make the SEC_STD_SYNCHRONIZE test more specific

author Andrew Tridgell <tridge@samba.org>

Tue, 27 May 2008 04:59:55 +0000 (14:59 +1000)

committer Andrew Tridgell <tridge@samba.org>

Tue, 27 May 2008 04:59:55 +0000 (14:59 +1000)
author Andrew Tridgell <tridge@samba.org>
Tue, 27 May 2008 04:59:55 +0000 (14:59 +1000)
committer Andrew Tridgell <tridge@samba.org>
Tue, 27 May 2008 04:59:55 +0000 (14:59 +1000)
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c

index 739c127b985bb0077e2627e3c32f1f264faa1873..cfa88b6baad40e8dbb511fa7a343f7cd4bf2efc4 100644 (file)
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -1155,13 +1155,16 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
                 return NT_STATUS_ACCESS_DENIED;
         }
  
+       /* what does this bit really mean?? */
         if (req->ctx->protocol == PROTOCOL_SMB2 &&
-           (access_mask & SEC_STD_SYNCHRONIZE)) {
+           (access_mask & SEC_STD_SYNCHRONIZE) &&
+           !(access_mask & SEC_STD_READ_CONTROL)) {
                 return NT_STATUS_ACCESS_DENIED;
         }
  
         if (io->ntcreatex.in.file_attr & (FILE_ATTRIBUTE_DEVICE|
-                                         FILE_ATTRIBUTE_VOLUME)) {
+                                         FILE_ATTRIBUTE_VOLUME| 
+                                         (~FILE_ATTRIBUTE_ALL_MASK))) {
                 return NT_STATUS_INVALID_PARAMETER;
         }
author	Andrew Tridgell <tridge@samba.org>
	Tue, 27 May 2008 04:59:55 +0000 (14:59 +1000)
committer	Andrew Tridgell <tridge@samba.org>
	Tue, 27 May 2008 04:59:55 +0000 (14:59 +1000)