sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

s3:auth: allow special SYSTEM and ANONYMOUS handling in auth3_generate_session_info()

Browse Source 
auth_ctx->generate_session_info() will be used by the SCHANNEL and
NCALRPC_AS_SYSTEM gensec modules in future.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Stefan Metzmacher 2014-04-23 19:00:26 +02:00
parent ea27382ef4
commit 169c6d409f
1 changed files with 43 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
source3/auth/auth_ntlmssp.c
View File

@ -23,6 +23,7 @@
#include "includes.h"
#include "auth.h"
#include "libcli/security/security.h"
NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context,
TALLOC_CTX *mem_ctx,
@ -31,10 +32,50 @@ NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context,
uint32_t session_info_flags,
struct auth_session_info **session_info)
{
struct auth_serversupplied_info *server_info = talloc_get_type_abort(server_returned_info,
struct auth_serversupplied_info);
struct auth_user_info_dc *user_info = NULL;
struct auth_serversupplied_info *server_info = NULL;
NTSTATUS nt_status;
/*
* This is a hack, some callers...
*
* Some callers pass auth_user_info_dc, the SCHANNEL and
* NCALRPC_AS_SYSTEM gensec modules.
*
* While the reset passes auth3_check_password() returned.
*/
user_info = talloc_get_type(server_returned_info,
struct auth_user_info_dc);
if (user_info != NULL) {
const struct dom_sid *sid;
int cmp;
/*
* This should only be called from SCHANNEL or NCALRPC_AS_SYSTEM
*/
if (user_info->num_sids != 1) {
return NT_STATUS_INTERNAL_ERROR;
}
sid = &user_info->sids[PRIMARY_USER_SID_INDEX];
cmp = dom_sid_compare(sid, &global_sid_System);
if (cmp == 0) {
return make_session_info_system(mem_ctx, session_info);
}
cmp = dom_sid_compare(sid, &global_sid_Anonymous);
if (cmp == 0) {
/*
* TODO: use auth_anonymous_session_info() here?
*/
return make_session_info_guest(mem_ctx, session_info);
}
return NT_STATUS_INTERNAL_ERROR;
}
server_info = talloc_get_type_abort(server_returned_info,
struct auth_serversupplied_info);
nt_status = create_local_token(mem_ctx,
server_info,
NULL,