s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masks

author: Andrew Tridgell <tridge@samba.org> 2009-10-17 09:09:19 +1100
committer: Andrew Tridgell <tridge@samba.org> 2009-10-17 13:01:03 +1100
commit: c3b09d18a8bad730fce1d01531ea7684a5c105e1 (patch)
tree: d48de4e7df885dce013014bca8cfd5489fa61694 /source4/libcli/security
parent: 53dec869b83c55122e2cde6274ba6ebe328e12c1 (diff)
download: samba-c3b09d18a8bad730fce1d01531ea7684a5c105e1.tar.gz
samba-c3b09d18a8bad730fce1d01531ea7684a5c105e1.tar.xz
samba-c3b09d18a8bad730fce1d01531ea7684a5c105e1.zip
1 files changed, 2 insertions, 6 deletions
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c
index 4bede15def5..954c54c38b8 100644
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -34,12 +34,8 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
 	
 	if (security_token_has_sid(token, sd->owner_sid)) {
 		granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE;
-	}
-	if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
-		granted |= SEC_RIGHTS_PRIV_RESTORE;
-	}
-	if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
-		granted |= SEC_RIGHTS_PRIV_BACKUP;
+	} else if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
+		granted |= SEC_STD_DELETE;
 	}
 
 	if (sd->dacl == NULL) {
author	Andrew Tridgell <tridge@samba.org>	2009-10-17 09:09:19 +1100
committer	Andrew Tridgell <tridge@samba.org>	2009-10-17 13:01:03 +1100
commit	c3b09d18a8bad730fce1d01531ea7684a5c105e1 (patch)
tree	d48de4e7df885dce013014bca8cfd5489fa61694 /source4/libcli/security
parent	53dec869b83c55122e2cde6274ba6ebe328e12c1 (diff)
download	samba-c3b09d18a8bad730fce1d01531ea7684a5c105e1.tar.gz samba-c3b09d18a8bad730fce1d01531ea7684a5c105e1.tar.xz samba-c3b09d18a8bad730fce1d01531ea7684a5c105e1.zip