summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-10-14 13:32:17 +1100
committerAndrew Tridgell <tridge@samba.org>2010-10-14 03:16:41 +0000
commit40a6e019fdb9ed3d736883b7ba349a976f215208 (patch)
tree8b83bf8669a19b918155c8c852b5c7baf256826c
parentf7ffc12e2d43bd2dddb0a29eb778ff69a6b2802d (diff)
downloadsamba-40a6e019fdb9ed3d736883b7ba349a976f215208.tar.gz
samba-40a6e019fdb9ed3d736883b7ba349a976f215208.tar.bz2
samba-40a6e019fdb9ed3d736883b7ba349a976f215208.zip
security: ensure the merge of libcli/security doesn't change s3 behaviour
Jeremy, you put a #if 0 around this logic in this commit: 8344e945 (Jeremy Allison 2008-10-31 10:51:45 -0700 181) is this still needed? Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Oct 14 03:16:41 UTC 2010 on sn-devel-104
-rw-r--r--libcli/security/access_check.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index e7c48cae08..35ee05716e 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -179,6 +179,10 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
bits_remaining));
}
+#if (_SAMBA_BUILD_ >= 4)
+ /* s3 had this with #if 0 previously. To be sure the merge
+ doesn't change any behaviour, we have the above #if check
+ on _SAMBA_BUILD_. */
if (access_desired & SEC_FLAG_SYSTEM_SECURITY) {
if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY;
@@ -186,6 +190,7 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
return NT_STATUS_PRIVILEGE_NOT_HELD;
}
}
+#endif
/* a NULL dacl allows access */
if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {