diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-09-18 10:29:02 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-10-14 02:35:04 +0000 |
commit | a040466d0d6866f2ede22261fbd90018773b03de (patch) | |
tree | 3634577f22278185b9abff6c6ab0636b0d71fcb8 /source3/lib | |
parent | 7c6105ec27612adc712d3afcd3a794b6b7d32d8d (diff) | |
download | samba-a040466d0d6866f2ede22261fbd90018773b03de.tar.gz samba-a040466d0d6866f2ede22261fbd90018773b03de.tar.bz2 samba-a040466d0d6866f2ede22261fbd90018773b03de.zip |
s3-acl Merge source4-supported privileges into se_access_check
This will shortly be the common se_access_check function.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/util_seaccess.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index af7ba24194..5fc450ec25 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -178,17 +178,13 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, bits_remaining)); } -#if 0 - /* We need to support SeSecurityPrivilege for this. */ - if (access_desired & SEC_FLAG_SYSTEM_SECURITY) { - if (user_has_privileges(token, &sec_security)) { + if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY; } else { return NT_STATUS_PRIVILEGE_NOT_HELD; } } -#endif /* a NULL dacl allows access */ if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) { @@ -205,6 +201,14 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, (security_token_has_privilege(token, SEC_PRIV_RESTORE))) { bits_remaining &= ~SEC_STD_DELETE; } + if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) && + security_token_has_privilege(token, SEC_PRIV_RESTORE)) { + bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE); + } + if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) && + security_token_has_privilege(token, SEC_PRIV_BACKUP)) { + bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP); + } if (sd->dacl == NULL) { goto done; |