From 33ee8b5a4e390f9aa43cceeec137c0ed82171340 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 12 Jan 2010 21:06:09 -0800
Subject: Make file access control decisions a lot easier to debug (at level
 10).

Jeremy.
---
 source3/smbd/file_access.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'source3/smbd/file_access.c')

diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 7d0a552956..631efce677 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -54,6 +54,17 @@ bool can_access_file_acl(struct connection_struct *conn,
 	status = se_access_check(secdesc, conn->server_info->ptok,
 				 access_mask, &access_granted);
 	ret = NT_STATUS_IS_OK(status);
+
+	if (DEBUGLEVEL >= 10) {
+		DEBUG(10,("can_access_file_acl for file %s "
+			"access_mask 0x%x, access_granted 0x%x "
+			"access %s\n",
+			smb_fname_str_dbg(smb_fname),
+			(unsigned int)access_mask,
+			(unsigned int)access_granted,
+			ret ? "ALLOWED" : "DENIED" ));
+		NDR_PRINT_DEBUG(security_descriptor, secdesc);
+	}
  out:
 	TALLOC_FREE(secdesc);
 	return ret;
-- 
cgit