kdc: Remove UF_NO_AUTH_DATA_REQUIRED from client principals

Tests against Windows 2019 show that UF_NO_AUTH_DATA_REQUIRED
applies to services only, not to clients.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
[abartlet@samba.org backported from commit 92e8ce18a79e88c9b961dc20e39436c4cf653013
 as there was a knownfail conflict with the test_remove_pac case
 which succeeds on this branch]

4 files changed, 0 insertions, 14 deletions

diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc
index 32cfa2afa88..4d058bad3da 100644
--- a/selftest/knownfail_heimdal_kdc
+++ b/selftest/knownfail_heimdal_kdc
@@ -144,5 +144,4 @@
 #
 # TGS tests
 #
-^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_client_no_auth_data_required
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_service_no_auth_data_required
diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc
index 00f652db14a..0f845fb9b1c 100644
--- a/selftest/knownfail_mit_kdc
+++ b/selftest/knownfail_mit_kdc
@@ -276,7 +276,6 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_ldap_service_ticket\(ad_dc\)
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_get_ticket_for_host_service_of_machine_account\(ad_dc\)
 #
-^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_client_no_auth_data_required\(ad_dc\)
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_request_no_pac\(ad_dc\)
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_service_no_auth_data_required\(ad_dc\)
 #
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 2936fe2d18a..689e14e1c38 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -495,18 +495,11 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 	ssize_t srv_checksum_idx = -1;
 	ssize_t kdc_checksum_idx = -1;
 	krb5_pac new_pac = NULL;
-	bool ok;
 
 	if (client != NULL) {
 		client_skdc_entry =
 			talloc_get_type_abort(client->e_data,
 					      struct samba_kdc_entry);
-
-		/* The user account may be set not to want the PAC */
-		ok = samba_princ_needs_pac(client_skdc_entry);
-		if (!ok) {
-			return EINVAL;
-		}
 	}
 
 	if (server == NULL) {
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 88bcb734fc5..688103d8477 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -651,11 +651,6 @@ NTSTATUS samba_kdc_get_pac_blobs(TALLOC_CTX *mem_ctx,
 	}
 	*_upn_info_blob = NULL;
 
-	/* The user account may be set not to want the PAC */
-	if ( ! samba_princ_needs_pac(p)) {
-		return NT_STATUS_OK;
-	}
-
 	logon_blob = talloc_zero(mem_ctx, DATA_BLOB);
 	if (logon_blob == NULL) {
 		return NT_STATUS_NO_MEMORY;