From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 31 Oct 2023 03:18:35 +0000 (+1300)
Subject: s4:auth: Comment about claims in the security token
X-Git-Tag: talloc-2.4.2~917
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b06751389db1faf9f74bfe172e15ad291d9135b6;p=thirdparty%2Fsamba.git

s4:auth: Comment about claims in the security token

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 626ec2b9f72..3ad18bd2989 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -607,6 +607,11 @@ static NTSTATUS auth_generate_session_info_pac(struct auth4_context *auth_ctx,
 	tmp_ctx = talloc_named(mem_ctx, 0, "gensec_gssapi_session_info context");
 	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
 
+	/*
+	 * FIXME: To correctly create the security token, we also need to get the
+	 * claims info, device info, and device claims info from the PAC. For now,
+	 * we support claims only in the KDC.
+	 */
 	status = kerberos_pac_blob_to_user_info_dc(tmp_ctx,
 						   *pac_blob,
 						   smb_krb5_context->krb5_context,