diff options
-rw-r--r-- | source4/libcli/auth/gensec_krb5.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c index 1ce05b519e..ea70b471e5 100644 --- a/source4/libcli/auth/gensec_krb5.c +++ b/source4/libcli/auth/gensec_krb5.c @@ -616,8 +616,8 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security *session_info_out = NULL; - /* IF we have the PAC - otherwise (TODO) we need to get this - * data from elsewere - local ldb, or lookup of some + /* IF we have the PAC - otherwise we need to get this + * data from elsewere - local ldb, or (TODO) lookup of some * kind... */ principal = talloc_strdup(gensec_krb5_state, gensec_krb5_state->peer_principal); @@ -666,14 +666,17 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security } - sid = dom_sid_dup(session_info, logon_info->dom_sid); - ptoken->user_sids[0] = dom_sid_add_rid(session_info, sid, logon_info->user_rid); + sid = dom_sid_dup(server_info, logon_info->dom_sid); + server_info->user_sid = dom_sid_add_rid(server_info, sid, logon_info->user_rid); + sid = dom_sid_dup(server_info, logon_info->dom_sid); + server_info->primary_group_sid = dom_sid_add_rid(server_info, sid, logon_info->group_rid); + + ptoken->user_sids[0] = talloc_reference(session_info, server_info->user_sid); ptoken->num_sids++; - sid = dom_sid_dup(session_info, logon_info->dom_sid); - ptoken->user_sids[1] = dom_sid_add_rid(session_info, sid, logon_info->group_rid); + ptoken->user_sids[1] = talloc_reference(session_info, server_info->primary_group_sid); ptoken->num_sids++; - - for (;ptoken->num_sids < logon_info->groups_count; ptoken->num_sids++) { + + for (;ptoken->num_sids < (logon_info->groups_count + 2); ptoken->num_sids++) { sid = dom_sid_dup(session_info, logon_info->dom_sid); ptoken->user_sids[ptoken->num_sids] = dom_sid_add_rid(session_info, sid, |