diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2023-05-09 14:41:30 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2023-05-18 01:03:37 +0000 |
commit | 2a9d057e8288d00dba9a2f0fe931f35dc370c26a (patch) | |
tree | bd3ff77dab792f07d1c87f54150bb9b110d80271 | |
parent | 9aaedb152ca2e4188b5329d6af1ffa91b97d1ffe (diff) | |
download | samba-2a9d057e8288d00dba9a2f0fe931f35dc370c26a.tar.gz |
s4:kdc: Make use of auth_generate_security_token()
We don’t need the whole session info structure to perform an access
check.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/kdc/db-glue.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 1a752a5bd64..bff6d0b165b 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -3284,7 +3284,7 @@ krb5_error_code samba_kdc_check_s4u2proxy_rbcd( const DATA_BLOB *data = NULL; struct security_descriptor *rbcd_security_descriptor = NULL; struct auth_user_info_dc *user_info_dc = NULL; - struct auth_session_info *session_info = NULL; + struct security_token *security_token = NULL; uint32_t session_info_flags = AUTH_SESSION_INFO_SIMPLE_PRIVILEGES; /* * Testing shows that although Windows grants SEC_ADS_GENERIC_ALL access @@ -3368,12 +3368,12 @@ krb5_error_code samba_kdc_check_s4u2proxy_rbcd( session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED; } - nt_status = auth_generate_session_info(mem_ctx, - kdc_db_ctx->lp_ctx, - kdc_db_ctx->samdb, - user_info_dc, - session_info_flags, - &session_info); + nt_status = auth_generate_security_token(mem_ctx, + kdc_db_ctx->lp_ctx, + kdc_db_ctx->samdb, + user_info_dc, + session_info_flags, + &security_token); if (!NT_STATUS_IS_OK(nt_status)) { code = map_errno_from_nt_status(nt_status); goto out; @@ -3406,12 +3406,12 @@ krb5_error_code samba_kdc_check_s4u2proxy_rbcd( } if (DEBUGLEVEL >= 10) { - NDR_PRINT_DEBUG(security_token, session_info->security_token); + NDR_PRINT_DEBUG(security_token, security_token); NDR_PRINT_DEBUG(security_descriptor, rbcd_security_descriptor); } nt_status = sec_access_check_ds(rbcd_security_descriptor, - session_info->security_token, + security_token, access_desired, &access_granted, NULL, |