From 8160cd1595520719268d20f2a17fd25c72bed4c9 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 28 Oct 2008 17:10:51 +0100
Subject: s4: libcli/security: a NULL DACL allows access

This fixes bug 4284.

metze
---
 source4/libcli/security/access_check.c | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

(limited to 'source4/libcli')

diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c
index d5a0a13445..af6a3d6fb3 100644
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -99,21 +99,12 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd,
 		}
 	}
 
-	/* dacl not present allows access */
-	if (!(sd->type & SEC_DESC_DACL_PRESENT)) {
+	/* a NULL dacl allows access */
+	if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
 		*access_granted = access_desired;
 		return NT_STATUS_OK;
 	}
 
-#if 0
-	/* tridge: previously we had empty dacl denying access, but
-	   that can lead to undeletable directories, where
-	   nobody can change the ACL on a directory */
-	if (sd->dacl == NULL || sd->dacl->num_aces == 0) {
-		return NT_STATUS_ACCESS_DENIED;
-	}
-#endif
-
 	/* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */
 	if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) &&
 	    security_token_has_sid(token, sd->owner_sid)) {
-- 
cgit