2 files changed, 9 insertions, 5 deletions

diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c
index 543b0f74c5..954c54c38b 100644
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -125,9 +125,13 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd,
 	    security_token_has_sid(token, sd->owner_sid)) {
 		bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE);
 	}
-	if ((bits_remaining & SEC_STD_DELETE) &&
+	if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) &&
 	    security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
-		bits_remaining &= ~SEC_STD_DELETE;
+		bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE);
+	}
+	if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) &&
+	    security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
+		bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
 	}
 
 	if (sd->dacl == NULL) {
diff --git a/source4/libcli/security/object_tree.c b/source4/libcli/security/object_tree.c
index 8a90019a59..85b407913c 100644
--- a/source4/libcli/security/object_tree.c
+++ b/source4/libcli/security/object_tree.c
@@ -94,13 +94,13 @@ struct object_tree * get_object_tree_by_GUID(struct object_tree *root,
 /* Change the granted access per each ACE */
 
 void object_tree_modify_access(struct object_tree *root,
-			       uint32_t access)
+			       uint32_t access_mask)
 {
 	struct object_tree *p;
 	if (root){
-		root->remaining_access &= ~access;
+		root->remaining_access &= ~access_mask;
 	}
 
 	for (p = root->children; p != NULL; p = p->next)
-		object_tree_modify_access(p, access);
+		object_tree_modify_access(p, access_mask);
 }