diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-02-11 11:50:37 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-04-05 06:32:07 +1000 |
commit | 17d8f0ad30847bb940f645ee1817d782ddaaee74 (patch) | |
tree | 1f1547798f45e3da1f0fecece628b4b07a95c0ff /source3/auth/user_krb5.c | |
parent | 2ec48260ee377e499fe7f0fc2ca18b8a078c6aaa (diff) | |
download | samba-17d8f0ad30847bb940f645ee1817d782ddaaee74.tar.gz samba-17d8f0ad30847bb940f645ee1817d782ddaaee74.tar.bz2 samba-17d8f0ad30847bb940f645ee1817d782ddaaee74.zip |
s3-auth use create_local_token() to transform server_info -> session_info
Before a auth_serversupplied_info struct can be used for
authorization, the local groups and privileges must be calculated.
create_local_token() now copies the server_info, and then sets the
calulated token and unix groups.
Soon, it will also transform the result into an expanded struct
auth_session_info. Until then, the variable name (server_info vs
session_info provides a clue to the developer about what information
has been entered in the structure).
By moving the calls to create_local_token within the codebase, we
remove duplication, and ensure that the session key (where modified)
is consistently copied into the new structure.
Andrew Bartlett
Diffstat (limited to 'source3/auth/user_krb5.c')
-rw-r--r-- | source3/auth/user_krb5.c | 43 |
1 files changed, 21 insertions, 22 deletions
diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c index 1d87ccab79..db73c6dfc0 100644 --- a/source3/auth/user_krb5.c +++ b/source3/auth/user_krb5.c @@ -179,19 +179,21 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, +NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, char *ntuser, char *ntdomain, char *username, struct passwd *pw, struct PAC_LOGON_INFO *logon_info, - bool mapped_to_guest, bool username_was_mapped, - struct auth_serversupplied_info **server_info) + bool mapped_to_guest, bool username_was_mapped, + DATA_BLOB *session_key, + struct auth_serversupplied_info **session_info) { NTSTATUS status; + struct auth_serversupplied_info *server_info; if (mapped_to_guest) { - status = make_server_info_guest(mem_ctx, server_info); + status = make_server_info_guest(mem_ctx, &server_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("make_server_info_guest failed: %s!\n", nt_errstr(status))); @@ -204,7 +206,7 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, status = make_server_info_info3(mem_ctx, ntuser, ntdomain, - server_info, + &server_info, &logon_info->info3); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("make_server_info_info3 failed: %s!\n", @@ -248,28 +250,24 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, return status; } - /* Steal tmp server info into the server_info pointer. */ - *server_info = talloc_move(mem_ctx, &tmp); - /* make_server_info_pw does not set the domain. Without this * we end up with the local netbios name in substitutions for * %D. */ - if ((*server_info)->info3 != NULL) { - (*server_info)->info3->base.domain.string = - talloc_strdup((*server_info)->info3, ntdomain); + if (server_info->info3 != NULL) { + server_info->info3->base.domain.string = + talloc_strdup(server_info->info3, ntdomain); } } - (*server_info)->nss_token |= username_was_mapped; + server_info->nss_token |= username_was_mapped; - if (!mapped_to_guest) { - status = create_local_token(*server_info); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10,("failed to create local token: %s\n", - nt_errstr(status))); - return status; - } + status = create_local_token(mem_ctx, server_info, session_key, session_info); + talloc_free(server_info); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("failed to create local token: %s\n", + nt_errstr(status))); + return status; } return NT_STATUS_OK; @@ -290,14 +288,15 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx, return NT_STATUS_NOT_IMPLEMENTED; } -NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, +NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, char *ntuser, char *ntdomain, char *username, struct passwd *pw, struct PAC_LOGON_INFO *logon_info, - bool mapped_to_guest, - struct auth_serversupplied_info **server_info) + bool mapped_to_guest, bool username_was_mapped, + DATA_BLOB *session_key, + struct auth_serversupplied_info **session_info) { return NT_STATUS_NOT_IMPLEMENTED; } |