summaryrefslogtreecommitdiff
path: root/libcli/security
diff options
context:
space:
mode:
Diffstat (limited to 'libcli/security')
-rw-r--r--libcli/security/access_check.c12
1 files changed, 4 insertions, 8 deletions
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 2425e8a5aa..2be5928934 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -436,14 +436,10 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL);
}
- /* TODO: remove this, as it is file server specific */
- if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) &&
- security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
- bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE);
- }
- if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) &&
- security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
- bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
+ /* SEC_PRIV_TAKE_OWNERSHIP grants SEC_STD_WRITE_OWNER */
+ if ((bits_remaining & (SEC_STD_WRITE_OWNER)) &&
+ security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
+ bits_remaining &= ~(SEC_STD_WRITE_OWNER);
}
/* a NULL dacl allows access */