From e84b8a72bd63d3f4af810536068ae65d33aabff8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jul 2011 15:39:27 +1000 Subject: gensec: Add a way to request a unix token from GENSEC Signed-off-by: Andrew Tridgell --- source4/auth/auth.h | 1 + source4/auth/gensec/gensec.c | 17 ++++++++++++----- source4/auth/gensec/gensec.h | 1 + 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/source4/auth/auth.h b/source4/auth/auth.h index 04731af019..caab230a46 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -48,6 +48,7 @@ struct loadparm_context; #define AUTH_SESSION_INFO_DEFAULT_GROUPS 0x01 /* Add the user to the default world and network groups */ #define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the 'authenticated users' group */ #define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES 0x04 /* Use a trivial map between users and privilages, rather than a DB */ +#define AUTH_SESSION_INFO_UNIX_TOKEN 0x08 /* The returned token must have the unix_token and unix_info elements provided */ struct auth_method_context; struct auth_check_password_request; diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 7e6a83d51f..7dd3eac3b7 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -1320,21 +1320,28 @@ NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx, struct auth_session_info **session_info) { NTSTATUS nt_status; - uint32_t flags = AUTH_SESSION_INFO_DEFAULT_GROUPS; + uint32_t session_info_flags = 0; + + if (gensec_security->want_features & GENSEC_FEATURE_UNIX_TOKEN) { + session_info_flags |= AUTH_SESSION_INFO_UNIX_TOKEN; + } + + session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS; if (user_info_dc->info->authenticated) { - flags |= AUTH_SESSION_INFO_AUTHENTICATED; + session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED; } + if (gensec_security->auth_context) { nt_status = gensec_security->auth_context->generate_session_info(mem_ctx, gensec_security->auth_context, user_info_dc, - flags, + session_info_flags, session_info); } else { - flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES; + session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES; nt_status = auth_generate_session_info(mem_ctx, NULL, NULL, - user_info_dc, flags, + user_info_dc, session_info_flags, session_info); } return nt_status; diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index e42b4aa5d2..322adce2ea 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -59,6 +59,7 @@ struct gensec_target { #define GENSEC_FEATURE_DATAGRAM_MODE 0x00000020 #define GENSEC_FEATURE_SIGN_PKT_HEADER 0x00000040 #define GENSEC_FEATURE_NEW_SPNEGO 0x00000080 +#define GENSEC_FEATURE_UNIX_TOKEN 0x00000100 /* GENSEC mode */ enum gensec_role -- cgit