summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-11-06 01:20:28 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:05:32 -0500
commitac29f519363d994052e4f6ec44c7bae40cd0d9a9 (patch)
treece4a6c77d05bbc01d46112031a7bc8d1cde404bd /source4
parented277bb89ecbd1d9f99f9cfce705903bd3762dfd (diff)
downloadsamba-ac29f519363d994052e4f6ec44c7bae40cd0d9a9.tar.gz
samba-ac29f519363d994052e4f6ec44c7bae40cd0d9a9.tar.bz2
samba-ac29f519363d994052e4f6ec44c7bae40cd0d9a9.zip
r3570: Export the user's group list from ntlm_auth, via a new command 'UG'
(user groups). The form of this is not final, but is this should be a discussion point with the squid team. Andrew Bartlett (This used to be commit cbb0c67d06f75c2d8841a95ba8837124160ffd49)
Diffstat (limited to 'source4')
-rw-r--r--source4/utils/ntlm_auth.c32
1 files changed, 30 insertions, 2 deletions
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c
index feaae17abb..8d7f750af6 100644
--- a/source4/utils/ntlm_auth.c
+++ b/source4/utils/ntlm_auth.c
@@ -332,6 +332,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
(strncmp(buf, "KK ", 3) != 0) &&
(strncmp(buf, "AF ", 3) != 0) &&
(strncmp(buf, "NA ", 3) != 0) &&
+ (strncmp(buf, "UG", 2) != 0) &&
(strncmp(buf, "PW ", 3) != 0)) {
DEBUG(1, ("SPNEGO request [%s] invalid\n", buf));
mux_printf(mux_id, "BH\n");
@@ -405,8 +406,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
talloc_strndup((*gensec_state),
(const char *)in.data,
in.length)))) {
- DEBUG(1, ("Out of memory\n"));
- mux_printf(mux_id, "BH\n");
+ DEBUG(1, ("gensec_set_password failed: %s\n", nt_errstr(nt_status)));
+ mux_printf(mux_id, "BH %s\n", nt_errstr(nt_status));
data_blob_free(&in);
return;
}
@@ -416,6 +417,33 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
return;
}
+ if (strncmp(buf, "UG", 2) == 0) {
+ int i;
+ char *grouplist = NULL;
+ struct auth_session_info *session_info;
+
+ if (!NT_STATUS_IS_OK(gensec_session_info(*gensec_state, &session_info))) {
+ DEBUG(1, ("gensec_session_info failed: %s\n", nt_errstr(nt_status)));
+ mux_printf(mux_id, "BH %s\n", nt_errstr(nt_status));
+ data_blob_free(&in);
+ return;
+ }
+
+ /* get the string onto the context */
+ grouplist = talloc_strdup(session_info, "");
+
+ for (i=0; i< session_info->nt_user_token->num_sids; i++) {
+ grouplist = talloc_asprintf_append(grouplist, "%s,",
+ dom_sid_string(session_info,
+ session_info->nt_user_token->user_sids[i]));
+ }
+
+ mux_printf(mux_id, "GL %s\n", grouplist);
+ free_session_info(&session_info);
+ data_blob_free(&in);
+ return;
+ }
+
/* update */
nt_status = gensec_update(*gensec_state, NULL, in, &out);