From 8631bf2bcc4ce79e2448a7463c8ea7a6b7695c4e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 30 Dec 2004 02:27:16 +0000 Subject: r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logic (This used to be commit e4ee8b776ba164a89afca43de20c166ccbfddb99) --- source4/libcli/security/access_check.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/libcli/security') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 4c8bb1bd1f..c8a546682a 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -59,6 +59,10 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, for (i = 0;idacl->num_aces; i++) { struct security_ace *ace = &sd->dacl->aces[i]; + if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { + continue; + } + if (!sid_active_in_token(&ace->trustee, token)) { continue; } -- cgit