From: Joseph Sutton Date: Wed, 4 Oct 2023 04:10:35 +0000 (+1300) Subject: s4:kdc: Always fetch resource groups X-Git-Tag: tevent-0.16.0~118 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19b1e31e234c7ee0f2ad58a4fbc275697e439683;p=thirdparty%2Fsamba.git s4:kdc: Always fetch resource groups No behaviour change, and if the caller doesn’t need the resource groups after all, the cost incurred is little more than the allocation of a couple of dozen bytes of memory. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 9e19349af5a..544789a3a2f 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -1189,7 +1189,6 @@ static krb5_error_code samba_kdc_get_user_info_from_pac(TALLOC_CTX *mem_ctx, TALLOC_CTX *frame = NULL; struct auth_user_info_dc *info = NULL; struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups = NULL; - struct PAC_DOMAIN_GROUP_MEMBERSHIP **resource_groups_ptr = NULL; krb5_error_code ret = 0; NTSTATUS nt_status; @@ -1215,16 +1214,6 @@ static krb5_error_code samba_kdc_get_user_info_from_pac(TALLOC_CTX *mem_ctx, frame = talloc_stackframe(); - if (resource_groups_out != NULL) { - /* - * Since we are creating a TGT, resource groups from our domain - * are not to be put into the PAC. Instead, we take the resource - * groups directly from the original PAC and copy them - * unmodified into the new one. - */ - resource_groups_ptr = &resource_groups; - } - ret = kerberos_pac_to_user_info_dc(frame, entry.pac, context, @@ -1232,7 +1221,7 @@ static krb5_error_code samba_kdc_get_user_info_from_pac(TALLOC_CTX *mem_ctx, AUTH_EXCLUDE_RESOURCE_GROUPS, NULL, NULL, - resource_groups_ptr); + &resource_groups); if (ret) { const char *krb5err = krb5_get_error_message(context, ret); DBG_ERR("kerberos_pac_to_user_info_dc failed: %s\n",