s4:auth Change auth_generate_session_info to take flags

This allows us to control what groups should be added in what use
cases, and in particular to more carefully control the introduction of
the 'authenticated' group.

In particular, in the 'service_named_pipe' protocol, we do not have
control over the addition of the authenticated users group, so we key
of 'is this user the anonymous SID'.

This also takes more care to allocate the right length ptoken->sids

Andrew Bartlett

1 files changed, 5 insertions, 0 deletions

diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 0e32c504dd..9ce338c8ae 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -48,6 +48,10 @@ struct loadparm_context;
 #define USER_INFO_DONT_CHECK_UNIX_ACCOUNT   0x04 /* don't check unix account status */
 #define USER_INFO_INTERACTIVE_LOGON         0x08 /* don't check unix account status */
 
+#define AUTH_SESSION_INFO_DEFAULT_GROUPS 0x01 /* Add the user to the default world and network groups */
+#define AUTH_SESSION_INFO_AUTHENTICATED  0x02 /* Add the user to the 'authenticated users' group */
+#define AUTH_SESSION_INFO_ENTERPRISE_DC  0x04 /* Add the user to the 'enterprise DC' group */
+
 enum auth_password_state {
 	AUTH_PASSWORD_RESPONSE,
 	AUTH_PASSWORD_HASH,
@@ -211,6 +215,7 @@ struct auth_context {
 	NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx,
 					  struct auth_context *auth_context,
 					  struct auth_serversupplied_info *server_info,
+					  uint32_t session_info_flags,
 					  struct auth_session_info **session_info);
 };