diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-04-19 15:51:57 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-05-20 17:39:10 +1000 |
| commit | 9c6b637ce8a750fa2fef6a5d3a303bf9e6c4eea5 (patch) | |
| tree | 1526cb9826169a6ea4162b5c3f13f279cda4ff7b /source4/auth/session.c | |
| parent | 3ff2766231625863140434bab18b27d5105deb3c (diff) | |
| download | samba-9c6b637ce8a750fa2fef6a5d3a303bf9e6c4eea5.tar.gz samba-9c6b637ce8a750fa2fef6a5d3a303bf9e6c4eea5.tar.bz2 samba-9c6b637ce8a750fa2fef6a5d3a303bf9e6c4eea5.zip | |
s4:auth Change auth_generate_session_info to take flags
This allows us to control what groups should be added in what use
cases, and in particular to more carefully control the introduction of
the 'authenticated' group.
In particular, in the 'service_named_pipe' protocol, we do not have
control over the addition of the authenticated users group, so we key
of 'is this user the anonymous SID'.
This also takes more care to allocate the right length ptoken->sids
Andrew Bartlett
Diffstat (limited to 'source4/auth/session.c')
| -rw-r--r-- | source4/auth/session.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/source4/auth/session.c b/source4/auth/session.c index 7817195727..a21fbcf451 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -45,6 +45,7 @@ _PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context, struct auth_serversupplied_info *server_info, + uint32_t session_info_flags, struct auth_session_info **_session_info) { struct auth_session_info *session_info; @@ -61,7 +62,6 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, struct dom_sid **groupSIDs = NULL; const struct dom_sid *dom_sid; - bool is_enterprise_dc = false; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); NT_STATUS_HAVE_NO_MEMORY(tmp_ctx); @@ -82,7 +82,7 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, dom_sid = samdb_domain_sid(auth_context->sam_ctx); if (dom_sid) { if (dom_sid_in_domain(dom_sid, server_info->account_sid)) { - is_enterprise_dc = true; + session_info_flags |= AUTH_SESSION_INFO_ENTERPRISE_DC; } else { DEBUG(2, ("DC %s is not in our domain. " "It will not have Enterprise Domain Controllers membership on this server", @@ -201,8 +201,7 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, server_info->primary_group_sid, num_groupSIDs, groupSIDs, - server_info->authenticated, - is_enterprise_dc, + session_info_flags, &session_info->security_token); NT_STATUS_NOT_OK_RETURN_AND_FREE(nt_status, tmp_ctx); |