diff options
author | Nadezhda Ivanova <nadezhda.ivanova@postpath.com> | 2009-11-03 12:27:43 +0200 |
---|---|---|
committer | Nadezhda Ivanova <nadezhda.ivanova@postpath.com> | 2009-11-03 12:43:51 +0200 |
commit | 0abfc90ac900f77aad33a748f3ee73f3b3483f7c (patch) | |
tree | 97b1969a11acd9c8203e3c6df3b37f4291f40a74 /source4 | |
parent | b067a5e4e83556d11a68ea1837ce4698762c123d (diff) | |
download | samba-0abfc90ac900f77aad33a748f3ee73f3b3483f7c.tar.gz samba-0abfc90ac900f77aad33a748f3ee73f3b3483f7c.tar.bz2 samba-0abfc90ac900f77aad33a748f3ee73f3b3483f7c.zip |
Fixed a bug in object specific access checks.
Diffstat (limited to 'source4')
-rw-r--r-- | source4/libcli/security/access_check.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index c974a39e29..fb78e0aa47 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -22,7 +22,6 @@ #include "includes.h" #include "libcli/security/security.h" - /* perform a SEC_FLAG_MAXIMUM_ALLOWED access check */ @@ -267,8 +266,11 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, if (!(node = get_object_tree_by_GUID(tree, type))) continue; - if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT){ + if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) { object_tree_modify_access(node, ace->access_mask); + if (node->remaining_access == 0) { + return NT_STATUS_OK; + } } else { if (node->remaining_access & ace->access_mask){ |