From cc869963e8db57ac4048c3a4bc9f943582574c99 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 27 Jan 2005 23:22:12 +0000
Subject: r5050: make sure we translate the generic to the specific bits before
 doing a pvfs_access_check_unix().

Fixes a problem with the cifsfs filesystem
(This used to be commit 8ebc61a2297176515d767ef0f67ec912293ab905)
---
 source4/ntvfs/posix/pvfs_acl.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'source4/ntvfs')

diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index c2856ad292..258d4e5bcb 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -372,6 +372,10 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	/* expand the generic access bits to file specific bits */
+	*access_mask = pvfs_translate_mask(*access_mask);
+	*access_mask &= ~SEC_FILE_READ_ATTRIBUTE;
+
 	status = pvfs_acl_load(pvfs, name, -1, acl);
 	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
 		talloc_free(acl);
@@ -389,11 +393,6 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
 		return NT_STATUS_INVALID_ACL;
 	}
 
-	/* expand the generic access bits to file specific bits */
-	*access_mask = pvfs_translate_mask(*access_mask);
-
-	*access_mask &= ~SEC_FILE_READ_ATTRIBUTE;
-
 	/* check the acl against the required access mask */
 	status = sec_access_check(sd, token, *access_mask, access_mask);
 
-- 
cgit