summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-10-17 09:09:19 +1100
committerAndrew Tridgell <tridge@samba.org>2009-10-17 13:01:03 +1100
commitc3b09d18a8bad730fce1d01531ea7684a5c105e1 (patch)
treed48de4e7df885dce013014bca8cfd5489fa61694 /source4
parent53dec869b83c55122e2cde6274ba6ebe328e12c1 (diff)
downloadsamba-c3b09d18a8bad730fce1d01531ea7684a5c105e1.tar.gz
samba-c3b09d18a8bad730fce1d01531ea7684a5c105e1.tar.bz2
samba-c3b09d18a8bad730fce1d01531ea7684a5c105e1.zip
s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masks
Diffstat (limited to 'source4')
-rw-r--r--source4/libcli/security/access_check.c8
1 files changed, 2 insertions, 6 deletions
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c
index 4bede15def..954c54c38b 100644
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -34,12 +34,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
if (security_token_has_sid(token, sd->owner_sid)) {
granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE;
- }
- if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
- granted |= SEC_RIGHTS_PRIV_RESTORE;
- }
- if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
- granted |= SEC_RIGHTS_PRIV_BACKUP;
+ } else if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
+ granted |= SEC_STD_DELETE;
}
if (sd->dacl == NULL) {