git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 673ee78) | patch
auth: Exclude resource groups from a TGT
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Tue, 27 Sep 2022 01:51:54 +0000 (14:51 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Wed, 8 Feb 2023 00:03:39 +0000 (00:03 +0000)
commit94cda2dfd58a4f3d3e0011b67fa0be7d11570cb6
tree6843e5f44cf67cbb539faaca7d70229d9b808f52tree
parent673ee782d97c19bf240e37d4714e8a51fbf80457commit | diff
auth: Exclude resource groups from a TGT

Resource group SIDs should only be placed into a service ticket, but we
were including them in all tickets. Now that we have access to the group
attributes, we'll filter out any groups with SE_GROUP_RESOURCE set if
we're creating a TGT.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth/auth_sam_reply.c diff | blob | history
auth/auth_sam_reply.h diff | blob | history
librpc/idl/auth.idl diff | blob | history
selftest/knownfail_heimdal_kdc diff | blob | history
source3/auth/auth_samba4.c diff | blob | history
source4/auth/kerberos/kerberos_pac.c diff | blob | history
source4/kdc/mit_samba.c diff | blob | history
source4/kdc/pac-glue.c diff | blob | history
source4/kdc/pac-glue.h diff | blob | history
source4/kdc/wdc-samba4.c diff | blob | history
source4/rpc_server/netlogon/dcerpc_netlogon.c diff | blob | history
Samba Shared Repository