diff options
Diffstat (limited to 'source4/dsdb/samdb')
| -rw-r--r-- | source4/dsdb/samdb/samdb.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index 7ba440006a..a8428a9c54 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -222,11 +222,28 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx, } } - /* setup the privilege mask for this token */ - status = samdb_privilege_setup(lp_ctx, ptoken); - if (!NT_STATUS_IS_OK(status)) { - talloc_free(ptoken); - return status; + /* The caller may have requested simple privilages, for example if there isn't a local DB */ + if (session_info_flags & AUTH_SESSION_INFO_SIMPLE_PRIVILEGES) { + /* Shortcuts to prevent recursion and avoid lookups */ + if (ptoken->sids == NULL) { + ptoken->privilege_mask = 0; + } else if (security_token_is_system(ptoken)) { + ptoken->privilege_mask = ~0; + } else if (security_token_is_anonymous(ptoken)) { + ptoken->privilege_mask = 0; + } else if (security_token_has_builtin_administrators(ptoken)) { + ptoken->privilege_mask = ~0; + } else { + /* All other 'users' get a empty priv set so far */ + ptoken->privilege_mask = 0; + } + } else { + /* setup the privilege mask for this token */ + status = samdb_privilege_setup(lp_ctx, ptoken); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(ptoken); + return status; + } } security_token_debug(0, 10, ptoken); |