diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-09-27 14:51:54 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2023-02-08 00:03:39 +0000 |
commit | 94cda2dfd58a4f3d3e0011b67fa0be7d11570cb6 (patch) | |
tree | 6843e5f44cf67cbb539faaca7d70229d9b808f52 /librpc | |
parent | 673ee782d97c19bf240e37d4714e8a51fbf80457 (diff) | |
download | samba-94cda2dfd58a4f3d3e0011b67fa0be7d11570cb6.tar.gz |
auth: Exclude resource groups from a TGT
Resource group SIDs should only be placed into a service ticket, but we
were including them in all tickets. Now that we have access to the group
attributes, we'll filter out any groups with SE_GROUP_RESOURCE set if
we're creating a TGT.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'librpc')
-rw-r--r-- | librpc/idl/auth.idl | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl index 5985d554606..582587e062f 100644 --- a/librpc/idl/auth.idl +++ b/librpc/idl/auth.idl @@ -95,6 +95,15 @@ interface auth TICKET_TYPE_NON_TGT = 2 } ticket_type; + /* + * Used to indicate whether or not to include resource groups in the + * formation of SamInfo or a PAC. + */ + typedef enum { + AUTH_INCLUDE_RESOURCE_GROUPS = 0, + AUTH_EXCLUDE_RESOURCE_GROUPS = 1 + } auth_group_inclusion; + typedef [public] struct { dom_sid sid; security_GroupAttrs attrs; |