Fix bug #9674 - Samba denies owner Read Control when there is a DENY entry while W2K08 does not.

Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Feb 23 19:28:15 CET 2013 on sn-devel-104
author: Richard Sharpe <rsharpe@samba.org> 2013-02-23 08:41:27 -0800
committer: Jeremy Allison <jra@samba.org> 2013-02-23 19:28:15 +0100
commit: 3e5acc155bb7be5c531a4a35b16e040f71f628ac (patch)
tree: ce72a542002a639640ed839ea231373185afd421 /libcli/security
parent: 36da56ec51ecf03458fd85741ae248b49cf0d592 (diff)
download: samba-3e5acc155bb7be5c531a4a35b16e040f71f628ac.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 936ffca242e..2425e8a5aaf 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -243,6 +243,9 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
 		}
 	}
 
+	/* Explicitly denied bits always override */
+	bits_remaining |= explicitly_denied_bits;
+
 	/* The owner always gets owner rights as defined above. */
 	if (security_token_has_sid(token, sd->owner_sid)) {
 		if (owner_rights_default) {
@@ -258,9 +261,6 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
 		}
 	}
 
-	/* Explicitly denied bits always override */
-	bits_remaining |= explicitly_denied_bits;
-
 	/*
 	 * We check privileges here because they override even DENY entries.
 	 */
author	Richard Sharpe <rsharpe@samba.org>	2013-02-23 08:41:27 -0800
committer	Jeremy Allison <jra@samba.org>	2013-02-23 19:28:15 +0100
commit	3e5acc155bb7be5c531a4a35b16e040f71f628ac (patch)
tree	ce72a542002a639640ed839ea231373185afd421 /libcli/security
parent	36da56ec51ecf03458fd85741ae248b49cf0d592 (diff)
download	samba-3e5acc155bb7be5c531a4a35b16e040f71f628ac.tar.gz