diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-12-02 10:49:20 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2023-02-08 00:03:39 +0000 |
| commit | e3fdb2d00152d86558a2ba29b92fd36440055461 (patch) | |
| tree | 185f5cf6fa8b9c065116c9a18a71b5b118aff7a8 /auth/auth_sam_reply.h | |
| parent | 14d94460ca1ef22269373f36ec50df248aca9465 (diff) | |
| download | samba-e3fdb2d00152d86558a2ba29b92fd36440055461.tar.gz | |
s4:kdc: Add resource SID compression
The domain-local groups that are added to the PAC of a service ticket
are now, if the service doesn't disclaim support for SID compression,
placed into the resource groups structure in PAC_LOGON_INFO.
In a TGS exchange directed to a KDC, rather than to a service, the
resource groups structure is simply copied into the updated PAC without
any processing being done.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth/auth_sam_reply.h')
| -rw-r--r-- | auth/auth_sam_reply.h | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/auth/auth_sam_reply.h b/auth/auth_sam_reply.h index 4eebf0b06e3..57a98249b08 100644 --- a/auth/auth_sam_reply.h +++ b/auth/auth_sam_reply.h @@ -48,7 +48,8 @@ struct auth_user_info *auth_user_info_copy(TALLOC_CTX *mem_ctx, NTSTATUS auth_convert_user_info_dc_saminfo6(TALLOC_CTX *mem_ctx, const struct auth_user_info_dc *user_info_dc, enum auth_group_inclusion group_inclusion, - struct netr_SamInfo6 **_sam6); + struct netr_SamInfo6 **_sam6, + struct PAC_DOMAIN_GROUP_MEMBERSHIP **_resource_groups); NTSTATUS auth_convert_user_info_dc_saminfo2(TALLOC_CTX *mem_ctx, const struct auth_user_info_dc *user_info_dc, enum auth_group_inclusion group_inclusion, @@ -56,7 +57,8 @@ NTSTATUS auth_convert_user_info_dc_saminfo2(TALLOC_CTX *mem_ctx, NTSTATUS auth_convert_user_info_dc_saminfo3(TALLOC_CTX *mem_ctx, const struct auth_user_info_dc *user_info_dc, enum auth_group_inclusion group_inclusion, - struct netr_SamInfo3 **_sam3); + struct netr_SamInfo3 **_sam3, + struct PAC_DOMAIN_GROUP_MEMBERSHIP **_resource_groups); /** * Make a user_info_dc struct from the info3 returned by a domain logon @@ -74,6 +76,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx, NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx, const struct PAC_LOGON_INFO *pac_logon_info, const struct PAC_UPN_DNS_INFO *pac_upn_dns_info, + enum auth_group_inclusion group_inclusion, struct auth_user_info_dc **_user_info_dc); /* The following definitions come from auth/wbc_auth_util.c */ |