summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-12-30 02:27:16 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:07:43 -0500
commit8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e (patch)
treeb3e03d38f46010c6fde1fd6267ded9be0cd9a7e7
parentabe22d0351955adb1ad7c304d45b9539d202aadb (diff)
downloadsamba-8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e.tar.gz
samba-8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e.tar.bz2
samba-8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e.zip
r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logic
(This used to be commit e4ee8b776ba164a89afca43de20c166ccbfddb99)
-rw-r--r--source4/libcli/security/access_check.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c
index 4c8bb1bd1f..c8a546682a 100644
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -59,6 +59,10 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
for (i = 0;i<sd->dacl->num_aces; i++) {
struct security_ace *ace = &sd->dacl->aces[i];
+ if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+ continue;
+ }
+
if (!sid_active_in_token(&ace->trustee, token)) {
continue;
}