gensec: Add a way to request a unix token from GENSEC
authorAndrew Bartlett <abartlet@samba.org>
Thu, 21 Jul 2011 05:39:27 +0000 (15:39 +1000)
committerAndrew Bartlett <abartlet@samba.org>
Fri, 29 Jul 2011 02:24:07 +0000 (04:24 +0200)
Signed-off-by: Andrew Tridgell <tridge@samba.org>
source4/auth/auth.h
source4/auth/gensec/gensec.c
source4/auth/gensec/gensec.h

index 04731af0190dc8ba72cf353c288b202dac84890b..caab230a46ed6dcb13ba3b9210d89f6481d8ecb5 100644 (file)
@@ -48,6 +48,7 @@ struct loadparm_context;
 #define AUTH_SESSION_INFO_DEFAULT_GROUPS     0x01 /* Add the user to the default world and network groups */
 #define AUTH_SESSION_INFO_AUTHENTICATED      0x02 /* Add the user to the 'authenticated users' group */
 #define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES  0x04 /* Use a trivial map between users and privilages, rather than a DB */
 #define AUTH_SESSION_INFO_DEFAULT_GROUPS     0x01 /* Add the user to the default world and network groups */
 #define AUTH_SESSION_INFO_AUTHENTICATED      0x02 /* Add the user to the 'authenticated users' group */
 #define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES  0x04 /* Use a trivial map between users and privilages, rather than a DB */
+#define AUTH_SESSION_INFO_UNIX_TOKEN         0x08 /* The returned token must have the unix_token and unix_info elements provided */
 
 struct auth_method_context;
 struct auth_check_password_request;
 
 struct auth_method_context;
 struct auth_check_password_request;
index 7e6a83d51f55642d22bd26aa32b9a2a77b4d3f47..7dd3eac3b7c25aeb9afda205400bc786a3753dc2 100644 (file)
@@ -1320,21 +1320,28 @@ NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
                                      struct auth_session_info **session_info)
 {
        NTSTATUS nt_status;
                                      struct auth_session_info **session_info)
 {
        NTSTATUS nt_status;
-       uint32_t flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
+       uint32_t session_info_flags = 0;
+
+       if (gensec_security->want_features & GENSEC_FEATURE_UNIX_TOKEN) {
+               session_info_flags |= AUTH_SESSION_INFO_UNIX_TOKEN;
+       }
+
+       session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
        if (user_info_dc->info->authenticated) {
        if (user_info_dc->info->authenticated) {
-               flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+               session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
        }
        }
+
        if (gensec_security->auth_context) {
                nt_status = gensec_security->auth_context->generate_session_info(mem_ctx, gensec_security->auth_context,
                                                                                 user_info_dc,
        if (gensec_security->auth_context) {
                nt_status = gensec_security->auth_context->generate_session_info(mem_ctx, gensec_security->auth_context,
                                                                                 user_info_dc,
-                                                                                flags,
+                                                                                session_info_flags,
                                                                                 session_info);
        } else {
                                                                                 session_info);
        } else {
-               flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
+               session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
                nt_status = auth_generate_session_info(mem_ctx,
                                                       NULL,
                                                       NULL,
                nt_status = auth_generate_session_info(mem_ctx,
                                                       NULL,
                                                       NULL,
-                                                      user_info_dc, flags,
+                                                      user_info_dc, session_info_flags,
                                                       session_info);
        }
        return nt_status;
                                                       session_info);
        }
        return nt_status;
index e42b4aa5d2f65e01d8512773fc2f22fb8f89bbcd..322adce2ea868f5148f842787c5d069dc281ed8e 100644 (file)
@@ -59,6 +59,7 @@ struct gensec_target {
 #define GENSEC_FEATURE_DATAGRAM_MODE   0x00000020
 #define GENSEC_FEATURE_SIGN_PKT_HEADER 0x00000040
 #define GENSEC_FEATURE_NEW_SPNEGO      0x00000080
 #define GENSEC_FEATURE_DATAGRAM_MODE   0x00000020
 #define GENSEC_FEATURE_SIGN_PKT_HEADER 0x00000040
 #define GENSEC_FEATURE_NEW_SPNEGO      0x00000080
+#define GENSEC_FEATURE_UNIX_TOKEN      0x00000100
 
 /* GENSEC mode */
 enum gensec_role
 
 /* GENSEC mode */
 enum gensec_role