diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-07-21 15:39:27 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-07-29 04:24:07 +0200 |
commit | e84b8a72bd63d3f4af810536068ae65d33aabff8 (patch) | |
tree | 08bb9c67a4706292b5d730d280f0f3905715a36c | |
parent | d2a6ae254a7c6afd2c58d1a9a2c9fd4c074b0afb (diff) | |
download | samba-e84b8a72bd63d3f4af810536068ae65d33aabff8.tar.gz samba-e84b8a72bd63d3f4af810536068ae65d33aabff8.tar.bz2 samba-e84b8a72bd63d3f4af810536068ae65d33aabff8.zip |
gensec: Add a way to request a unix token from GENSEC
Signed-off-by: Andrew Tridgell <tridge@samba.org>
-rw-r--r-- | source4/auth/auth.h | 1 | ||||
-rw-r--r-- | source4/auth/gensec/gensec.c | 17 | ||||
-rw-r--r-- | source4/auth/gensec/gensec.h | 1 |
3 files changed, 14 insertions, 5 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h index 04731af019..caab230a46 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -48,6 +48,7 @@ struct loadparm_context; #define AUTH_SESSION_INFO_DEFAULT_GROUPS 0x01 /* Add the user to the default world and network groups */ #define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the 'authenticated users' group */ #define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES 0x04 /* Use a trivial map between users and privilages, rather than a DB */ +#define AUTH_SESSION_INFO_UNIX_TOKEN 0x08 /* The returned token must have the unix_token and unix_info elements provided */ struct auth_method_context; struct auth_check_password_request; diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 7e6a83d51f..7dd3eac3b7 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -1320,21 +1320,28 @@ NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx, struct auth_session_info **session_info) { NTSTATUS nt_status; - uint32_t flags = AUTH_SESSION_INFO_DEFAULT_GROUPS; + uint32_t session_info_flags = 0; + + if (gensec_security->want_features & GENSEC_FEATURE_UNIX_TOKEN) { + session_info_flags |= AUTH_SESSION_INFO_UNIX_TOKEN; + } + + session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS; if (user_info_dc->info->authenticated) { - flags |= AUTH_SESSION_INFO_AUTHENTICATED; + session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED; } + if (gensec_security->auth_context) { nt_status = gensec_security->auth_context->generate_session_info(mem_ctx, gensec_security->auth_context, user_info_dc, - flags, + session_info_flags, session_info); } else { - flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES; + session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES; nt_status = auth_generate_session_info(mem_ctx, NULL, NULL, - user_info_dc, flags, + user_info_dc, session_info_flags, session_info); } return nt_status; diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index e42b4aa5d2..322adce2ea 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -59,6 +59,7 @@ struct gensec_target { #define GENSEC_FEATURE_DATAGRAM_MODE 0x00000020 #define GENSEC_FEATURE_SIGN_PKT_HEADER 0x00000040 #define GENSEC_FEATURE_NEW_SPNEGO 0x00000080 +#define GENSEC_FEATURE_UNIX_TOKEN 0x00000100 /* GENSEC mode */ enum gensec_role |