git.samba.org / sfrench / samba-autobuild / .git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_ds
[sfrench/samba-autobuild/.git] / libcli / security / access_check.c
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 2425e8a5aaf95554dcf38db7e2d1485428825164..2be59289347a7bf126bb00c4371bfef187729891 100644 (file)
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -436,14 +436,10 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
                bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL);
        }
 
-       /* TODO: remove this, as it is file server specific */
-       if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) &&
-           security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
-               bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE);
-       }
-       if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) &&
-           security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
-               bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
+       /* SEC_PRIV_TAKE_OWNERSHIP grants SEC_STD_WRITE_OWNER */
+       if ((bits_remaining & (SEC_STD_WRITE_OWNER)) &&
+           security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
+               bits_remaining &= ~(SEC_STD_WRITE_OWNER);
        }
 
        /* a NULL dacl allows access */
Unnamed repository; edit this file 'description' to name the repository.