TALLOC_CTX *frame = NULL;
krb5_error_code code = 0;
NTSTATUS nt_status;
- const struct auth_user_info_dc *device_info_const = NULL;
- struct auth_user_info_dc *device_info_shallow_copy = NULL;
+ const struct auth_user_info_dc *device_info = NULL;
struct authn_audit_info *client_audit_info = NULL;
struct auth_claims auth_claims = {};
context,
samdb,
device,
- &device_info_const,
+ &device_info,
NULL);
if (code) {
goto out;
}
- if (!samba_krb5_pac_is_trusted(device)) {
- /* Make a shallow copy of the user_info_dc structure. */
- nt_status = authsam_shallow_copy_user_info_dc(frame,
- device_info_const,
- &device_info_shallow_copy);
- device_info_const = NULL;
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DBG_ERR("Failed to copy user_info_dc: %s\n",
- nt_errstr(nt_status));
-
- code = KRB5KDC_ERR_TGT_REVOKED;
- goto out;
- }
-
- nt_status = samba_kdc_add_claims_valid(device_info_shallow_copy);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DBG_ERR("Failed to add Claims Valid: %s\n",
- nt_errstr(nt_status));
-
- code = KRB5KDC_ERR_TGT_REVOKED;
- goto out;
- }
- /* no more modification required so we can assign to const now */
- device_info_const = device_info_shallow_copy;
- }
-
/*
* The device claims become the *user* claims for the purpose of
* evaluating a conditional ACE expression.
nt_status = authn_policy_authenticate_from_device(frame,
samdb,
lp_ctx,
- device_info_const,
+ device_info,
auth_claims,
client_policy,
&client_audit_info);