s3-privs Call security_token_set_privilege() rather than manual assignment

This avoids as much direct modifiction of the bitmask as possible.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>

2 files changed, 3 insertions, 2 deletions

diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index e8334c6306..bc7d998341 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -112,7 +112,7 @@ struct security_token *get_root_nt_token( void )
 	token = create_local_nt_token(talloc_autofree_context(), &u_sid, False,
 				      1, &global_sid_Builtin_Administrators);
 
-	token->privilege_mask = se_disk_operators;
+	security_token_set_privilege(token, SEC_PRIV_DISK_OPERATOR);
 
 	for_cache = token;
 
diff --git a/source3/registry/reg_util_token.c b/source3/registry/reg_util_token.c
index 898b64b2a7..6373d48305 100644
--- a/source3/registry/reg_util_token.c
+++ b/source3/registry/reg_util_token.c
@@ -43,7 +43,8 @@ NTSTATUS registry_create_admin_token(TALLOC_CTX *mem_ctx,
 		status = NT_STATUS_NO_MEMORY;
 		goto done;
 	}
-	token->privilege_mask = se_disk_operators;
+	security_token_set_privilege(token, SEC_PRIV_DISK_OPERATOR);
+
 	status = add_sid_to_array(token, &global_sid_Builtin_Administrators,
 				  &token->sids, &token->num_sids);
 	if (!NT_STATUS_IS_OK(status)) {