s4:kdc: always go through samba_kdc_get_device_info_blob()
This means we always go through samba_kdc_get_user_info_dc()
both for client and also device pac.
It means we use the same logic regarding samba_krb5_pac_is_trusted()
and calling authsam_update_user_info_dc().
It means we do all logic on struct auth_user_info_dc
and only convert to PAC_DEVICE_INFO at the end.
Before we tried a mix of calling authsam_update_user_info_dc()
on a half constructed auth_user_info_dc,
while trying to apply the diff on auth_user_info_dc
to the also half constructed PAC_DEVICE_INFO.
Which can't work once auth_user_info_dc() will
apply sid filtering and the number of sids
may shrink.
Now we use authsam_update_user_info_dc()
followed by auth_convert_user_info_dc_saminfo3()
and samba_kdc_make_device_info().
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
projects / thirdparty / samba.git / commit
