The sense of this test was inverted. We only want to take the ACCESS_DENIED error
if gensec:require_pac=true.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
df004b5014b92b987f907047d2ca9f567e3d0ac1)
session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
if (!pac_blob) {
- if (!gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) {
+ if (gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access\n",
principal_string));
return NT_STATUS_ACCESS_DENIED;