git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eb21ac8)
s4:kdc: Make a copy of the device SIDs to be placed in the security token
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Thu, 19 Oct 2023 07:02:13 +0000 (20:02 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 24 Oct 2023 00:54:31 +0000 (00:54 +0000)
We shall need to add extra SIDs on the end.

View with ‘git show -b’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/auth/session.c patch | blob | history

diff --git a/source4/auth/session.c b/source4/auth/session.c
index 46b833713ba9a1bfc30b7c82668016969d087ea7..ad094d207c0261279925527b4fb317c7109fc5a3 100644 (file)
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -68,7 +68,7 @@ _PUBLIC_ NTSTATUS auth_generate_security_token(TALLOC_CTX *mem_ctx,
        uint32_t num_device_sids = 0;
        const char *filter = NULL;
        struct auth_SidAttr *sids = NULL;
-       const struct auth_SidAttr *device_sids = NULL;
+       struct auth_SidAttr *device_sids = NULL;
 
        TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
        if (tmp_ctx == NULL) {
@@ -177,14 +177,24 @@ _PUBLIC_ NTSTATUS auth_generate_security_token(TALLOC_CTX *mem_ctx,
        }
 
        if (device_info_dc != NULL) {
-               device_sids = device_info_dc->sids;
+               /*
+                * Make a copy of the device SIDs in case we need to add extra SIDs on
+                * the end. One can never have too much copying.
+                */
                num_device_sids = device_info_dc->num_sids;
-       }
+               device_sids = talloc_array(tmp_ctx,
+                                   struct auth_SidAttr,
+                                   num_device_sids);
+               if (device_sids == NULL) {
+                       TALLOC_FREE(tmp_ctx);
+                       return NT_STATUS_NO_MEMORY;
+               }
 
-       /*
-        * TODO: if we find out that we need to add default SIDs to the device
-        * SIDs, as well as to the client SIDs, we’ll do that here.
-        */
+               /*
+                * TODO: if we find out that we need to add default SIDs to the device
+                * SIDs, as well as to the client SIDs, we’ll do that here.
+                */
+       }
 
        nt_status = security_token_create(mem_ctx,
                                          lp_ctx,
Samba Shared Repository