Make file access control decisions a lot easier to debug (at level 10).

author Jeremy Allison <jra@samba.org>

Wed, 13 Jan 2010 05:06:09 +0000 (21:06 -0800)

committer Jeremy Allison <jra@samba.org>

Wed, 13 Jan 2010 05:06:09 +0000 (21:06 -0800)
author Jeremy Allison <jra@samba.org>
Wed, 13 Jan 2010 05:06:09 +0000 (21:06 -0800)
committer Jeremy Allison <jra@samba.org>
Wed, 13 Jan 2010 05:06:09 +0000 (21:06 -0800)
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c

index 7d0a552956e508e7787764072d875a98929dc0ac..631efce677d8fb1028cd6673e9ae09cf5f967b3f 100644 (file)
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -54,6 +54,17 @@ bool can_access_file_acl(struct connection_struct *conn,
         status = se_access_check(secdesc, conn->server_info->ptok,
                                  access_mask, &access_granted);
         ret = NT_STATUS_IS_OK(status);
+
+       if (DEBUGLEVEL >= 10) {
+               DEBUG(10,("can_access_file_acl for file %s "
+                       "access_mask 0x%x, access_granted 0x%x "
+                       "access %s\n",
+                       smb_fname_str_dbg(smb_fname),
+                       (unsigned int)access_mask,
+                       (unsigned int)access_granted,
+                       ret ? "ALLOWED" : "DENIED" ));
+               NDR_PRINT_DEBUG(security_descriptor, secdesc);
+       }
   out:
         TALLOC_FREE(secdesc);
         return ret;
author	Jeremy Allison <jra@samba.org>
	Wed, 13 Jan 2010 05:06:09 +0000 (21:06 -0800)
committer	Jeremy Allison <jra@samba.org>
	Wed, 13 Jan 2010 05:06:09 +0000 (21:06 -0800)