From c3b09d18a8bad730fce1d01531ea7684a5c105e1 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 17 Oct 2009 09:09:19 +1100
Subject: s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access
 masks

---
 source4/libcli/security/access_check.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

(limited to 'source4/libcli/security')

diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c
index 4bede15def..954c54c38b 100644
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -34,12 +34,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
 	
 	if (security_token_has_sid(token, sd->owner_sid)) {
 		granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE;
-	}
-	if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
-		granted |= SEC_RIGHTS_PRIV_RESTORE;
-	}
-	if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
-		granted |= SEC_RIGHTS_PRIV_BACKUP;
+	} else if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
+		granted |= SEC_STD_DELETE;
 	}
 
 	if (sd->dacl == NULL) {
-- 
cgit