r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logic

author Andrew Tridgell <tridge@samba.org>

Thu, 30 Dec 2004 02:27:16 +0000 (02:27 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 18:07:43 +0000 (13:07 -0500)
author Andrew Tridgell <tridge@samba.org>
Thu, 30 Dec 2004 02:27:16 +0000 (02:27 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:07:43 +0000 (13:07 -0500)
diff --git a/source/libcli/security/access_check.c b/source/libcli/security/access_check.c

index 4c8bb1bd1fef8084ff99cd8099c99ece2dc4b65a..c8a546682a8c74fd7f18b4aaaa73e896938753d3 100644 (file)
--- a/source/libcli/security/access_check.c
+++ b/source/libcli/security/access_check.c
@@ -59,6 +59,10 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
         for (i = 0;i<sd->dacl->num_aces; i++) {
                 struct security_ace *ace = &sd->dacl->aces[i];
  
+               if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+                       continue;
+               }
+
                 if (!sid_active_in_token(&ace->trustee, token)) {
                         continue;
                 }
author	Andrew Tridgell <tridge@samba.org>
	Thu, 30 Dec 2004 02:27:16 +0000 (02:27 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 18:07:43 +0000 (13:07 -0500)