diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-12-31 03:55:37 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:07:48 -0500 |
commit | a696713b43a0da1d9a224201d0803f5d4d7e2a99 (patch) | |
tree | 30b521c85015d0a47715fbd01bcb8d84adca105d /source4/libcli | |
parent | e222a342de85dbd648409a16527e55aa285933fe (diff) | |
download | samba-a696713b43a0da1d9a224201d0803f5d4d7e2a99.tar.gz samba-a696713b43a0da1d9a224201d0803f5d4d7e2a99.tar.bz2 samba-a696713b43a0da1d9a224201d0803f5d4d7e2a99.zip |
r4429: the owner of a file always gets SEC_STD_DELETE
(This used to be commit 81630d3014c8cbd970bc917e3e9aef337fa211cd)
Diffstat (limited to 'source4/libcli')
-rw-r--r-- | source4/libcli/security/access_check.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 55749f085e..632b9bdf32 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -50,9 +50,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, unsigned i; if (sid_active_in_token(sd->owner_sid, token)) { - granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL; - } - if (sec_privilege_check(token, SEC_PRIV_RESTORE)) { + granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; + } else if (sec_privilege_check(token, SEC_PRIV_RESTORE)) { granted |= SEC_STD_DELETE; } @@ -122,10 +121,10 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd, return NT_STATUS_ACCESS_DENIED; } - /* the owner always gets SEC_STD_WRITE_DAC & SEC_STD_READ_CONTROL */ - if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL)) && + /* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */ + if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) && sid_active_in_token(sd->owner_sid, token)) { - bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL); + bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE); } if ((bits_remaining & SEC_STD_DELETE) && sec_privilege_check(token, SEC_PRIV_RESTORE)) { |