SEC_ACE_TYPE_ values are not flags, so this comparison does not behave
as intended. Modify the check to more closely match the comment.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
struct security_ace *ace;
/* Don't add the allow for SID_BUILTIN_PREW2K */
- if (!(ds_sd->dacl->aces[i].type & SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) &&
+ if ((ds_sd->dacl->aces[i].type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
+ ds_sd->dacl->aces[i].type == SEC_ACE_TYPE_ACCESS_ALLOWED) &&
strcmp(trustee, SID_BUILTIN_PREW2K) == 0) {
talloc_free(trustee);
continue;