return NT_STATUS_OK;
}
+/* Wrapper because we don't want to expose all callers to needing to
+ * know that session_info is generated from the main ldb */
+static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
+ struct auth_context *auth_context,
+ struct auth_serversupplied_info *server_info,
+ uint32_t session_info_flags,
+ struct auth_session_info **session_info)
+{
+ return auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
+ auth_context->sam_ctx, server_info,
+ session_info_flags, session_info);
+}
+
/***************************************************************************
Make a auth_info struct for the auth subsystem
- Allow the caller to specify the methods to use, including optionally the SAM to use
ctx->set_challenge = auth_context_set_challenge;
ctx->challenge_may_be_modified = auth_challenge_may_be_modified;
ctx->get_server_info_principal = auth_get_server_info_principal;
- ctx->generate_session_info = auth_generate_session_info;
+ ctx->generate_session_info = auth_generate_session_info_wrapper;
*auth_ctx = ctx;
}
_PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
- struct auth_context *auth_context, /* Optional if the domain SID is in the NT AUTHORITY domain */
+ struct loadparm_context *lp_ctx, /* Optional, if you don't want privilages */
+ struct ldb_context *sam_ctx, /* Optional, if you don't want local groups */
struct auth_serversupplied_info *server_info,
uint32_t session_info_flags,
struct auth_session_info **_session_info)
/* Don't expand nested groups of system, anonymous etc*/
} else if (dom_sid_equal(system_sid, server_info->account_sid)) {
/* Don't expand nested groups of system, anonymous etc*/
- } else if (auth_context) {
+ } else if (sam_ctx) {
groupSIDs = talloc_array(tmp_ctx, struct dom_sid *, server_info->n_domain_groups);
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(groupSIDs, tmp_ctx);
if (!groupSIDs) {
account_sid_blob = data_blob_string_const(account_sid_dn);
- nt_status = authsam_expand_nested_groups(auth_context->sam_ctx, &account_sid_blob, true, filter,
+ nt_status = authsam_expand_nested_groups(sam_ctx, &account_sid_blob, true, filter,
tmp_ctx, &groupSIDs, &num_groupSIDs);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
primary_group_blob = data_blob_string_const(primary_group_dn);
- nt_status = authsam_expand_nested_groups(auth_context->sam_ctx, &primary_group_blob, true, filter,
+ nt_status = authsam_expand_nested_groups(sam_ctx, &primary_group_blob, true, filter,
tmp_ctx, &groupSIDs, &num_groupSIDs);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
/* This function takes in memberOf values and expands
* them, as long as they meet the filter - so only
* builtin groups */
- nt_status = authsam_expand_nested_groups(auth_context->sam_ctx, &group_blob, true, filter,
+ nt_status = authsam_expand_nested_groups(sam_ctx, &group_blob, true, filter,
tmp_ctx, &groupSIDs, &num_groupSIDs);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
}
nt_status = security_token_create(session_info,
- auth_context ? auth_context->lp_ctx : NULL,
+ lp_ctx,
server_info->account_sid,
server_info->primary_group_sid,
num_groupSIDs,
#include "librpc/gen_ndr/netlogon.h"
struct tevent_context;
-struct auth_context;
/* Create a security token for a session SYSTEM (the most
* trusted/prvilaged account), including the local machine account as
* the off-host credentials */
const char *netbios_name,
struct auth_serversupplied_info **_server_info) ;
NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
- struct auth_context *auth_context,
- struct auth_serversupplied_info *server_info,
+ struct loadparm_context *lp_ctx, /* Optional, if you don't want privilages */
+ struct ldb_context *sam_ctx, /* Optional, if you don't want local groups */
+ struct auth_serversupplied_info *server_info,
uint32_t session_info_flags,
struct auth_session_info **_session_info);
-
NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
struct loadparm_context *lp_ctx,
struct auth_session_info **_session_info);
}
/* references the server_info into the session_info */
- nt_status = auth_generate_session_info(parent_ctx, NULL, server_info, 0, &session_info);
+ nt_status = auth_generate_session_info(parent_ctx, lp_ctx, NULL, server_info, 0, &session_info);
talloc_free(mem_ctx);
NT_STATUS_NOT_OK_RETURN(nt_status);
}
/* references the server_info into the session_info */
- nt_status = auth_generate_session_info(parent_ctx, NULL, server_info, 0, &session_info);
+ nt_status = auth_generate_session_info(parent_ctx, lp_ctx, NULL, server_info, 0, &session_info);
talloc_free(mem_ctx);
NT_STATUS_NOT_OK_RETURN(nt_status);
return LDB_ERR_OPERATIONS_ERROR;
}
- status = auth_generate_session_info(tmp_ctx, auth_context, server_info, 0, &session_info);
+ status = auth_generate_session_info(tmp_ctx, auth_context->lp_ctx, ldb, server_info, 0, &session_info);
if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MEMORY)) {
talloc_free(tmp_ctx);
return ldb_module_oom(module);
NTSTATUS status;
int rv;
unsigned int i;
- struct auth_context *auth_context;
if (argc != 1) {
return net_gpo_list_usage(ctx, argc, argv);
return 1;
}
- /* We do now need an auth context to create a session */
- status = auth_context_create_from_ldb(gp_ctx, gp_ctx->ldb_ctx, &auth_context);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("Failed to get an auth context: %s\n", get_friendly_nt_error_msg(status)));
- talloc_free(gp_ctx);
- return 1;
- }
-
/* The session info will contain the security token for this user */
- status = auth_generate_session_info(gp_ctx, auth_context, server_info, 0, &session_info);
+ status = auth_generate_session_info(gp_ctx, gp_ctx->lp_ctx, gp_ctx->ldb_ctx, server_info, 0, &session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to generate session information: %s\n", get_friendly_nt_error_msg(status)));
talloc_free(gp_ctx);