From 3e5acc155bb7be5c531a4a35b16e040f71f628ac Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Sat, 23 Feb 2013 08:41:27 -0800 Subject: Fix bug #9674 - Samba denies owner Read Control when there is a DENY entry while W2K08 does not. Signed-off-by: Richard Sharpe Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sat Feb 23 19:28:15 CET 2013 on sn-devel-104 --- libcli/security/access_check.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c index 936ffca242..2425e8a5aa 100644 --- a/libcli/security/access_check.c +++ b/libcli/security/access_check.c @@ -243,6 +243,9 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, } } + /* Explicitly denied bits always override */ + bits_remaining |= explicitly_denied_bits; + /* The owner always gets owner rights as defined above. */ if (security_token_has_sid(token, sd->owner_sid)) { if (owner_rights_default) { @@ -258,9 +261,6 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, } } - /* Explicitly denied bits always override */ - bits_remaining |= explicitly_denied_bits; - /* * We check privileges here because they override even DENY entries. */ -- cgit