return status;
}
- /* We need to support SeSecurityPrivilege for this. */
- if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
+ if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &
+ !security_token_has_privilege(get_current_nttok(conn),
+ SEC_PRIV_SECURITY)) {
DEBUG(10, ("open_directory: open on %s "
"failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
smb_fname_str_dbg(smb_dname)));
goto fail;
}
-#if 0
- /* We need to support SeSecurityPrivilege for this. */
if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
- !user_has_privileges(current_user.nt_user_token,
- &se_security)) {
- status = NT_STATUS_PRIVILEGE_NOT_HELD;
- goto fail;
- }
-#else
- /* We need to support SeSecurityPrivilege for this. */
- if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
- status = NT_STATUS_PRIVILEGE_NOT_HELD;
- goto fail;
- }
- /* Don't allow a SACL set from an NTtrans create until we
- * support SeSecurityPrivilege. */
- if (!VALID_STAT(smb_fname->st) &&
- lp_nt_acl_support(SNUM(conn)) &&
- sd && (sd->sacl != NULL)) {
+ !security_token_has_privilege(get_current_nttok(conn),
+ SEC_PRIV_SECURITY)) {
+ DEBUG(10, ("create_file_unixpath: open on %s "
+ "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
+ smb_fname_str_dbg(smb_fname)));
status = NT_STATUS_PRIVILEGE_NOT_HELD;
goto fail;
}
-#endif
if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
&& is_ntfs_stream_smb_fname(smb_fname)
git.samba.org / metze / samba / wip.git / blobdiff