s4:auth: Comment about claims in the security token

author Joseph Sutton <josephsutton@catalyst.net.nz>

Tue, 31 Oct 2023 03:18:35 +0000 (16:18 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Wed, 1 Nov 2023 20:10:45 +0000 (20:10 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Tue, 31 Oct 2023 03:18:35 +0000 (16:18 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Wed, 1 Nov 2023 20:10:45 +0000 (20:10 +0000)
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c

index 626ec2b9f72482dabfa93a178717e9ca56a71178..3ad18bd2989d65410f01a8918af0f51b2ecde2ff 100644 (file)
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -607,6 +607,11 @@ static NTSTATUS auth_generate_session_info_pac(struct auth4_context *auth_ctx,
         tmp_ctx = talloc_named(mem_ctx, 0, "gensec_gssapi_session_info context");
         NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
  
+       /*
+        * FIXME: To correctly create the security token, we also need to get the
+        * claims info, device info, and device claims info from the PAC. For now,
+        * we support claims only in the KDC.
+        */
         status = kerberos_pac_blob_to_user_info_dc(tmp_ctx,
                                                    *pac_blob,
                                                    smb_krb5_context->krb5_context,
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Tue, 31 Oct 2023 03:18:35 +0000 (16:18 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Wed, 1 Nov 2023 20:10:45 +0000 (20:10 +0000)