auth: Only process resource groups if NETLOGON_RESOURCE_GROUPS flag is set

MS-PAC section 2.5 states that if the resource_groups member is
non-NULL, or resource_groups.groups.count is not zero, the
NETLOGON_RESOURCE_GROUPS flag MUST be set. Thus, there's no need to
process resource groups if the flag is not set.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
index b088ebb9a434da9655d003b247e7cfc004efc1c2..7632d263650d970f12cfe8b98ef39b00d421ab9c 100644 (file)
--- a/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -590,8 +590,6 @@ NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
        const struct PAC_DOMAIN_GROUP_MEMBERSHIP *rg = NULL;
        size_t sidcount;
 
-       rg = &pac_logon_info->resource_groups;
-
        validation.sam3 = discard_const_p(struct netr_SamInfo3, &pac_logon_info->info3);
 
        nt_status = make_user_info_dc_netlogon_validation(mem_ctx, "", 3, &validation,