summaryrefslogtreecommitdiff
path: root/source4/ntvfs/posix
diff options
context:
space:
mode:
Diffstat (limited to 'source4/ntvfs/posix')
-rw-r--r--source4/ntvfs/posix/pvfs_acl.c23
1 files changed, 12 insertions, 11 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 842aced6f2..5931a38f2e 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -659,14 +659,10 @@ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs,
}
status = pvfs_resolve_parent(pvfs, req, name, &parent);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ NT_STATUS_NOT_OK_RETURN(status);
status = pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ NT_STATUS_NOT_OK_RETURN(status);
if (*sd == NULL) {
status = pvfs_acl_inherited_sd(pvfs, req, req, parent, container, sd);
@@ -679,14 +675,19 @@ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs,
/* expand the generic access bits to file specific bits */
*access_mask = pvfs_translate_mask(*access_mask);
- if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) {
- *access_mask &= ~SEC_FILE_READ_ATTRIBUTE;
+
+ if (*access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
+ *access_mask |= SEC_RIGHTS_FILE_ALL;
+ *access_mask &= ~SEC_FLAG_MAXIMUM_ALLOWED;
}
- if (*sd == NULL) {
- return pvfs_access_check_unix(pvfs, req, NULL, access_mask);
+ if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) {
+ /* on SMB, this bit is always granted, even if not
+ asked for */
+ *access_mask |= SEC_FILE_READ_ATTRIBUTE;
}
- return sec_access_check(*sd, token, *access_mask, access_mask);
+
+ return NT_STATUS_OK;
}
/*