mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4:kdc: Include default groups in security token
This is consistent with the behaviour of the existing function _authn_policy_access_check() and of Windows. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
34760dfc89
commit
e936788712
@ -63,5 +63,3 @@
|
||||
#
|
||||
^samba.tests.krb5.authn_policy_tests.samba.tests.krb5.authn_policy_tests.AuthnPolicyTests.test_authn_policy_allowed_from_empty.ad_dc
|
||||
^samba.tests.krb5.authn_policy_tests.samba.tests.krb5.authn_policy_tests.AuthnPolicyTests.test_authn_policy_allowed_to_empty.ad_dc
|
||||
^samba.tests.krb5.authn_policy_tests.samba.tests.krb5.authn_policy_tests.AuthnPolicyTests.test_authn_policy_allowed_to_user_allow_rbcd_to_self.ad_dc
|
||||
^samba.tests.krb5.authn_policy_tests.samba.tests.krb5.authn_policy_tests.AuthnPolicyTests.test_authn_policy_allowed_to_user_deny_rbcd_to_self.ad_dc
|
||||
|
@ -3352,7 +3352,9 @@ krb5_error_code samba_kdc_check_s4u2proxy_rbcd(
|
||||
struct security_descriptor *rbcd_security_descriptor = NULL;
|
||||
struct auth_user_info_dc *user_info_dc = NULL;
|
||||
struct security_token *security_token = NULL;
|
||||
uint32_t session_info_flags = AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
|
||||
uint32_t session_info_flags =
|
||||
AUTH_SESSION_INFO_DEFAULT_GROUPS |
|
||||
AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
|
||||
/*
|
||||
* Testing shows that although Windows grants SEC_ADS_GENERIC_ALL access
|
||||
* in security descriptors it creates for RBCD, its KDC only requires
|
||||
|
Loading…
Reference in New Issue
Block a user