summaryrefslogtreecommitdiffstats
path: root/source4/dsdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-12-21 11:43:04 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-12-21 15:10:38 +1100
commit6f7423c7f1cc3a4596a955a90f315ffbf1025c3b (patch)
tree51a80bb8e78545e1e05f8b0b1804e26144ece8cb /source4/dsdb
parent1961d7a4119200b8a4ad7b0207e0cdcf2e10d3f8 (diff)
downloadsamba-6f7423c7f1cc3a4596a955a90f315ffbf1025c3b.tar.gz
samba-6f7423c7f1cc3a4596a955a90f315ffbf1025c3b.tar.xz
samba-6f7423c7f1cc3a4596a955a90f315ffbf1025c3b.zip
s4-auth Remove duplicate copies of session_info creation code
We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/samdb.c27
1 files changed, 22 insertions, 5 deletions
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 7ba440006ae..a8428a9c548 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -222,11 +222,28 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
}
}
- /* setup the privilege mask for this token */
- status = samdb_privilege_setup(lp_ctx, ptoken);
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(ptoken);
- return status;
+ /* The caller may have requested simple privilages, for example if there isn't a local DB */
+ if (session_info_flags & AUTH_SESSION_INFO_SIMPLE_PRIVILEGES) {
+ /* Shortcuts to prevent recursion and avoid lookups */
+ if (ptoken->sids == NULL) {
+ ptoken->privilege_mask = 0;
+ } else if (security_token_is_system(ptoken)) {
+ ptoken->privilege_mask = ~0;
+ } else if (security_token_is_anonymous(ptoken)) {
+ ptoken->privilege_mask = 0;
+ } else if (security_token_has_builtin_administrators(ptoken)) {
+ ptoken->privilege_mask = ~0;
+ } else {
+ /* All other 'users' get a empty priv set so far */
+ ptoken->privilege_mask = 0;
+ }
+ } else {
+ /* setup the privilege mask for this token */
+ status = samdb_privilege_setup(lp_ctx, ptoken);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(ptoken);
+ return status;
+ }
}
security_token_debug(0, 10, ptoken);