Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Apr 27 23:08:48 CEST 2011 on sn-devel-104
|
|
This only works for Heimdal and MIT Krb5 1.8, other versions will get
an ACCESS_DEINED error.
We no longer manually verify any details of the PAC in Samba for
GSSAPI logins, as we never had the information to do it properly, and
it is better to have the GSSAPI library handle it.
Andrew Bartlett
|
|
This Heimdal function does not set the global state, and allows the
GSSAPI server to progress further when compiled against Heimdal (such
as in the top level build).
The ability to specify a keytab has been removed from the API as it is
unused, and and the Heimdal function (avoiding setting global
variables) works with an open keytab.
Andrew Bartlett
|
|
Before a auth_serversupplied_info struct can be used for
authorization, the local groups and privileges must be calculated.
create_local_token() now copies the server_info, and then sets the
calulated token and unix groups.
Soon, it will also transform the result into an expanded struct
auth_session_info. Until then, the variable name (server_info vs
session_info provides a clue to the developer about what information
has been entered in the structure).
By moving the calls to create_local_token within the codebase, we
remove duplication, and ensure that the session key (where modified)
is consistently copied into the new structure.
Andrew Bartlett
|
|
This ensures that all callers don't need to each add builtin groups
and privileges to the user's token
Andrew Bartlett
|
|
Guenther
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|