diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-12-30 02:27:16 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:07:43 -0500 |
commit | 8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e (patch) | |
tree | b3e03d38f46010c6fde1fd6267ded9be0cd9a7e7 /source4/libcli/security | |
parent | abe22d0351955adb1ad7c304d45b9539d202aadb (diff) | |
download | samba-8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e.tar.gz samba-8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e.tar.bz2 samba-8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e.zip |
r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logic
(This used to be commit e4ee8b776ba164a89afca43de20c166ccbfddb99)
Diffstat (limited to 'source4/libcli/security')
-rw-r--r-- | source4/libcli/security/access_check.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 4c8bb1bd1f..c8a546682a 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -59,6 +59,10 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, for (i = 0;i<sd->dacl->num_aces; i++) { struct security_ace *ace = &sd->dacl->aces[i]; + if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { + continue; + } + if (!sid_active_in_token(&ace->trustee, token)) { continue; } |