From eaffadb8286ef6d68d433f8c8f244f20ad00e9d3 Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Fri, 20 Oct 2023 15:00:12 +1300 Subject: [PATCH] s4:kdc: Add a flag indicating that the device should be added to Authenticated Users Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- auth/common_auth.h | 1 + source4/auth/session.c | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/auth/common_auth.h b/auth/common_auth.h index 806f4330cca..1afb79eb5df 100644 --- a/auth/common_auth.h +++ b/auth/common_auth.h @@ -42,6 +42,7 @@ enum auth_password_state { #define AUTH_SESSION_INFO_NTLM 0x10 /* The returned token must have authenticated-with-NTLM flag set */ #define AUTH_SESSION_INFO_FORCE_COMPOUNDED_AUTHENTICATION 0x20 /* The user authenticated with a device. */ #define AUTH_SESSION_INFO_DEVICE_DEFAULT_GROUPS 0x40 /* Add the device to the default world and network groups */ +#define AUTH_SESSION_INFO_DEVICE_AUTHENTICATED 0x80 /* Add the device to the 'authenticated users' group */ struct auth_usersupplied_info { diff --git a/source4/auth/session.c b/source4/auth/session.c index 3d0f2b588d3..11cc287cd94 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -213,6 +213,22 @@ _PUBLIC_ NTSTATUS auth_generate_security_token(TALLOC_CTX *mem_ctx, .attrs = SE_GROUP_DEFAULT_FLAGS, }; } + + if (session_info_flags & AUTH_SESSION_INFO_DEVICE_AUTHENTICATED) { + device_sids = talloc_realloc(tmp_ctx, + device_sids, + struct auth_SidAttr, + num_device_sids + 1); + if (device_sids == NULL) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } + + device_sids[num_device_sids++] = (struct auth_SidAttr) { + .sid = global_sid_Authenticated_Users, + .attrs = SE_GROUP_DEFAULT_FLAGS, + }; + } } nt_status = security_token_create(mem_ctx,