From a696713b43a0da1d9a224201d0803f5d4d7e2a99 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 31 Dec 2004 03:55:37 +0000
Subject: r4429: the owner of a file always gets SEC_STD_DELETE (This used to
 be commit 81630d3014c8cbd970bc917e3e9aef337fa211cd)

---
 source4/libcli/security/access_check.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'source4/libcli/security')

diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c
index 55749f085e..632b9bdf32 100644
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -50,9 +50,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
 	unsigned i;
 	
 	if (sid_active_in_token(sd->owner_sid, token)) {
-		granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL;
-	}
-	if (sec_privilege_check(token, SEC_PRIV_RESTORE)) {
+		granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE;
+	} else if (sec_privilege_check(token, SEC_PRIV_RESTORE)) {
 		granted |= SEC_STD_DELETE;
 	}
 
@@ -122,10 +121,10 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd,
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	/* the owner always gets SEC_STD_WRITE_DAC & SEC_STD_READ_CONTROL */
-	if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL)) &&
+	/* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */
+	if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) &&
 	    sid_active_in_token(sd->owner_sid, token)) {
-		bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL);
+		bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE);
 	}
 	if ((bits_remaining & SEC_STD_DELETE) &&
 	    sec_privilege_check(token, SEC_PRIV_RESTORE)) {
-- 
cgit