From 0abfc90ac900f77aad33a748f3ee73f3b3483f7c Mon Sep 17 00:00:00 2001
From: Nadezhda Ivanova <nadezhda.ivanova@postpath.com>
Date: Tue, 3 Nov 2009 12:27:43 +0200
Subject: Fixed a bug in object specific access checks.

---
 source4/libcli/security/access_check.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'source4/libcli/security')

diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c
index c974a39e29..fb78e0aa47 100644
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -22,7 +22,6 @@
 #include "includes.h"
 #include "libcli/security/security.h"
 
-
 /*
   perform a SEC_FLAG_MAXIMUM_ALLOWED access check
 */
@@ -267,8 +266,11 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
                                 if (!(node = get_object_tree_by_GUID(tree, type)))
                                         continue;
 
-                        if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT){
+                        if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
                                 object_tree_modify_access(node, ace->access_mask);
+				if (node->remaining_access == 0) {
+					return NT_STATUS_OK;
+				}
                         }
                         else {
                                 if (node->remaining_access & ace->access_mask){
-- 
cgit