diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-02-11 11:50:37 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-04-05 06:32:07 +1000 |
commit | 17d8f0ad30847bb940f645ee1817d782ddaaee74 (patch) | |
tree | 1f1547798f45e3da1f0fecece628b4b07a95c0ff /source3/rpc_server/dcesrv_gssapi.c | |
parent | 2ec48260ee377e499fe7f0fc2ca18b8a078c6aaa (diff) | |
download | samba-17d8f0ad30847bb940f645ee1817d782ddaaee74.tar.gz samba-17d8f0ad30847bb940f645ee1817d782ddaaee74.tar.bz2 samba-17d8f0ad30847bb940f645ee1817d782ddaaee74.zip |
s3-auth use create_local_token() to transform server_info -> session_info
Before a auth_serversupplied_info struct can be used for
authorization, the local groups and privileges must be calculated.
create_local_token() now copies the server_info, and then sets the
calulated token and unix groups.
Soon, it will also transform the result into an expanded struct
auth_session_info. Until then, the variable name (server_info vs
session_info provides a clue to the developer about what information
has been entered in the structure).
By moving the calls to create_local_token within the codebase, we
remove duplication, and ensure that the session key (where modified)
is consistently copied into the new structure.
Andrew Bartlett
Diffstat (limited to 'source3/rpc_server/dcesrv_gssapi.c')
-rw-r--r-- | source3/rpc_server/dcesrv_gssapi.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/source3/rpc_server/dcesrv_gssapi.c b/source3/rpc_server/dcesrv_gssapi.c index a3007e4044..c8a015e066 100644 --- a/source3/rpc_server/dcesrv_gssapi.c +++ b/source3/rpc_server/dcesrv_gssapi.c @@ -228,9 +228,10 @@ NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx, /* TODO: save PAC data in netsamlogon cache ? */ - status = make_server_info_krb5(mem_ctx, + status = make_session_info_krb5(mem_ctx, ntuser, ntdomain, username, pw, - logon_info, is_guest, is_mapped, server_info); + logon_info, is_guest, is_mapped, NULL /* No session key for now */, + server_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n", nt_errstr(status))); |