As we don't support the Claims Transformation Algorithm [MS-CTA]
we better clear claims as they have no valid meaning in our domain.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
/* no-op */
} else if (code != 0) {
goto done;
+ } else if (device_krbtgt->is_trust) {
+ /*
+ * TODO: we need claim translation over trusts,
+ * for now we just clear them...
+ */
+ device_claims_blob = &data_blob_null;
} else {
DATA_BLOB *device_claims = NULL;
code = EINVAL;
goto done;
}
+
+ /*
+ * TODO: we need claim translation over trusts,
+ * for now we just clear them...
+ */
+ if (client_krbtgt->is_trust) {
+ client_claims_blob = &data_blob_null;
+ }
} else {
nt_status = samba_kdc_get_logon_info_blob(mem_ctx,
user_info_dc,
projects / thirdparty / samba.git / commitdiff
