/* handle the maximum allowed flag */
if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
+ uint32_t orig_access_desired = access_desired;
+
access_desired |= access_check_max_allowed(sd, token);
access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED;
*access_granted = access_desired;
bits_remaining = access_desired & ~SEC_STD_DELETE;
+
+ DEBUG(10,("se_access_check: MAX desired = 0x%x, granted = 0x%x, remaining = 0x%x\n",
+ orig_access_desired,
+ *access_granted,
+ bits_remaining));
}
#if 0
fsp->access_mask,
&access_granted);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("open_acl_xattr: file %s open "
+ "refused with error %s\n",
+ fname,
+ nt_errstr(status) ));
errno = map_errno_from_nt_status(status);
return -1;
}
create_disposition, create_options, unx_mode,
oplock_request));
- if ((access_mask & FILE_READ_DATA)||(access_mask & FILE_WRITE_DATA)) {
- DEBUG(10, ("open_file_ntcreate: adding FILE_READ_ATTRIBUTES "
- "to requested access_mask 0x%x, new mask 0x%x",
- access_mask,
- access_mask | FILE_READ_ATTRIBUTES ));
-
- access_mask |= FILE_READ_ATTRIBUTES;
- }
-
if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
DEBUG(0, ("No smb request but not an internal only open!\n"));
return NT_STATUS_INTERNAL_ERROR;
}
access_mask = access_granted;
- /*
- * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
- */
- access_mask |= FILE_READ_ATTRIBUTES;
} else {
access_mask = FILE_GENERIC_ALL;
}
/* Record the options we were opened with. */
fsp->share_access = share_access;
fsp->fh->private_options = create_options;
- fsp->access_mask = access_mask;
+ /*
+ * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
+ */
+ fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
if (file_existed) {
/* stat opens on existing files don't get oplocks. */