You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
sspiData\.clear\(\);
unsigned int length;
const unsigned char\* bytes = sBlock\-\>getData\(&length\);
sspiData\.add\(bytes, length\);
if \(\!sspi\.accept\(sspiData\)\)
return AUTH\_CONTINUE;
if \(wasActive && \!sspi\.isActive\(\)\)
\{
bool wheel = false;
string login;
sspi\.getLogin\(login, wheel\);
ISC\_systemToUtf8\(login\);
writerInterface\-\>add\(status, login\.c\_str\(\)\);
if \(wheel\)
\{
writerInterface\-\>add\(status, FB\_DOMAIN\_ANY\_RID\_ADMINS\);
writerInterface\-\>setType\(status, FB\_PREDEFINED\_GROUP\);
\}
// ToDo: walk groups to which login belongs and list them using writerInterface
return AUTH\_SUCCESS;
\}
sBlock\-\>putData\(status, sspiData\.getCount\(\), sspiData\.begin\(\)\);
\}
sspiData\.clear\(\);
unsigned int length;
const unsigned char\* bytes = sBlock\-\>getData\(&length\);
sspiData\.add\(bytes, length\);
if \(\!sspi\.accept\(sspiData\)\)
return AUTH\_CONTINUE;
if \(wasActive && \!sspi\.isActive\(\)\)
\{
bool wheel = false;
string login;
sspi\.getLogin\(login, wheel\);
ISC\_systemToUtf8\(login\);
writerInterface\-\>add\(status, login\.c\_str\(\)\);
if \(wheel\)
\{
writerInterface\-\>add\(status, FB\_DOMAIN\_ANY\_RID\_ADMINS\);
writerInterface\-\>setType\(status, FB\_PREDEFINED\_GROUP\);
\}
// ToDo: walk groups to which login belongs and list them using writerInterface
return AUTH\_SUCCESS;
\}
sBlock\-\>putData\(status, sspiData\.getCount\(\), sspiData\.begin\(\)\);
\}
Submitted by: Erik Jõeveer (erikj)
First enable use of Windows trusted authentication:
CREATE GLOBAL MAPPING TRUSTED_AUTH
USING PLUGIN WIN_SSPI
FROM ANY USER
TO USER;
Then we want to define some exact Windows trusted authentication user group mapping to firebird role:
CREATE MAPPING WIN_GLADMIN
USING PLUGIN WIN_SSPI
FROM Group NOOMGLADMIN
TO ROLE GLADMIN;
But this does not work.
It seems that currently works role assignment mapping only for windows admins (Predefined_Group DOMAIN_ANY_RID_ADMINS).
Mabe this issue is retated to one 'ToDo' comment in plugin WIN_SSPI code (AuthSspi.cpp):
int WinSspiServer::authenticate(Firebird::CheckStatusWrapper* status,
IServerBlock* sBlock,
IWriter* writerInterface)
{
try
{
const bool wasActive = sspi.isActive();
...
Commits: e6f525c 5b8f3b6
The text was updated successfully, but these errors were encountered: