Fix bug #9674 - Samba denies owner Read Control when there is a DENY entry while...

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 23 19:28:15 CET 2013 on sn-devel-104

diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 936ffca242e6b6e7682f97dc3815e54715ee8fe9..2425e8a5aaf95554dcf38db7e2d1485428825164 100644 (file)
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -243,6 +243,9 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
                }
        }
 
+       /* Explicitly denied bits always override */
+       bits_remaining |= explicitly_denied_bits;
+
        /* The owner always gets owner rights as defined above. */
        if (security_token_has_sid(token, sd->owner_sid)) {
                if (owner_rights_default) {
@@ -258,9 +261,6 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
                }
        }
 
-       /* Explicitly denied bits always override */
-       bits_remaining |= explicitly_denied_bits;
-
        /*
         * We check privileges here because they override even DENY entries.
         */