diff options
author | Andrew Tridgell <tridge@samba.org> | 2009-10-17 09:09:19 +1100 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-10-17 13:01:03 +1100 |
commit | c3b09d18a8bad730fce1d01531ea7684a5c105e1 (patch) | |
tree | d48de4e7df885dce013014bca8cfd5489fa61694 /source4 | |
parent | 53dec869b83c55122e2cde6274ba6ebe328e12c1 (diff) | |
download | samba-c3b09d18a8bad730fce1d01531ea7684a5c105e1.tar.gz samba-c3b09d18a8bad730fce1d01531ea7684a5c105e1.tar.bz2 samba-c3b09d18a8bad730fce1d01531ea7684a5c105e1.zip |
s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masks
Diffstat (limited to 'source4')
-rw-r--r-- | source4/libcli/security/access_check.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 4bede15def..954c54c38b 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -34,12 +34,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, if (security_token_has_sid(token, sd->owner_sid)) { granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; - } - if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) { - granted |= SEC_RIGHTS_PRIV_RESTORE; - } - if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) { - granted |= SEC_RIGHTS_PRIV_BACKUP; + } else if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) { + granted |= SEC_STD_DELETE; } if (sd->dacl == NULL) { |