diff options
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/util_seaccess.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 8b75a5f487..1716226272 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -47,7 +47,8 @@ static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) bits not yet granted. Zero means permission allowed (no more needed bits). **********************************************************************************/ -static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, uint32 *status) +static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, + NTSTATUS *status) { uint32 mask = ace->info.mask; @@ -106,7 +107,9 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, include other bits requested. **********************************************************************************/ -static BOOL get_max_access( SEC_ACL *the_acl, NT_USER_TOKEN *token, uint32 *granted, uint32 desired, uint32 *status) +static BOOL get_max_access( SEC_ACL *the_acl, NT_USER_TOKEN *token, uint32 *granted, + uint32 desired, + NTSTATUS *status) { uint32 acc_denied = 0; uint32 acc_granted = 0; @@ -202,7 +205,8 @@ void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping) *****************************************************************************/ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, - uint32 acc_desired, uint32 *acc_granted, uint32 *status) + uint32 acc_desired, uint32 *acc_granted, + NTSTATUS *status) { extern NT_USER_TOKEN anonymous_token; size_t i; @@ -263,7 +267,8 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, if (tmp_acc_desired & MAXIMUM_ALLOWED_ACCESS) { tmp_acc_desired &= ~MAXIMUM_ALLOWED_ACCESS; - return get_max_access( the_acl, token, acc_granted, tmp_acc_desired, status); + return get_max_access( the_acl, token, acc_granted, tmp_acc_desired, + status); } for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) { @@ -276,9 +281,9 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, (unsigned int)tmp_acc_desired )); tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status); - if (*status != NT_STATUS_NOPROBLEMO) { + if (NT_STATUS_V(*status)) { *acc_granted = 0; - DEBUG(5,("se_access_check: ACE %u denied with status %x.\n", (unsigned int)i, (unsigned int)*status )); + DEBUG(5,("se_access_check: ACE %u denied with status %s.\n", (unsigned int)i, get_nt_error_msg(*status))); return False; } } |