diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-04-09 17:22:35 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-04-10 21:41:02 +1000 |
commit | 6ef167c37bcf2842434a51733c351246294842a2 (patch) | |
tree | 151ae3a941ba03d8e60851238553da05a966f35e /source4/dsdb/samdb/ldb_modules | |
parent | 944dc2cb0ba13799a343f655a353013e4a9d8dd1 (diff) | |
download | samba-6ef167c37bcf2842434a51733c351246294842a2.tar.gz samba-6ef167c37bcf2842434a51733c351246294842a2.tar.bz2 samba-6ef167c37bcf2842434a51733c351246294842a2.zip |
s4:rootdse Implement "tokenGroups" in the rootDSE
This returns the currently connected user's full token. This is very
useful for debugging, and should be used in ACL tests.
Andrew Bartlett
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/rootdse.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 808552f327..e99fcaa516 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -29,6 +29,7 @@ #include "dsdb/samdb/ldb_modules/util.h" #include "libcli/security/security.h" #include "librpc/ndr/libndr.h" +#include "auth/auth.h" struct private_data { unsigned int num_controls; @@ -381,6 +382,23 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } + if (do_attribute(attrs, "tokenGroups")) { + unsigned int i; + /* Obtain the user's session_info */ + struct auth_session_info *session_info + = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); + if (session_info && session_info->security_token) { + /* The list of groups this user is in */ + for (i = 0; i < session_info->security_token->num_sids; i++) { + if (samdb_msg_add_dom_sid(ldb, msg, msg, + "tokenGroups", + session_info->security_token->sids[i]) != 0) { + goto failed; + } + } + } + } + /* TODO: lots more dynamic attributes should be added here */ return LDB_SUCCESS; |