summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNadezhda Ivanova <nadezhda.ivanova@postpath.com>2009-11-03 12:27:43 +0200
committerNadezhda Ivanova <nadezhda.ivanova@postpath.com>2009-11-03 12:43:51 +0200
commit0abfc90ac900f77aad33a748f3ee73f3b3483f7c (patch)
tree97b1969a11acd9c8203e3c6df3b37f4291f40a74
parentb067a5e4e83556d11a68ea1837ce4698762c123d (diff)
downloadsamba-0abfc90ac900f77aad33a748f3ee73f3b3483f7c.tar.gz
samba-0abfc90ac900f77aad33a748f3ee73f3b3483f7c.tar.bz2
samba-0abfc90ac900f77aad33a748f3ee73f3b3483f7c.zip
Fixed a bug in object specific access checks.
-rw-r--r--source4/libcli/security/access_check.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c
index c974a39e29..fb78e0aa47 100644
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -22,7 +22,6 @@
#include "includes.h"
#include "libcli/security/security.h"
-
/*
perform a SEC_FLAG_MAXIMUM_ALLOWED access check
*/
@@ -267,8 +266,11 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
if (!(node = get_object_tree_by_GUID(tree, type)))
continue;
- if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT){
+ if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
object_tree_modify_access(node, ace->access_mask);
+ if (node->remaining_access == 0) {
+ return NT_STATUS_OK;
+ }
}
else {
if (node->remaining_access & ace->access_mask){