summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-07-21 15:39:27 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-07-29 04:24:07 +0200
commite84b8a72bd63d3f4af810536068ae65d33aabff8 (patch)
tree08bb9c67a4706292b5d730d280f0f3905715a36c
parentd2a6ae254a7c6afd2c58d1a9a2c9fd4c074b0afb (diff)
downloadsamba-e84b8a72bd63d3f4af810536068ae65d33aabff8.tar.gz
samba-e84b8a72bd63d3f4af810536068ae65d33aabff8.tar.bz2
samba-e84b8a72bd63d3f4af810536068ae65d33aabff8.zip
gensec: Add a way to request a unix token from GENSEC
Signed-off-by: Andrew Tridgell <tridge@samba.org>
-rw-r--r--source4/auth/auth.h1
-rw-r--r--source4/auth/gensec/gensec.c17
-rw-r--r--source4/auth/gensec/gensec.h1
3 files changed, 14 insertions, 5 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 04731af019..caab230a46 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -48,6 +48,7 @@ struct loadparm_context;
#define AUTH_SESSION_INFO_DEFAULT_GROUPS 0x01 /* Add the user to the default world and network groups */
#define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the 'authenticated users' group */
#define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES 0x04 /* Use a trivial map between users and privilages, rather than a DB */
+#define AUTH_SESSION_INFO_UNIX_TOKEN 0x08 /* The returned token must have the unix_token and unix_info elements provided */
struct auth_method_context;
struct auth_check_password_request;
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index 7e6a83d51f..7dd3eac3b7 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -1320,21 +1320,28 @@ NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
struct auth_session_info **session_info)
{
NTSTATUS nt_status;
- uint32_t flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
+ uint32_t session_info_flags = 0;
+
+ if (gensec_security->want_features & GENSEC_FEATURE_UNIX_TOKEN) {
+ session_info_flags |= AUTH_SESSION_INFO_UNIX_TOKEN;
+ }
+
+ session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
if (user_info_dc->info->authenticated) {
- flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+ session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
}
+
if (gensec_security->auth_context) {
nt_status = gensec_security->auth_context->generate_session_info(mem_ctx, gensec_security->auth_context,
user_info_dc,
- flags,
+ session_info_flags,
session_info);
} else {
- flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
+ session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
nt_status = auth_generate_session_info(mem_ctx,
NULL,
NULL,
- user_info_dc, flags,
+ user_info_dc, session_info_flags,
session_info);
}
return nt_status;
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index e42b4aa5d2..322adce2ea 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -59,6 +59,7 @@ struct gensec_target {
#define GENSEC_FEATURE_DATAGRAM_MODE 0x00000020
#define GENSEC_FEATURE_SIGN_PKT_HEADER 0x00000040
#define GENSEC_FEATURE_NEW_SPNEGO 0x00000080
+#define GENSEC_FEATURE_UNIX_TOKEN 0x00000100
/* GENSEC mode */
enum gensec_role