summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-12-31 22:24:44 +1100
committerStefan Metzmacher <metze@samba.org>2012-01-11 09:02:41 +0100
commitf5a117172ec17e1b0b9245bb5e067ca2da23572c (patch)
treecc73241b5134a73d7927807de90ec8cf55a77e37 /source4/auth
parent14c8a13d3e2b2eb199e9eb26fa41f89bc380509e (diff)
downloadsamba-f5a117172ec17e1b0b9245bb5e067ca2da23572c.tar.gz
samba-f5a117172ec17e1b0b9245bb5e067ca2da23572c.tar.bz2
samba-f5a117172ec17e1b0b9245bb5e067ca2da23572c.zip
gensec: move gensec_util.c to the top level
To do this some defines need to move to common_auth.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/auth.h5
-rw-r--r--source4/auth/gensec/gensec_util.c98
-rw-r--r--source4/auth/gensec/wscript_build2
3 files changed, 1 insertions, 104 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 06857fad2e..a7fc413ecc 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -45,11 +45,6 @@ struct loadparm_context;
/* version 0 - till samba4 is stable - metze */
#define AUTH4_INTERFACE_VERSION 0
-#define AUTH_SESSION_INFO_DEFAULT_GROUPS 0x01 /* Add the user to the default world and network groups */
-#define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the 'authenticated users' group */
-#define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES 0x04 /* Use a trivial map between users and privilages, rather than a DB */
-#define AUTH_SESSION_INFO_UNIX_TOKEN 0x08 /* The returned token must have the unix_token and unix_info elements provided */
-
struct auth_method_context;
struct auth_check_password_request;
struct auth4_context;
diff --git a/source4/auth/gensec/gensec_util.c b/source4/auth/gensec/gensec_util.c
deleted file mode 100644
index 9c5db48378..0000000000
--- a/source4/auth/gensec/gensec_util.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Generic Authentication Interface
-
- Copyright (C) Andrew Tridgell 2003
- Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2006
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "auth/gensec/gensec.h"
-#include "auth/gensec/gensec_proto.h"
-#include "auth/auth.h"
-#include "auth/credentials/credentials.h"
-#include "auth/system_session_proto.h"
-
-NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
- struct gensec_security *gensec_security,
- struct auth_user_info_dc *user_info_dc,
- struct auth_session_info **session_info)
-{
- NTSTATUS nt_status;
- uint32_t session_info_flags = 0;
-
- if (gensec_security->want_features & GENSEC_FEATURE_UNIX_TOKEN) {
- session_info_flags |= AUTH_SESSION_INFO_UNIX_TOKEN;
- }
-
- session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
- if (user_info_dc->info->authenticated) {
- session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
- }
-
- if (gensec_security->auth_context) {
- nt_status = gensec_security->auth_context->generate_session_info(mem_ctx, gensec_security->auth_context,
- user_info_dc,
- session_info_flags,
- session_info);
- } else {
- DEBUG(0, ("Cannot generate a session_info without the auth_context\n"));
- return NT_STATUS_INTERNAL_ERROR;
- }
- return nt_status;
-}
-
-NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx,
- struct gensec_security *gensec_security,
- struct smb_krb5_context *smb_krb5_context,
- DATA_BLOB *pac_blob,
- const char *principal_string,
- const struct tsocket_address *remote_address,
- struct auth_session_info **session_info)
-{
- uint32_t session_info_flags = 0;
-
- if (gensec_security->want_features & GENSEC_FEATURE_UNIX_TOKEN) {
- session_info_flags |= AUTH_SESSION_INFO_UNIX_TOKEN;
- }
-
- session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
-
- if (!pac_blob) {
- if (!gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) {
- DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access\n",
- principal_string));
- return NT_STATUS_ACCESS_DENIED;
- }
- DEBUG(1, ("Unable to find PAC for %s, resorting to local user lookup\n",
- principal_string));
- }
-
- if (gensec_security->auth_context && gensec_security->auth_context->generate_session_info_pac) {
- return gensec_security->auth_context->generate_session_info_pac(gensec_security->auth_context,
- mem_ctx,
- smb_krb5_context,
- pac_blob,
- principal_string,
- remote_address,
- session_info_flags,
- session_info);
- } else {
- DEBUG(0, ("Cannot generate a session_info without the auth_context\n"));
- return NT_STATUS_INTERNAL_ERROR;
- }
-}
diff --git a/source4/auth/gensec/wscript_build b/source4/auth/gensec/wscript_build
index e298954536..2eb49e6abc 100644
--- a/source4/auth/gensec/wscript_build
+++ b/source4/auth/gensec/wscript_build
@@ -1,7 +1,7 @@
#!/usr/bin/env python
bld.SAMBA_SUBSYSTEM('gensec_util',
- source='socket.c gensec_tstream.c gensec_util.c',
+ source='socket.c gensec_tstream.c',
deps='tevent-util tevent samba-util LIBTSOCKET',
autoproto='gensec_proto.h')