Changeset 599 for trunk/server/source3/lib/util_seaccess.c
- Timestamp:
- Jul 6, 2011, 8:21:13 PM (14 years ago)
- File:
-
- 1 edited
-
trunk/server/source3/lib/util_seaccess.c (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server/source3/lib/util_seaccess.c
r596 r599 113 113 114 114 if (is_sid_in_token(token, sd->owner_sid)) { 115 granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; 116 } else if (user_has_privileges(token, &se_restore)) { 117 granted |= SEC_STD_DELETE; 115 granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL; 118 116 } 119 117 … … 172 170 access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED; 173 171 *access_granted = access_desired; 174 bits_remaining = access_desired & ~SEC_STD_DELETE;172 bits_remaining = access_desired; 175 173 176 174 DEBUG(10,("se_access_check: MAX desired = 0x%x, granted = 0x%x, remaining = 0x%x\n", … … 188 186 } 189 187 188 189 190 191 192 193 194 195 196 197 190 198 /* a NULL dacl allows access */ 191 199 if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) { 192 200 *access_granted = access_desired; 193 201 return NT_STATUS_OK; 194 }195 196 /* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */197 if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) &&198 is_sid_in_token(token, sd->owner_sid)) {199 bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE);200 }201 if ((bits_remaining & SEC_STD_DELETE) &&202 user_has_privileges(token, &se_restore)) {203 bits_remaining &= ~SEC_STD_DELETE;204 202 } 205 203
Note:
See TracChangeset
for help on using the changeset viewer.
