diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2008-05-30 07:55:29 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2008-05-30 07:55:29 +1000 |
| commit | 437ca061077e77c3781db49243f0b3a290e8682d (patch) | |
| tree | ae4a697cbc889c95cab16f7a6e169065d00b0b64 /source4/ntvfs/posix/pvfs_acl.c | |
| parent | 0613d0b2184319146697f817809d2fa9916f7ac5 (diff) | |
| parent | 931d3d8fc5d9aa8ccb16018179fafa35968bb967 (diff) | |
| download | samba-437ca061077e77c3781db49243f0b3a290e8682d.tar.gz samba-437ca061077e77c3781db49243f0b3a290e8682d.tar.bz2 samba-437ca061077e77c3781db49243f0b3a290e8682d.zip | |
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
(This used to be commit cd10b381765f9146f22f5cf23f0ef5f6a65e804d)
Diffstat (limited to 'source4/ntvfs/posix/pvfs_acl.c')
| -rw-r--r-- | source4/ntvfs/posix/pvfs_acl.c | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 507c22f050..9a9200e4f0 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -464,7 +464,11 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, return NT_STATUS_ACCESS_DENIED; } - *access_mask |= SEC_FILE_READ_ATTRIBUTE; + if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) { + /* on SMB, this bit is always granted, even if not + asked for */ + *access_mask |= SEC_FILE_READ_ATTRIBUTE; + } return NT_STATUS_OK; } @@ -496,7 +500,9 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, /* expand the generic access bits to file specific bits */ *access_mask = pvfs_translate_mask(*access_mask); - *access_mask &= ~SEC_FILE_READ_ATTRIBUTE; + if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) { + *access_mask &= ~SEC_FILE_READ_ATTRIBUTE; + } status = pvfs_acl_load(pvfs, name, -1, acl); if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { @@ -518,8 +524,11 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, /* check the acl against the required access mask */ status = sec_access_check(sd, token, *access_mask, access_mask); - /* this bit is always granted, even if not asked for */ - *access_mask |= SEC_FILE_READ_ATTRIBUTE; + if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) { + /* on SMB, this bit is always granted, even if not + asked for */ + *access_mask |= SEC_FILE_READ_ATTRIBUTE; + } talloc_free(acl); @@ -800,3 +809,15 @@ NTSTATUS pvfs_acl_inherit(struct pvfs_state *pvfs, return status; } + +/* + return the maximum allowed access mask +*/ +NTSTATUS pvfs_access_maximal_allowed(struct pvfs_state *pvfs, + struct ntvfs_request *req, + struct pvfs_filename *name, + uint32_t *maximal_access) +{ + *maximal_access = SEC_FLAG_MAXIMUM_ALLOWED; + return pvfs_access_check(pvfs, req, name, maximal_access); +} |