diff options
author | Andrew Bartlett <abartlet@samba.org> | 2017-03-06 12:11:18 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-27 20:08:18 +0200 |
commit | a2f6327f9f6ee760ef28a024fb26a49ca2aa43e6 (patch) | |
tree | 65cf751dbef45da9cca770e3a615d104bc45c449 /auth | |
parent | b6baf35ebde68db75515910ede26e74bb8313284 (diff) | |
download | samba-a2f6327f9f6ee760ef28a024fb26a49ca2aa43e6.tar.gz |
auth: Add SID_NT_NTLM_AUTHENTICATION / S-1-5-64-10 to the token during NTLM auth
So far this is only on the AD DC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/common_auth.h | 1 | ||||
-rw-r--r-- | auth/ntlmssp/gensec_ntlmssp_server.c | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/auth/common_auth.h b/auth/common_auth.h index 8cbfc54794b..95b36cd334f 100644 --- a/auth/common_auth.h +++ b/auth/common_auth.h @@ -39,6 +39,7 @@ enum auth_password_state { #define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the 'authenticated users' group */ #define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES 0x04 /* Use a trivial map between users and privilages, rather than a DB */ #define AUTH_SESSION_INFO_UNIX_TOKEN 0x08 /* The returned token must have the unix_token and unix_info elements provided */ +#define AUTH_SESSION_INFO_NTLM 0x10 /* The returned token must have authenticated-with-NTLM flag set */ struct auth_usersupplied_info { diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c index da0cd50bac2..561c7cff5bd 100644 --- a/auth/ntlmssp/gensec_ntlmssp_server.c +++ b/auth/ntlmssp/gensec_ntlmssp_server.c @@ -62,6 +62,7 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security, } session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS; + session_info_flags |= AUTH_SESSION_INFO_NTLM; if (gensec_security->auth_context && gensec_security->auth_context->generate_session_info) { nt_status = gensec_security->auth_context->generate_session_info(gensec_security->auth_context, mem_ctx, |