From 65e31a965ee6514610ec0d4ca52a5cd8772c5254 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 27 May 2008 14:59:55 +1000
Subject: make the SEC_STD_SYNCHRONIZE test more specific (This used to be
 commit 8c263f91bda97eb910c8589b6cd987ec4a62d770)

---
 source4/ntvfs/posix/pvfs_open.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 739c127b98..cfa88b6baa 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -1155,13 +1155,16 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
+	/* what does this bit really mean?? */
 	if (req->ctx->protocol == PROTOCOL_SMB2 &&
-	    (access_mask & SEC_STD_SYNCHRONIZE)) {
+	    (access_mask & SEC_STD_SYNCHRONIZE) &&
+	    !(access_mask & SEC_STD_READ_CONTROL)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	if (io->ntcreatex.in.file_attr & (FILE_ATTRIBUTE_DEVICE|
-					  FILE_ATTRIBUTE_VOLUME)) {
+					  FILE_ATTRIBUTE_VOLUME| 
+					  (~FILE_ATTRIBUTE_ALL_MASK))) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-- 
cgit