r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logic

(This used to be commit e4ee8b776ba164a89afca43de20c166ccbfddb99)
author: Andrew Tridgell <tridge@samba.org> 2004-12-30 02:27:16 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 13:07:43 -0500
commit: 8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e (patch)
tree: b3e03d38f46010c6fde1fd6267ded9be0cd9a7e7 /source4/libcli/security
parent: abe22d0351955adb1ad7c304d45b9539d202aadb (diff)
download: samba-8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e.tar.gz
samba-8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e.tar.bz2
samba-8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c
index 4c8bb1bd1f..c8a546682a 100644
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -59,6 +59,10 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
 	for (i = 0;i<sd->dacl->num_aces; i++) {
 		struct security_ace *ace = &sd->dacl->aces[i];
 
+		if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+			continue;
+		}
+
 		if (!sid_active_in_token(&ace->trustee, token)) {
 			continue;
 		}
author	Andrew Tridgell <tridge@samba.org>	2004-12-30 02:27:16 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 13:07:43 -0500
commit	8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e (patch)
tree	b3e03d38f46010c6fde1fd6267ded9be0cd9a7e7 /source4/libcli/security
parent	abe22d0351955adb1ad7c304d45b9539d202aadb (diff)
download	samba-8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e.tar.gz samba-8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e.tar.bz2 samba-8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e.zip