diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-04-19 15:51:57 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-05-20 17:39:10 +1000 |
| commit | 9c6b637ce8a750fa2fef6a5d3a303bf9e6c4eea5 (patch) | |
| tree | 1526cb9826169a6ea4162b5c3f13f279cda4ff7b /source4/smb_server/smb | |
| parent | 3ff2766231625863140434bab18b27d5105deb3c (diff) | |
| download | samba-9c6b637ce8a750fa2fef6a5d3a303bf9e6c4eea5.tar.gz samba-9c6b637ce8a750fa2fef6a5d3a303bf9e6c4eea5.tar.bz2 samba-9c6b637ce8a750fa2fef6a5d3a303bf9e6c4eea5.zip | |
s4:auth Change auth_generate_session_info to take flags
This allows us to control what groups should be added in what use
cases, and in particular to more carefully control the introduction of
the 'authenticated' group.
In particular, in the 'service_named_pipe' protocol, we do not have
control over the addition of the authenticated users group, so we key
of 'is this user the anonymous SID'.
This also takes more care to allocate the right length ptoken->sids
Andrew Bartlett
Diffstat (limited to 'source4/smb_server/smb')
| -rw-r--r-- | source4/smb_server/smb/sesssetup.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index afc33dd3c6..b61fce0887 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -71,15 +71,20 @@ static void sesssetup_old_send(struct tevent_req *subreq) struct auth_session_info *session_info; struct smbsrv_session *smb_sess; NTSTATUS status; + uint32_t flags; status = auth_check_password_recv(subreq, req, &server_info); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) goto failed; + flags = AUTH_SESSION_INFO_DEFAULT_GROUPS; + if (server_info->authenticated) { + flags |= AUTH_SESSION_INFO_AUTHENTICATED; + } /* This references server_info into session_info */ status = req->smb_conn->negotiate.auth_context->generate_session_info(req, req->smb_conn->negotiate.auth_context, - server_info, &session_info); + server_info, flags, &session_info); if (!NT_STATUS_IS_OK(status)) goto failed; /* allocate a new session */ @@ -196,16 +201,23 @@ static void sesssetup_nt1_send(struct tevent_req *subreq) struct auth_session_info *session_info; struct smbsrv_session *smb_sess; + uint32_t flags; NTSTATUS status; status = auth_check_password_recv(subreq, req, &server_info); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) goto failed; + flags = AUTH_SESSION_INFO_DEFAULT_GROUPS; + if (server_info->authenticated) { + flags |= AUTH_SESSION_INFO_AUTHENTICATED; + } + /* This references server_info into session_info */ status = state->auth_context->generate_session_info(req, state->auth_context, server_info, + flags, &session_info); if (!NT_STATUS_IS_OK(status)) goto failed; |