summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-01-12 21:06:09 -0800
committerJeremy Allison <jra@samba.org>2010-01-12 21:06:09 -0800
commit33ee8b5a4e390f9aa43cceeec137c0ed82171340 (patch)
treefc6031cb48ca183fcd08881a5567bf6ade6c4a49
parent105f876eb447e6839b9b19c2d264c4a168cf0cc9 (diff)
downloadsamba-33ee8b5a4e390f9aa43cceeec137c0ed82171340.tar.gz
samba-33ee8b5a4e390f9aa43cceeec137c0ed82171340.tar.bz2
samba-33ee8b5a4e390f9aa43cceeec137c0ed82171340.zip
Make file access control decisions a lot easier to debug (at level 10).
Jeremy.
-rw-r--r--source3/smbd/file_access.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 7d0a552956..631efce677 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -54,6 +54,17 @@ bool can_access_file_acl(struct connection_struct *conn,
status = se_access_check(secdesc, conn->server_info->ptok,
access_mask, &access_granted);
ret = NT_STATUS_IS_OK(status);
+
+ if (DEBUGLEVEL >= 10) {
+ DEBUG(10,("can_access_file_acl for file %s "
+ "access_mask 0x%x, access_granted 0x%x "
+ "access %s\n",
+ smb_fname_str_dbg(smb_fname),
+ (unsigned int)access_mask,
+ (unsigned int)access_granted,
+ ret ? "ALLOWED" : "DENIED" ));
+ NDR_PRINT_DEBUG(security_descriptor, secdesc);
+ }
out:
TALLOC_FREE(secdesc);
return ret;