s4-kdc: pass down only a samba_kdc_entry to samba_princ_needs_pac().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index a51f18da0df0845667df6cb1c20687cd07f2ca3c..9f2d04d8dbc9d9a151af849f165c336e540594f5 100644 (file)
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -230,9 +230,15 @@ static int mit_samba_update_pac_data(struct mit_samba_context *ctx,
        NTSTATUS nt_status;
        krb5_pac pac = NULL;
        int ret;
+       struct samba_kdc_entry *skdc_entry = NULL;
+
+       if (client) {
+               skdc_entry = talloc_get_type_abort(client->ctx,
+                                                  struct samba_kdc_entry);
+       }
 
        /* The user account may be set not to want the PAC */
-       if (client && !samba_princ_needs_pac(client)) {
+       if (client && !samba_princ_needs_pac(skdc_entry)) {
                return EINVAL;
        }
 

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 1558d2185f3cc9d885158ed5013d0d980c82a501..e51dbad6fc010f3478f91ba3070a0ffc750d74e1 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -135,15 +135,13 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
        return ret;
 }
 
-bool samba_princ_needs_pac(struct hdb_entry_ex *princ)
+bool samba_princ_needs_pac(struct samba_kdc_entry *skdc_entry)
 {
 
-       struct samba_kdc_entry *p = talloc_get_type(princ->ctx, struct samba_kdc_entry);
        uint32_t userAccountControl;
 
-
        /* The service account may be set not to want the PAC */
-       userAccountControl = ldb_msg_find_attr_as_uint(p->msg, "userAccountControl", 0);
+       userAccountControl = ldb_msg_find_attr_as_uint(skdc_entry->msg, "userAccountControl", 0);
        if (userAccountControl & UF_NO_AUTH_DATA_REQUIRED) {
                return false;
        }
@@ -231,7 +229,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
        NTSTATUS nt_status;
 
        /* The user account may be set not to want the PAC */
-       if ( ! samba_princ_needs_pac(client)) {
+       if ( ! samba_princ_needs_pac(p)) {
                *_pac_blob = NULL;
                return NT_STATUS_OK;
        }

diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h
index 0e1cdcd2f2521f93c8c84e6062a94d17fd7758ee..cc37f2ae5be66322a1ba68d71fd25cc144082176 100644 (file)
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@@ -26,7 +26,7 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
                                    DATA_BLOB *deleg_blob,
                                    krb5_pac *pac);
 
-bool samba_princ_needs_pac(struct hdb_entry_ex *princ);
+bool samba_princ_needs_pac(struct samba_kdc_entry *skdc_entry);
 
 int samba_krbtgt_is_in_db(struct hdb_entry_ex *princ, bool *is_in_db, bool *is_untrusted);
 

diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
index 2f4945c312ce98dd6c22162748ceff080afd2d04..50a37fcdb1a1eaa7f61eb20aa4485f7bf33b1dbf 100644 (file)
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@@ -77,7 +77,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context,
        }
 
        /* The user account may be set not to want the PAC */
-       if (!samba_princ_needs_pac(server)) {
+       if (!samba_princ_needs_pac(p)) {
                talloc_free(mem_ctx);
                return EINVAL;
        }