SEC_FILE_READ_ATTRIBUTE is only automatically granted on SMB, not SMB2

author Andrew Tridgell <tridge@samba.org>

Thu, 29 May 2008 08:23:20 +0000 (18:23 +1000)

committer Andrew Tridgell <tridge@samba.org>

Thu, 29 May 2008 08:23:20 +0000 (18:23 +1000)
author Andrew Tridgell <tridge@samba.org>
Thu, 29 May 2008 08:23:20 +0000 (18:23 +1000)
committer Andrew Tridgell <tridge@samba.org>
Thu, 29 May 2008 08:23:20 +0000 (18:23 +1000)
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c

index 507c22f05026845d8b92859e243e5ca13e93a849..089631a30738f1e516963f367fc05b7b544bd8d8 100644 (file)
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -464,7 +464,11 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
                 return NT_STATUS_ACCESS_DENIED;
         }
  
-       *access_mask |= SEC_FILE_READ_ATTRIBUTE;
+       if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) {
+               /* on SMB, this bit is always granted, even if not
+                  asked for */
+               *access_mask |= SEC_FILE_READ_ATTRIBUTE;
+       }
  
         return NT_STATUS_OK;
  }
@@ -518,8 +522,11 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
         /* check the acl against the required access mask */
         status = sec_access_check(sd, token, *access_mask, access_mask);
  
-       /* this bit is always granted, even if not asked for */
-       *access_mask |= SEC_FILE_READ_ATTRIBUTE;
+       if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) {
+               /* on SMB, this bit is always granted, even if not
+                  asked for */
+               *access_mask |= SEC_FILE_READ_ATTRIBUTE;
+       }
  
         talloc_free(acl);
author	Andrew Tridgell <tridge@samba.org>
	Thu, 29 May 2008 08:23:20 +0000 (18:23 +1000)
committer	Andrew Tridgell <tridge@samba.org>
	Thu, 29 May 2008 08:23:20 +0000 (18:23 +1000)