From e42ded24a085a9bfaae0e4973b8dd52681b51a8a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 29 May 2008 18:23:20 +1000 Subject: SEC_FILE_READ_ATTRIBUTE is only automatically granted on SMB, not SMB2 (This used to be commit 7bff0691428ed3f75c1a9cbaae692bc9830640e6) --- source4/ntvfs/posix/pvfs_acl.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'source4/ntvfs') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 507c22f050..089631a307 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -464,7 +464,11 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, return NT_STATUS_ACCESS_DENIED; } - *access_mask |= SEC_FILE_READ_ATTRIBUTE; + if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) { + /* on SMB, this bit is always granted, even if not + asked for */ + *access_mask |= SEC_FILE_READ_ATTRIBUTE; + } return NT_STATUS_OK; } @@ -518,8 +522,11 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, /* check the acl against the required access mask */ status = sec_access_check(sd, token, *access_mask, access_mask); - /* this bit is always granted, even if not asked for */ - *access_mask |= SEC_FILE_READ_ATTRIBUTE; + if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) { + /* on SMB, this bit is always granted, even if not + asked for */ + *access_mask |= SEC_FILE_READ_ATTRIBUTE; + } talloc_free(acl); -- cgit