git.samba.org / ira / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e222a34)
r4429: the owner of a file always gets SEC_STD_DELETE
authorAndrew Tridgell <tridge@samba.org>
Fri, 31 Dec 2004 03:55:37 +0000 (03:55 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:07:48 +0000 (13:07 -0500)
(This used to be commit 81630d3014c8cbd970bc917e3e9aef337fa211cd)

source4/libcli/security/access_check.c patch | blob | history

diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c
index 55749f085e01b1883be5b5a99def1582056032bb..632b9bdf325fc3755c84a93c36975bacf7157af1 100644 (file)
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -50,9 +50,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
        unsigned i;
        
        if (sid_active_in_token(sd->owner_sid, token)) {
-               granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL;
-       }
-       if (sec_privilege_check(token, SEC_PRIV_RESTORE)) {
+               granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE;
+       } else if (sec_privilege_check(token, SEC_PRIV_RESTORE)) {
                granted |= SEC_STD_DELETE;
        }
 
@@ -122,10 +121,10 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd,
                return NT_STATUS_ACCESS_DENIED;
        }
 
-       /* the owner always gets SEC_STD_WRITE_DAC & SEC_STD_READ_CONTROL */
-       if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL)) &&
+       /* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */
+       if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) &&
            sid_active_in_token(sd->owner_sid, token)) {
-               bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL);
+               bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE);
        }
        if ((bits_remaining & SEC_STD_DELETE) &&
            sec_privilege_check(token, SEC_PRIV_RESTORE)) {
Unnamed repository; edit this file 'description' to name the repository.