r4151: added privilege attribute handling on samdb.

pvfs will now honor some privileges on ACLs, and it will be quite easy
to add the checks for more privileges in the necessary places, by
making calls to sec_privilege_check().
(This used to be commit 3549039d0fbc54f87ae679e7288b82b28713e487)

1 files changed, 13 insertions, 5 deletions

diff --git a/source4/libcli/security/privilege.c b/source4/libcli/security/privilege.c
index 10a51c8b42..93599598db 100644
--- a/source4/libcli/security/privilege.c
+++ b/source4/libcli/security/privilege.c
@@ -85,12 +85,22 @@ int sec_privilege_id(const char *name)
 
 
 /*
-  return True if a security_token has a particular privilege bit set
+  return a privilege mask given a privilege id
 */
-BOOL sec_privilege_check(const struct security_token *token, unsigned int privilege)
+uint64_t sec_privilege_mask(unsigned int privilege)
 {
 	uint64_t mask = 1;
 	mask <<= (privilege-1);
+	return mask;
+}
+
+
+/*
+  return True if a security_token has a particular privilege bit set
+*/
+BOOL sec_privilege_check(const struct security_token *token, unsigned int privilege)
+{
+	uint64_t mask = sec_privilege_mask(privilege);
 	if (token->privilege_mask & mask) {
 		return True;
 	}
@@ -102,7 +112,5 @@ BOOL sec_privilege_check(const struct security_token *token, unsigned int privil
 */
 void sec_privilege_set(struct security_token *token, unsigned int privilege)
 {
-	uint64_t mask = 1;
-	mask <<= (privilege-1);
-	token->privilege_mask |= mask;
+	token->privilege_mask |= sec_privilege_mask(privilege);
 }