG_DELEGATED_PROXY_IS_TRUSTED;
-       DATA_BLOB *device_claims_blob = NULL;
+       const DATA_BLOB *device_claims_blob = NULL;
        DATA_BLOB *device_info_blob = NULL;
        int is_tgs = false;
        struct auth_user_info_dc *user_info_dc = NULL;
@@ -2422,23 +2422,27 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
                        } else if (code != 0) {
                                goto done;
                        } else {
-                               device_claims_blob = talloc_zero(mem_ctx, DATA_BLOB);
-                               if (device_claims_blob == NULL) {
+                               DATA_BLOB *device_claims = NULL;
+
+                               device_claims = talloc_zero(mem_ctx, DATA_BLOB);
+                               if (device_claims == NULL) {
                                        smb_krb5_free_data_contents(context, &device_claims_data);
                                        code = ENOMEM;
                                        goto done;
                                }
 
-                               *device_claims_blob = data_blob_talloc(mem_ctx,
-                                                                      device_claims_data.data,
-                                                                      device_claims_data.length);
-                               if (device_claims_blob->data == NULL && device_claims_data.length != 0) {
+                               *device_claims = data_blob_talloc(mem_ctx,
+                                                                 device_claims_data.data,
+                                                                 device_claims_data.length);
+                               if (device_claims->data == NULL && device_claims_data.length != 0) {
                                        smb_krb5_free_data_contents(context, &device_claims_data);
                                        code = ENOMEM;
                                        goto done;
                                }
 
                                smb_krb5_free_data_contents(context, &device_claims_data);
+
+                               device_claims_blob = device_claims;
                        }
 
                        code = samba_kdc_create_device_info_blob(mem_ctx,

diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h
index 2bb7bfe0c90fd348d55d831c3363d2271856c79d..a3f7f8ce42148058d5863c1fa2f94fb999904292 100644 (file)
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@@ -168,7 +168,7 @@ NTSTATUS samba_kdc_get_requester_sid_blob(TALLOC_CTX *mem_ctx,
                                          DATA_BLOB **_requester_sid_blob);
 NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx,
                                   const struct samba_kdc_entry *p,
-                                  DATA_BLOB **_claims_blob);
+                                  const DATA_BLOB **_claims_blob);
 
 krb5_error_code samba_kdc_allowed_to_authenticate_to(TALLOC_CTX *mem_ctx,
                                                     struct ldb_context *samdb,

diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
index 43cb0b54f79604d13f30f4534194335b974542cc..be1500a4804ec27a9bd059d2c03f07933c9cea55 100644 (file)
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@@ -106,7 +106,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv,
        DATA_BLOB *upn_blob = NULL;
        DATA_BLOB *pac_attrs_blob = NULL;
        DATA_BLOB *requester_sid_blob = NULL;
-       DATA_BLOB *client_claims_blob = NULL;
+       const DATA_BLOB *client_claims_blob = NULL;
        krb5_error_code ret;
        NTSTATUS nt_status;
        struct samba_kdc_entry *skdc_entry =