summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/lib/util_seaccess.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index af7ba24194..5fc450ec25 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -178,17 +178,13 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
bits_remaining));
}
-#if 0
- /* We need to support SeSecurityPrivilege for this. */
-
if (access_desired & SEC_FLAG_SYSTEM_SECURITY) {
- if (user_has_privileges(token, &sec_security)) {
+ if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY;
} else {
return NT_STATUS_PRIVILEGE_NOT_HELD;
}
}
-#endif
/* a NULL dacl allows access */
if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
@@ -205,6 +201,14 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
(security_token_has_privilege(token, SEC_PRIV_RESTORE))) {
bits_remaining &= ~SEC_STD_DELETE;
}
+ if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) &&
+ security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
+ bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE);
+ }
+ if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) &&
+ security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
+ bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
+ }
if (sd->dacl == NULL) {
goto done;