diff options
author | Stefan Metzmacher <metze@samba.org> | 2018-02-01 18:40:58 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-03-19 20:30:52 +0100 |
commit | 63de04c01cb7d53773f96a01473a311e1d4264b8 (patch) | |
tree | a171aeeb0b804164ba7e75e0c9b4f793eb85694f /source4 | |
parent | a5f803e9e9f7655f3a6867401d5d3eb667593a9f (diff) | |
download | samba-63de04c01cb7d53773f96a01473a311e1d4264b8.tar.gz |
s4:kdc: make sure we expand group memberships of the local domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/kdc/pac-glue.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 9b5f30917a6..126001cb718 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -763,6 +763,17 @@ NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx, return NT_STATUS_UNSUCCESSFUL; } + /* + * We need to expand group memberships within our local domain, + * as the token might be generated by a trusted domain. + */ + nt_status = authsam_update_user_info_dc(mem_ctx, + krbtgt->kdc_db_ctx->samdb, + user_info_dc); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + nt_status = samba_get_logon_info_pac_blob(mem_ctx, user_info_dc, pac_blob); |