sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code

kdc: Remove UF_NO_AUTH_DATA_REQUIRED from client principals

Browse Source 
Tests against Windows 2019 show that UF_NO_AUTH_DATA_REQUIRED
applies to services only, not to clients.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andrew Bartlett 2021-10-18 15:21:50 +13:00 committed by Stefan Metzmacher
parent 8a607e7577
commit 92e8ce18a7
4 changed files with 0 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
selftest/knownfail_heimdal_kdc
View File

@ -90,5 +90,4 @@
#
# TGS tests
#
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_client_no_auth_data_required
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_service_no_auth_data_required

1
selftest/knownfail_mit_kdc
View File

@ -256,7 +256,6 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_ldap_service_ticket\(ad_dc\)
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_get_ticket_for_host_service_of_machine_account\(ad_dc\)
#
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_client_no_auth_data_required\(ad_dc\)
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac\(ad_dc\)
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_request_no_pac\(ad_dc\)
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_service_no_auth_data_required\(ad_dc\)

7
source4/kdc/mit_samba.c
View File

@ -521,18 +521,11 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
ssize_t srv_checksum_idx = -1;
ssize_t kdc_checksum_idx = -1;
krb5_pac new_pac = NULL;
bool ok;
if (client != NULL) {
client_skdc_entry =
talloc_get_type_abort(client->e_data,
struct samba_kdc_entry);
/* The user account may be set not to want the PAC */
ok = samba_princ_needs_pac(client_skdc_entry);
if (!ok) {
return EINVAL;
}
}
if (server == NULL) {

5
source4/kdc/pac-glue.c
View File

@ -651,11 +651,6 @@ NTSTATUS samba_kdc_get_pac_blobs(TALLOC_CTX *mem_ctx,
}
*_upn_info_blob = NULL;
/* The user account may be set not to want the PAC */
if ( ! samba_princ_needs_pac(p)) {
return NT_STATUS_OK;
}
logon_blob = talloc_zero(mem_ctx, DATA_BLOB);
if (logon_blob == NULL) {
return NT_STATUS_NO_MEMORY;