summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/samdb.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-12-21 11:43:04 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-12-21 15:10:38 +1100
commit6f7423c7f1cc3a4596a955a90f315ffbf1025c3b (patch)
tree51a80bb8e78545e1e05f8b0b1804e26144ece8cb /source4/dsdb/samdb/samdb.c
parent1961d7a4119200b8a4ad7b0207e0cdcf2e10d3f8 (diff)
downloadsamba-6f7423c7f1cc3a4596a955a90f315ffbf1025c3b.tar.gz
samba-6f7423c7f1cc3a4596a955a90f315ffbf1025c3b.tar.bz2
samba-6f7423c7f1cc3a4596a955a90f315ffbf1025c3b.zip
s4-auth Remove duplicate copies of session_info creation code
We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett
Diffstat (limited to 'source4/dsdb/samdb/samdb.c')
-rw-r--r--source4/dsdb/samdb/samdb.c27
1 files changed, 22 insertions, 5 deletions
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 7ba440006a..a8428a9c54 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -222,11 +222,28 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
}
}
- /* setup the privilege mask for this token */
- status = samdb_privilege_setup(lp_ctx, ptoken);
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(ptoken);
- return status;
+ /* The caller may have requested simple privilages, for example if there isn't a local DB */
+ if (session_info_flags & AUTH_SESSION_INFO_SIMPLE_PRIVILEGES) {
+ /* Shortcuts to prevent recursion and avoid lookups */
+ if (ptoken->sids == NULL) {
+ ptoken->privilege_mask = 0;
+ } else if (security_token_is_system(ptoken)) {
+ ptoken->privilege_mask = ~0;
+ } else if (security_token_is_anonymous(ptoken)) {
+ ptoken->privilege_mask = 0;
+ } else if (security_token_has_builtin_administrators(ptoken)) {
+ ptoken->privilege_mask = ~0;
+ } else {
+ /* All other 'users' get a empty priv set so far */
+ ptoken->privilege_mask = 0;
+ }
+ } else {
+ /* setup the privilege mask for this token */
+ status = samdb_privilege_setup(lp_ctx, ptoken);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(ptoken);
+ return status;
+ }
}
security_token_debug(0, 10, ptoken);