From 40a6e019fdb9ed3d736883b7ba349a976f215208 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 14 Oct 2010 13:32:17 +1100 Subject: security: ensure the merge of libcli/security doesn't change s3 behaviour Jeremy, you put a #if 0 around this logic in this commit: 8344e945 (Jeremy Allison 2008-10-31 10:51:45 -0700 181) is this still needed? Pair-Programmed-With: Andrew Bartlett Autobuild-User: Andrew Tridgell Autobuild-Date: Thu Oct 14 03:16:41 UTC 2010 on sn-devel-104 --- libcli/security/access_check.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c index e7c48cae08..35ee05716e 100644 --- a/libcli/security/access_check.c +++ b/libcli/security/access_check.c @@ -179,6 +179,10 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, bits_remaining)); } +#if (_SAMBA_BUILD_ >= 4) + /* s3 had this with #if 0 previously. To be sure the merge + doesn't change any behaviour, we have the above #if check + on _SAMBA_BUILD_. */ if (access_desired & SEC_FLAG_SYSTEM_SECURITY) { if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY; @@ -186,6 +190,7 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, return NT_STATUS_PRIVILEGE_NOT_HELD; } } +#endif /* a NULL dacl allows access */ if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) { -- cgit