security: ensure the merge of libcli/security doesn't change s3 behaviour
authorAndrew Tridgell <tridge@samba.org>
Thu, 14 Oct 2010 02:32:17 +0000 (13:32 +1100)
committerAndrew Tridgell <tridge@samba.org>
Thu, 14 Oct 2010 03:16:41 +0000 (03:16 +0000)
Jeremy, you put a #if 0 around this logic in this commit:

  8344e945 (Jeremy Allison    2008-10-31 10:51:45 -0700 181)

is this still needed?

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Oct 14 03:16:41 UTC 2010 on sn-devel-104

libcli/security/access_check.c

index e7c48cae0859dc7234c3d41a4d869d9ed305a23c..35ee05716ec5906ba2d6fe411274b0cfa27b5a6f 100644 (file)
@@ -179,6 +179,10 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
                        bits_remaining));
        }
 
+#if (_SAMBA_BUILD_ >= 4)
+       /* s3 had this with #if 0 previously. To be sure the merge
+          doesn't change any behaviour, we have the above #if check
+          on _SAMBA_BUILD_. */
        if (access_desired & SEC_FLAG_SYSTEM_SECURITY) {
                if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
                        bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY;
@@ -186,6 +190,7 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
                        return NT_STATUS_PRIVILEGE_NOT_HELD;
                }
        }
+#endif
 
        /* a NULL dacl allows access */
        if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {