s3-auth consolidate create_local_token() into make_server_info_krb5()

This ensures that all callers don't need to each add builtin groups
and privileges to the user's token

Andrew Bartlett

2 files changed, 1 insertions, 11 deletions

diff --git a/source3/rpc_server/dcesrv_gssapi.c b/source3/rpc_server/dcesrv_gssapi.c
index f60f6ce245..a3007e4044 100644
--- a/source3/rpc_server/dcesrv_gssapi.c
+++ b/source3/rpc_server/dcesrv_gssapi.c
@@ -230,7 +230,7 @@ NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx,
 
 	status = make_server_info_krb5(mem_ctx,
 					ntuser, ntdomain, username, pw,
-					logon_info, is_guest, server_info);
+				       logon_info, is_guest, is_mapped, server_info);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n",
 			  nt_errstr(status)));
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 73a34866b2..27a43f30f7 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -738,16 +738,6 @@ static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx,
 		return status;
 	}
 
-	if ((*session_info)->security_token == NULL) {
-		status = create_local_token(*session_info);
-		if (!NT_STATUS_IS_OK(status)) {
-			DEBUG(1, ("Failed to create local user token (%s)\n",
-				  nt_errstr(status)));
-			status = NT_STATUS_ACCESS_DENIED;
-			return status;
-		}
-	}
-
 	/* TODO: this is what the ntlmssp code does with the session_key, check
 	 * it is ok with gssapi too */
 	/*