s3-privs Call security_token_set_privilege() rather than manual assignment

This avoids as much direct modifiction of the bitmask as possible.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>

diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index e8334c63068a25dab4e9556afad2d80a3140a595..bc7d998341138b484bc6166daacb9045ce11683f 100644 (file)
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -112,7 +112,7 @@ struct security_token *get_root_nt_token( void )
        token = create_local_nt_token(talloc_autofree_context(), &u_sid, False,
                                      1, &global_sid_Builtin_Administrators);
 
-       token->privilege_mask = se_disk_operators;
+       security_token_set_privilege(token, SEC_PRIV_DISK_OPERATOR);
 
        for_cache = token;
 

diff --git a/source3/registry/reg_util_token.c b/source3/registry/reg_util_token.c
index 898b64b2a72d0cc5bb1b7e3375679e9f1de7d7c4..6373d48305b1c41d99f08a88b51ea26f81694361 100644 (file)
--- a/source3/registry/reg_util_token.c
+++ b/source3/registry/reg_util_token.c
@@ -43,7 +43,8 @@ NTSTATUS registry_create_admin_token(TALLOC_CTX *mem_ctx,
                status = NT_STATUS_NO_MEMORY;
                goto done;
        }
-       token->privilege_mask = se_disk_operators;
+       security_token_set_privilege(token, SEC_PRIV_DISK_OPERATOR);
+
        status = add_sid_to_array(token, &global_sid_Builtin_Administrators,
                                  &token->sids, &token->num_sids);
        if (!NT_STATUS_IS_OK(status)) {