diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2023-05-17 11:55:16 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2023-05-18 01:03:37 +0000 |
| commit | 10d6d77a2720577e51bc93c51c85261c1e3d37b8 (patch) | |
| tree | 587c1f6b6768e616456f4720bd503df249830d3b | |
| parent | 3d9863cfdc443817b1fd7e25cb30b5363a47fa58 (diff) | |
| download | samba-10d6d77a2720577e51bc93c51c85261c1e3d37b8.tar.gz | |
s4:kdc: Have get_claims_for_principal() take the entire principal
The ldb_message contains more information than just the DN, such as
which authentication policy or silo is assigned.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | source4/kdc/ad_claims.c | 13 | ||||
| -rw-r--r-- | source4/kdc/ad_claims.h | 2 | ||||
| -rw-r--r-- | source4/kdc/pac-glue.c | 6 |
3 files changed, 11 insertions, 10 deletions
diff --git a/source4/kdc/ad_claims.c b/source4/kdc/ad_claims.c index ad30683c03e..84cfb0abb60 100644 --- a/source4/kdc/ad_claims.c +++ b/source4/kdc/ad_claims.c @@ -680,7 +680,7 @@ static bool is_valid_claim_attribute_syntax(const DATA_BLOB source_syntax, static int get_all_claims(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - struct ldb_dn *principal_dn, + const struct ldb_message *principal, uint32_t principal_class_id, DATA_BLOB *claims_blob) { @@ -944,12 +944,13 @@ static int get_all_claims(struct ldb_context *ldb, } ret = ldb_search(ldb, tmp_ctx, &principal_res, - principal_dn, + principal->dn, LDB_SCOPE_BASE, ad_claim_attrs, NULL); if (ret != LDB_SUCCESS) { + const char *dn = ldb_dn_get_linearized(principal->dn); DBG_ERR("Failed to find principal %s to construct claims\n", - ldb_dn_get_linearized(principal_dn)); + dn != NULL ? dn : "<NULL>"); talloc_free(tmp_ctx); return ret; } @@ -1044,7 +1045,7 @@ static int get_all_claims(struct ldb_context *ldb, int get_claims_for_principal(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - struct ldb_dn *principal_dn, + const struct ldb_message *principal, DATA_BLOB *claims_blob) { struct ldb_result *principal_res = NULL; @@ -1062,7 +1063,7 @@ int get_claims_for_principal(struct ldb_context *ldb, *claims_blob = data_blob_null; ret = ldb_search(ldb, mem_ctx, &principal_res, - principal_dn, + principal->dn, LDB_SCOPE_BASE, principal_attrs, NULL); if (ret != LDB_SUCCESS) { @@ -1087,7 +1088,7 @@ int get_claims_for_principal(struct ldb_context *ldb, return get_all_claims(ldb, mem_ctx, - principal_dn, + principal, principal_class->governsID_id, claims_blob); } diff --git a/source4/kdc/ad_claims.h b/source4/kdc/ad_claims.h index aea9c8d07cc..383d25f76aa 100644 --- a/source4/kdc/ad_claims.h +++ b/source4/kdc/ad_claims.h @@ -26,7 +26,7 @@ int get_claims_for_principal(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - struct ldb_dn *principal_dn, + const struct ldb_message *principal, DATA_BLOB *claims_blob); #endif diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 6d5883f2d17..a7e6636659d 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -245,7 +245,7 @@ NTSTATUS samba_get_pac_attrs_blob(TALLOC_CTX *mem_ctx, static NTSTATUS samba_get_claims_blob(TALLOC_CTX *mem_ctx, struct ldb_context *samdb, - struct ldb_dn *principal_dn, + const struct ldb_message *principal, DATA_BLOB *client_claims_data) { union PAC_INFO client_claims; @@ -257,7 +257,7 @@ NTSTATUS samba_get_claims_blob(TALLOC_CTX *mem_ctx, ret = get_claims_for_principal(samdb, mem_ctx, - principal_dn, + principal, client_claims_data); if (ret != LDB_SUCCESS) { return dsdb_ldb_err_to_ntstatus(ret); @@ -1148,7 +1148,7 @@ NTSTATUS samba_kdc_get_claims_blob(TALLOC_CTX *mem_ctx, nt_status = samba_get_claims_blob(mem_ctx, p->kdc_db_ctx->samdb, - p->msg->dn, + p->msg, claims_blob); if (!NT_STATUS_IS_OK(nt_status)) { DBG_ERR("Building claims failed: %s\n", |