Ensure when calculating the access mask for MAXIMUM_ALLOWED_ACCESS that we add in FILE_READ_ATTRIBUTES, even if this doesn't come from the file/directory ACL.

If we can access the path to this file, by default we have FILE_READ_ATTRIBUTES from the containing directory. See the section. "Algorithm to Check Access to an Existing File" in MS-FSA.pdf. (cherry picked from commit 32892d6357469287bf9594b269bde5b9ffabd54e)
author: Jeremy Allison <jra@samba.org> 2012-11-12 16:22:52 -0800
committer: Karolin Seeger <kseeger@samba.org> 2012-12-06 09:40:25 +0100
commit: 3c94475a06472c71ec364d4c3e098c9740f702bd (patch)
tree: b156c777dc66a516bf0b6de545281841bfdb5958
parent: 7f687101ce9d79c07d7616b188c9088b8bc06d26 (diff)
download: samba-3c94475a06472c71ec364d4c3e098c9740f702bd.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index f97a3ec5e58..d10b6978be6 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1423,7 +1423,14 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
 				}
 			}
 
-			access_mask = access_granted;
+			/*
+			 * If we can access the path to this file, by
+			 * default we have FILE_READ_ATTRIBUTES from the
+			 * containing directory. See the section.
+			 * "Algorithm to Check Access to an Existing File"
+			 * in MS-FSA.pdf.
+			 */
+			access_mask = access_granted | FILE_READ_ATTRIBUTES;
 		} else {
 			access_mask = FILE_GENERIC_ALL;
 		}
author	Jeremy Allison <jra@samba.org>	2012-11-12 16:22:52 -0800
committer	Karolin Seeger <kseeger@samba.org>	2012-12-06 09:40:25 +0100
commit	3c94475a06472c71ec364d4c3e098c9740f702bd (patch)
tree	b156c777dc66a516bf0b6de545281841bfdb5958
parent	7f687101ce9d79c07d7616b188c9088b8bc06d26 (diff)
download	samba-3c94475a06472c71ec364d4c3e098c9740f702bd.tar.gz