summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-04-09 17:22:35 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-04-10 21:41:02 +1000
commit6ef167c37bcf2842434a51733c351246294842a2 (patch)
tree151ae3a941ba03d8e60851238553da05a966f35e /source4/dsdb/samdb/ldb_modules
parent944dc2cb0ba13799a343f655a353013e4a9d8dd1 (diff)
downloadsamba-6ef167c37bcf2842434a51733c351246294842a2.tar.gz
samba-6ef167c37bcf2842434a51733c351246294842a2.tar.bz2
samba-6ef167c37bcf2842434a51733c351246294842a2.zip
s4:rootdse Implement "tokenGroups" in the rootDSE
This returns the currently connected user's full token. This is very useful for debugging, and should be used in ACL tests. Andrew Bartlett
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules')
-rw-r--r--source4/dsdb/samdb/ldb_modules/rootdse.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 808552f327..e99fcaa516 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -29,6 +29,7 @@
#include "dsdb/samdb/ldb_modules/util.h"
#include "libcli/security/security.h"
#include "librpc/ndr/libndr.h"
+#include "auth/auth.h"
struct private_data {
unsigned int num_controls;
@@ -381,6 +382,23 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
}
}
+ if (do_attribute(attrs, "tokenGroups")) {
+ unsigned int i;
+ /* Obtain the user's session_info */
+ struct auth_session_info *session_info
+ = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
+ if (session_info && session_info->security_token) {
+ /* The list of groups this user is in */
+ for (i = 0; i < session_info->security_token->num_sids; i++) {
+ if (samdb_msg_add_dom_sid(ldb, msg, msg,
+ "tokenGroups",
+ session_info->security_token->sids[i]) != 0) {
+ goto failed;
+ }
+ }
+ }
+ }
+
/* TODO: lots more dynamic attributes should be added here */
return LDB_SUCCESS;