From 9c6b637ce8a750fa2fef6a5d3a303bf9e6c4eea5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 19 Apr 2010 15:51:57 +1000 Subject: s4:auth Change auth_generate_session_info to take flags This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett --- source4/auth/ntlm/auth_simple.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source4/auth/ntlm') diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c index 7f972ac296..9c8f7f64ac 100644 --- a/source4/auth/ntlm/auth_simple.c +++ b/source4/auth/ntlm/auth_simple.c @@ -87,8 +87,14 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, } if (session_info) { + uint32_t flags = AUTH_SESSION_INFO_DEFAULT_GROUPS; + if (server_info->authenticated) { + flags |= AUTH_SESSION_INFO_AUTHENTICATED; + } nt_status = auth_context->generate_session_info(tmp_ctx, auth_context, - server_info, session_info); + server_info, + flags, + session_info); if (NT_STATUS_IS_OK(nt_status)) { talloc_steal(mem_ctx, *session_info); -- cgit