Pass all the non-inherited S4 RAW-ACL tests.

Jeremy.
author: Jeremy Allison <jra@samba.org> 2008-11-03 22:42:53 -0800
committer: Jeremy Allison <jra@samba.org> 2008-11-03 22:42:53 -0800
commit: 4f8fac1b8e1d185f732c32f20e3b7060e3835435 (patch)
tree: 3c44cae7836d9cf7819f25ab62118055d2e8ad80 /source3/lib/util_seaccess.c
parent: 31158c02568c28507a8a405328c457d144ac6829 (diff)
download: samba-4f8fac1b8e1d185f732c32f20e3b7060e3835435.tar.gz
samba-4f8fac1b8e1d185f732c32f20e3b7060e3835435.tar.bz2
samba-4f8fac1b8e1d185f732c32f20e3b7060e3835435.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index d7fdc9a8b9..fdc10f20ab 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -164,10 +164,17 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
 
 	/* handle the maximum allowed flag */
 	if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
+		uint32_t orig_access_desired = access_desired;
+
 		access_desired |= access_check_max_allowed(sd, token);
 		access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED;
 		*access_granted = access_desired;
 		bits_remaining = access_desired & ~SEC_STD_DELETE;
+
+		DEBUG(10,("se_access_check: MAX desired = 0x%x, granted = 0x%x, remaining = 0x%x\n",
+			orig_access_desired,
+			*access_granted,
+			bits_remaining));
 	}
 
 #if 0
author	Jeremy Allison <jra@samba.org>	2008-11-03 22:42:53 -0800
committer	Jeremy Allison <jra@samba.org>	2008-11-03 22:42:53 -0800
commit	4f8fac1b8e1d185f732c32f20e3b7060e3835435 (patch)
tree	3c44cae7836d9cf7819f25ab62118055d2e8ad80 /source3/lib/util_seaccess.c
parent	31158c02568c28507a8a405328c457d144ac6829 (diff)
download	samba-4f8fac1b8e1d185f732c32f20e3b7060e3835435.tar.gz samba-4f8fac1b8e1d185f732c32f20e3b7060e3835435.tar.bz2 samba-4f8fac1b8e1d185f732c32f20e3b7060e3835435.zip