Fixed a bug in object specific access checks.
authorNadezhda Ivanova <nadezhda.ivanova@postpath.com>
Tue, 3 Nov 2009 10:27:43 +0000 (12:27 +0200)
committerNadezhda Ivanova <nadezhda.ivanova@postpath.com>
Tue, 3 Nov 2009 10:43:51 +0000 (12:43 +0200)
source4/libcli/security/access_check.c

index c974a39e29c8c47f1e78d247b1d671df85bb6088..fb78e0aa47aff147ab9cf9763dce92b6ad590b3a 100644 (file)
@@ -22,7 +22,6 @@
 #include "includes.h"
 #include "libcli/security/security.h"
 
 #include "includes.h"
 #include "libcli/security/security.h"
 
-
 /*
   perform a SEC_FLAG_MAXIMUM_ALLOWED access check
 */
 /*
   perform a SEC_FLAG_MAXIMUM_ALLOWED access check
 */
@@ -267,8 +266,11 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
                                 if (!(node = get_object_tree_by_GUID(tree, type)))
                                         continue;
 
                                 if (!(node = get_object_tree_by_GUID(tree, type)))
                                         continue;
 
-                        if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT){
+                        if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
                                 object_tree_modify_access(node, ace->access_mask);
                                 object_tree_modify_access(node, ace->access_mask);
+                               if (node->remaining_access == 0) {
+                                       return NT_STATUS_OK;
+                               }
                         }
                         else {
                                 if (node->remaining_access & ace->access_mask){
                         }
                         else {
                                 if (node->remaining_access & ace->access_mask){