diff options
Diffstat (limited to 'source4/libcli')
-rw-r--r-- | source4/libcli/auth/gensec_krb5.c | 7 | ||||
-rw-r--r-- | source4/libcli/security/privilege.c | 18 |
2 files changed, 20 insertions, 5 deletions
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c index 602e42a5ff..88e7cdd2e3 100644 --- a/source4/libcli/auth/gensec_krb5.c +++ b/source4/libcli/auth/gensec_krb5.c @@ -716,6 +716,13 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security = dom_sid_add_rid(session_info, sid, logon_info->groups[ptoken->num_sids - 2].rid); } + + /* setup any privileges for this token */ + nt_status = samdb_privilege_setup(ptoken); + if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(ptoken); + return nt_status; + } debug_security_token(DBGC_AUTH, 0, ptoken); diff --git a/source4/libcli/security/privilege.c b/source4/libcli/security/privilege.c index 10a51c8b42..93599598db 100644 --- a/source4/libcli/security/privilege.c +++ b/source4/libcli/security/privilege.c @@ -85,12 +85,22 @@ int sec_privilege_id(const char *name) /* - return True if a security_token has a particular privilege bit set + return a privilege mask given a privilege id */ -BOOL sec_privilege_check(const struct security_token *token, unsigned int privilege) +uint64_t sec_privilege_mask(unsigned int privilege) { uint64_t mask = 1; mask <<= (privilege-1); + return mask; +} + + +/* + return True if a security_token has a particular privilege bit set +*/ +BOOL sec_privilege_check(const struct security_token *token, unsigned int privilege) +{ + uint64_t mask = sec_privilege_mask(privilege); if (token->privilege_mask & mask) { return True; } @@ -102,7 +112,5 @@ BOOL sec_privilege_check(const struct security_token *token, unsigned int privil */ void sec_privilege_set(struct security_token *token, unsigned int privilege) { - uint64_t mask = 1; - mask <<= (privilege-1); - token->privilege_mask |= mask; + token->privilege_mask |= sec_privilege_mask(privilege); } |