From 0501db1a6767eac7066d6bd67e0c93b0ac4143ec Mon Sep 17 00:00:00 2001 From: =?utf8?q?G=C3=BCnther=20Deschner?= Date: Sat, 10 May 2014 00:26:21 +0200 Subject: [PATCH 1/1] s4-kdc: pass down only a samba_kdc_entry to samba_kdc_get_pac_blob(). MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Stefan Metzmacher --- source4/kdc/mit_samba.c | 6 +++++- source4/kdc/pac-glue.c | 3 +-- source4/kdc/pac-glue.h | 2 +- source4/kdc/wdc-samba4.c | 17 ++++++++++++++--- 4 files changed, 21 insertions(+), 7 deletions(-) diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c index 9f2d04d8dbc..de3d3a240ed 100644 --- a/source4/kdc/mit_samba.c +++ b/source4/kdc/mit_samba.c @@ -195,13 +195,17 @@ static int mit_samba_get_pac_data(struct mit_samba_context *ctx, TALLOC_CTX *tmp_ctx; DATA_BLOB *pac_blob; NTSTATUS nt_status; + struct samba_kdc_entry *skdc_entry; + + skdc_entry = talloc_get_type_abort(client->ctx, + struct samba_kdc_entry); tmp_ctx = talloc_named(ctx, 0, "mit_samba_get_pac_data context"); if (!tmp_ctx) { return ENOMEM; } - nt_status = samba_kdc_get_pac_blob(tmp_ctx, client, &pac_blob); + nt_status = samba_kdc_get_pac_blob(tmp_ctx, skdc_entry, &pac_blob); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); return EINVAL; diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index e51dbad6fc0..31ad506a592 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -220,10 +220,9 @@ int samba_krbtgt_is_in_db(struct hdb_entry_ex *princ, bool *is_in_db, bool *is_u } NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx, - struct hdb_entry_ex *client, + struct samba_kdc_entry *p, DATA_BLOB **_pac_blob) { - struct samba_kdc_entry *p = talloc_get_type(client->ctx, struct samba_kdc_entry); struct auth_user_info_dc *user_info_dc; DATA_BLOB *pac_blob; NTSTATUS nt_status; diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h index cc37f2ae5be..e7cba71cc02 100644 --- a/source4/kdc/pac-glue.h +++ b/source4/kdc/pac-glue.h @@ -31,7 +31,7 @@ bool samba_princ_needs_pac(struct samba_kdc_entry *skdc_entry); int samba_krbtgt_is_in_db(struct hdb_entry_ex *princ, bool *is_in_db, bool *is_untrusted); NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx, - struct hdb_entry_ex *client, + struct samba_kdc_entry *skdc_entry, DATA_BLOB **_pac_blob); NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx, diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c index 50a37fcdb1a..9bd0422c7f2 100644 --- a/source4/kdc/wdc-samba4.c +++ b/source4/kdc/wdc-samba4.c @@ -34,13 +34,16 @@ static krb5_error_code samba_wdc_get_pac(void *priv, krb5_context context, DATA_BLOB *pac_blob; krb5_error_code ret; NTSTATUS nt_status; + struct samba_kdc_entry *skdc_entry = + talloc_get_type_abort(client->ctx, + struct samba_kdc_entry); mem_ctx = talloc_named(client->ctx, 0, "samba_get_pac context"); if (!mem_ctx) { return ENOMEM; } - nt_status = samba_kdc_get_pac_blob(mem_ctx, client, &pac_blob); + nt_status = samba_kdc_get_pac_blob(mem_ctx, skdc_entry, &pac_blob); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(mem_ctx); return EINVAL; @@ -62,7 +65,9 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context, struct hdb_entry_ex *krbtgt, krb5_pac *pac) { - struct samba_kdc_entry *p = talloc_get_type(server->ctx, struct samba_kdc_entry); + struct samba_kdc_entry *p = + talloc_get_type_abort(server->ctx, + struct samba_kdc_entry); TALLOC_CTX *mem_ctx = talloc_named(p, 0, "samba_kdc_reget_pac context"); DATA_BLOB *pac_blob; DATA_BLOB *deleg_blob = NULL; @@ -92,10 +97,16 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context, } if (is_untrusted) { + struct samba_kdc_entry *client_skdc_entry = NULL; + if (client == NULL) { return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; } - nt_status = samba_kdc_get_pac_blob(mem_ctx, client, &pac_blob); + + client_skdc_entry = talloc_get_type_abort(client->ctx, + struct samba_kdc_entry); + + nt_status = samba_kdc_get_pac_blob(mem_ctx, client_skdc_entry, &pac_blob); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(mem_ctx); return EINVAL; -- 2.34.1