auth: Pass through entire PAC flags value in auth_user_info

Besides the NETLOGON_GUEST bit indicating whether the user has been
authenticated, we now carry all of the other bits as well. This lets us
match Windows' behaviour of simply passing these bits through to an
updated PAC when processing a TGS-REQ.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c
index 07a7e7ea46c..f651c622443 100644
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -111,7 +111,7 @@ static void sesssetup_old_send(struct tevent_req *subreq)
 	if (!NT_STATUS_IS_OK(status)) goto failed;
 
 	flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
-	if (user_info_dc->info->authenticated) {
+	if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
 		flags |= AUTH_SESSION_INFO_AUTHENTICATED;
 	}
 	/* This references user_info_dc into session_info */
@@ -252,7 +252,7 @@ static void sesssetup_nt1_send(struct tevent_req *subreq)
 	if (!NT_STATUS_IS_OK(status)) goto failed;
 
 	flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
-	if (user_info_dc->info->authenticated) {
+	if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
 		flags |= AUTH_SESSION_INFO_AUTHENTICATED;
 	}
 	/* This references user_info_dc into session_info */