1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4:auth: Add parameters for claims and device info to auth_generate_security_token()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2023-09-27 15:16:21 +13:00 committed by Joseph Sutton
parent a3a489fa53
commit 8a5921d974
4 changed files with 25 additions and 3 deletions

View File

@ -56,6 +56,8 @@ _PUBLIC_ NTSTATUS auth_generate_security_token(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx, /* Optional, if you don't want privileges */
struct ldb_context *sam_ctx, /* Optional, if you don't want local groups */
const struct auth_user_info_dc *user_info_dc,
const struct auth_user_info_dc *device_info_dc,
const struct auth_claims auth_claims,
uint32_t session_info_flags,
struct security_token **_security_token)
{
@ -63,8 +65,10 @@ _PUBLIC_ NTSTATUS auth_generate_security_token(TALLOC_CTX *mem_ctx,
NTSTATUS nt_status;
uint32_t i;
uint32_t num_sids = 0;
uint32_t num_device_sids = 0;
const char *filter = NULL;
struct auth_SidAttr *sids = NULL;
const struct auth_SidAttr *device_sids = NULL;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
if (tmp_ctx == NULL) {
@ -172,13 +176,23 @@ _PUBLIC_ NTSTATUS auth_generate_security_token(TALLOC_CTX *mem_ctx,
}
}
if (device_info_dc != NULL) {
device_sids = device_info_dc->sids;
num_device_sids = device_info_dc->num_sids;
}
/*
* TODO: if we find out that we need to add default SIDs to the device
* SIDs, as well as to the client SIDs, well do that here.
*/
nt_status = security_token_create(mem_ctx,
lp_ctx,
num_sids,
sids,
0 /* num_device_sids */,
NULL /* device_sids */,
(struct auth_claims) {},
num_device_sids,
device_sids,
auth_claims,
session_info_flags,
&security_token);
if (!NT_STATUS_IS_OK(nt_status)) {
@ -241,6 +255,8 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
lp_ctx,
sam_ctx,
user_info_dc,
NULL /*device_info_dc */,
(struct auth_claims) {},
session_info_flags,
&session_info->security_token);
if (!NT_STATUS_IS_OK(nt_status)) {

View File

@ -68,6 +68,8 @@ NTSTATUS auth_generate_security_token(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx, /* Optional, if you don't want privileges */
struct ldb_context *sam_ctx, /* Optional, if you don't want local groups */
const struct auth_user_info_dc *user_info_dc,
const struct auth_user_info_dc *device_info_dc,
const struct auth_claims auth_claims,
uint32_t session_info_flags,
struct security_token **_security_token);
NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,

View File

@ -621,6 +621,8 @@ static NTSTATUS _authn_policy_access_check(TALLOC_CTX *mem_ctx,
lp_ctx,
samdb,
client_info,
NULL /*device_info_dc */,
(struct auth_claims) {},
session_info_flags,
&security_token);
if (!NT_STATUS_IS_OK(status)) {

View File

@ -3471,6 +3471,8 @@ krb5_error_code samba_kdc_check_s4u2proxy_rbcd(
kdc_db_ctx->lp_ctx,
kdc_db_ctx->samdb,
user_info_dc,
NULL /*device_info_dc */,
(struct auth_claims) {},
session_info_flags,
&security_token);
if (!NT_STATUS_IS_OK(nt_status)) {