From e42ded24a085a9bfaae0e4973b8dd52681b51a8a Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 29 May 2008 18:23:20 +1000
Subject: SEC_FILE_READ_ATTRIBUTE is only automatically granted on SMB, not
 SMB2 (This used to be commit 7bff0691428ed3f75c1a9cbaae692bc9830640e6)

---
 source4/ntvfs/posix/pvfs_acl.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'source4/ntvfs')

diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 507c22f050..089631a307 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -464,7 +464,11 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	*access_mask |= SEC_FILE_READ_ATTRIBUTE;
+	if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) {
+		/* on SMB, this bit is always granted, even if not
+		   asked for */
+		*access_mask |= SEC_FILE_READ_ATTRIBUTE;
+	}
 
 	return NT_STATUS_OK;
 }
@@ -518,8 +522,11 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
 	/* check the acl against the required access mask */
 	status = sec_access_check(sd, token, *access_mask, access_mask);
 
-	/* this bit is always granted, even if not asked for */
-	*access_mask |= SEC_FILE_READ_ATTRIBUTE;
+	if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) {
+		/* on SMB, this bit is always granted, even if not
+		   asked for */
+		*access_mask |= SEC_FILE_READ_ATTRIBUTE;
+	}
 
 	talloc_free(acl);
 	
-- 
cgit