diff options
Diffstat (limited to 'source4/libcli/security')
-rw-r--r-- | source4/libcli/security/access_check.c | 8 | ||||
-rw-r--r-- | source4/libcli/security/object_tree.c | 6 |
2 files changed, 9 insertions, 5 deletions
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 543b0f74c5..954c54c38b 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -125,9 +125,13 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd, security_token_has_sid(token, sd->owner_sid)) { bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE); } - if ((bits_remaining & SEC_STD_DELETE) && + if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) && security_token_has_privilege(token, SEC_PRIV_RESTORE)) { - bits_remaining &= ~SEC_STD_DELETE; + bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE); + } + if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) && + security_token_has_privilege(token, SEC_PRIV_BACKUP)) { + bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP); } if (sd->dacl == NULL) { diff --git a/source4/libcli/security/object_tree.c b/source4/libcli/security/object_tree.c index 8a90019a59..85b407913c 100644 --- a/source4/libcli/security/object_tree.c +++ b/source4/libcli/security/object_tree.c @@ -94,13 +94,13 @@ struct object_tree * get_object_tree_by_GUID(struct object_tree *root, /* Change the granted access per each ACE */ void object_tree_modify_access(struct object_tree *root, - uint32_t access) + uint32_t access_mask) { struct object_tree *p; if (root){ - root->remaining_access &= ~access; + root->remaining_access &= ~access_mask; } for (p = root->children; p != NULL; p = p->next) - object_tree_modify_access(p, access); + object_tree_modify_access(p, access_mask); } |