Fixed a bug in object specific access checks.

author Nadezhda Ivanova <nadezhda.ivanova@postpath.com>

Tue, 3 Nov 2009 10:27:43 +0000 (12:27 +0200)

committer Nadezhda Ivanova <nadezhda.ivanova@postpath.com>

Tue, 3 Nov 2009 10:43:51 +0000 (12:43 +0200)
author Nadezhda Ivanova <nadezhda.ivanova@postpath.com>
Tue, 3 Nov 2009 10:27:43 +0000 (12:27 +0200)
committer Nadezhda Ivanova <nadezhda.ivanova@postpath.com>
Tue, 3 Nov 2009 10:43:51 +0000 (12:43 +0200)
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c

index c974a39e29c8c47f1e78d247b1d671df85bb6088..fb78e0aa47aff147ab9cf9763dce92b6ad590b3a 100644 (file)
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -22,7 +22,6 @@
  #include "includes.h"
  #include "libcli/security/security.h"
  
-
  /*
    perform a SEC_FLAG_MAXIMUM_ALLOWED access check
  */
@@ -267,8 +266,11 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
                                  if (!(node = get_object_tree_by_GUID(tree, type)))
                                          continue;
  
-                        if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT){
+                        if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
                                  object_tree_modify_access(node, ace->access_mask);
+                               if (node->remaining_access == 0) {
+                                       return NT_STATUS_OK;
+                               }
                          }
                          else {
                                  if (node->remaining_access & ace->access_mask){
author	Nadezhda Ivanova <nadezhda.ivanova@postpath.com>
	Tue, 3 Nov 2009 10:27:43 +0000 (12:27 +0200)
committer	Nadezhda Ivanova <nadezhda.ivanova@postpath.com>
	Tue, 3 Nov 2009 10:43:51 +0000 (12:43 +0200)