gensec: Add a way to request a unix token from GENSEC
[amitay/samba.git] / source4 / auth / gensec / gensec.c
index 7e6a83d51f55642d22bd26aa32b9a2a77b4d3f47..7dd3eac3b7c25aeb9afda205400bc786a3753dc2 100644 (file)
@@ -1320,21 +1320,28 @@ NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
                                      struct auth_session_info **session_info)
 {
        NTSTATUS nt_status;
-       uint32_t flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
+       uint32_t session_info_flags = 0;
+
+       if (gensec_security->want_features & GENSEC_FEATURE_UNIX_TOKEN) {
+               session_info_flags |= AUTH_SESSION_INFO_UNIX_TOKEN;
+       }
+
+       session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
        if (user_info_dc->info->authenticated) {
-               flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+               session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
        }
+
        if (gensec_security->auth_context) {
                nt_status = gensec_security->auth_context->generate_session_info(mem_ctx, gensec_security->auth_context,
                                                                                 user_info_dc,
-                                                                                flags,
+                                                                                session_info_flags,
                                                                                 session_info);
        } else {
-               flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
+               session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
                nt_status = auth_generate_session_info(mem_ctx,
                                                       NULL,
                                                       NULL,
-                                                      user_info_dc, flags,
+                                                      user_info_dc, session_info_flags,
                                                       session_info);
        }
        return nt_status;