summaryrefslogtreecommitdiff
path: root/source4/libcli
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli')
-rw-r--r--source4/libcli/auth/gensec_krb5.c7
-rw-r--r--source4/libcli/security/privilege.c18
2 files changed, 20 insertions, 5 deletions
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c
index 602e42a5ff..88e7cdd2e3 100644
--- a/source4/libcli/auth/gensec_krb5.c
+++ b/source4/libcli/auth/gensec_krb5.c
@@ -716,6 +716,13 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
= dom_sid_add_rid(session_info, sid,
logon_info->groups[ptoken->num_sids - 2].rid);
}
+
+ /* setup any privileges for this token */
+ nt_status = samdb_privilege_setup(ptoken);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(ptoken);
+ return nt_status;
+ }
debug_security_token(DBGC_AUTH, 0, ptoken);
diff --git a/source4/libcli/security/privilege.c b/source4/libcli/security/privilege.c
index 10a51c8b42..93599598db 100644
--- a/source4/libcli/security/privilege.c
+++ b/source4/libcli/security/privilege.c
@@ -85,12 +85,22 @@ int sec_privilege_id(const char *name)
/*
- return True if a security_token has a particular privilege bit set
+ return a privilege mask given a privilege id
*/
-BOOL sec_privilege_check(const struct security_token *token, unsigned int privilege)
+uint64_t sec_privilege_mask(unsigned int privilege)
{
uint64_t mask = 1;
mask <<= (privilege-1);
+ return mask;
+}
+
+
+/*
+ return True if a security_token has a particular privilege bit set
+*/
+BOOL sec_privilege_check(const struct security_token *token, unsigned int privilege)
+{
+ uint64_t mask = sec_privilege_mask(privilege);
if (token->privilege_mask & mask) {
return True;
}
@@ -102,7 +112,5 @@ BOOL sec_privilege_check(const struct security_token *token, unsigned int privil
*/
void sec_privilege_set(struct security_token *token, unsigned int privilege)
{
- uint64_t mask = 1;
- mask <<= (privilege-1);
- token->privilege_mask |= mask;
+ token->privilege_mask |= sec_privilege_mask(privilege);
}