From 6f7423c7f1cc3a4596a955a90f315ffbf1025c3b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 21 Dec 2010 11:43:04 +1100 Subject: s4-auth Remove duplicate copies of session_info creation code We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett --- source4/dsdb/samdb/samdb.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) (limited to 'source4/dsdb/samdb') diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index 7ba440006a..a8428a9c54 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -222,11 +222,28 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx, } } - /* setup the privilege mask for this token */ - status = samdb_privilege_setup(lp_ctx, ptoken); - if (!NT_STATUS_IS_OK(status)) { - talloc_free(ptoken); - return status; + /* The caller may have requested simple privilages, for example if there isn't a local DB */ + if (session_info_flags & AUTH_SESSION_INFO_SIMPLE_PRIVILEGES) { + /* Shortcuts to prevent recursion and avoid lookups */ + if (ptoken->sids == NULL) { + ptoken->privilege_mask = 0; + } else if (security_token_is_system(ptoken)) { + ptoken->privilege_mask = ~0; + } else if (security_token_is_anonymous(ptoken)) { + ptoken->privilege_mask = 0; + } else if (security_token_has_builtin_administrators(ptoken)) { + ptoken->privilege_mask = ~0; + } else { + /* All other 'users' get a empty priv set so far */ + ptoken->privilege_mask = 0; + } + } else { + /* setup the privilege mask for this token */ + status = samdb_privilege_setup(lp_ctx, ptoken); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(ptoken); + return status; + } } security_token_debug(0, 10, ptoken); -- cgit