git.ipfire.org Git - thirdparty/samba.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Thu, 19 Dec 2024 17:30:49 +0000 (18:30 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Fri, 14 Feb 2025 14:21:33 +0000 (14:21 +0000)
commit	4a5f0f25772cb9381352a149ee54f579fe4c38f6
tree	28bd39bc367063863af53800cddcdcdc83ed6164	tree
parent	551e236255d1b758e84dd2c588e5e2ab29c938c5	commit \| diff

auth: remember the origin of sids from the PAC

So far the conversion from TGT PAC to
struct auth_user_info_dc back to TGS PAC
looses the information in what part of
the PAC_LOGON_INFO a sid was stored.

With this change we let
make_user_info_dc_{netlogon_validation,pac}()
remember this, so that
auth_convert_user_info_dc_sam{baseinfo,info6}()
can rebuild the information into the desired
parts of the PAC_LOGON_INFO.

This was found and fixed for sid filter related
tests, but it turns out that it already
fixes a few tests from samba.tests.krb5.device_tests.

All other places get an implicit AUTH_SID_ORIGIN_UNKNOWN (=0),
which means we use the same logic as before.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>

auth/auth_sam_reply.c		diff \| blob \| blame \| history
librpc/idl/auth.idl		diff \| blob \| blame \| history
selftest/knownfail_heimdal_kdc.d/device-info		diff \| blob \| blame \| history