From a040466d0d6866f2ede22261fbd90018773b03de Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 18 Sep 2010 10:29:02 +1000 Subject: s3-acl Merge source4-supported privileges into se_access_check This will shortly be the common se_access_check function. Andrew Bartlett Signed-off-by: Andrew Tridgell --- source3/lib/util_seaccess.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'source3') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index af7ba24194..5fc450ec25 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -178,17 +178,13 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, bits_remaining)); } -#if 0 - /* We need to support SeSecurityPrivilege for this. */ - if (access_desired & SEC_FLAG_SYSTEM_SECURITY) { - if (user_has_privileges(token, &sec_security)) { + if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY; } else { return NT_STATUS_PRIVILEGE_NOT_HELD; } } -#endif /* a NULL dacl allows access */ if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) { @@ -205,6 +201,14 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, (security_token_has_privilege(token, SEC_PRIV_RESTORE))) { bits_remaining &= ~SEC_STD_DELETE; } + if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) && + security_token_has_privilege(token, SEC_PRIV_RESTORE)) { + bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE); + } + if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) && + security_token_has_privilege(token, SEC_PRIV_BACKUP)) { + bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP); + } if (sd->dacl == NULL) { goto done; -- cgit