diff options
author | Jeremy Allison <jra@samba.org> | 2012-11-12 16:22:52 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2012-12-06 09:40:25 +0100 |
commit | 3c94475a06472c71ec364d4c3e098c9740f702bd (patch) | |
tree | b156c777dc66a516bf0b6de545281841bfdb5958 | |
parent | 7f687101ce9d79c07d7616b188c9088b8bc06d26 (diff) | |
download | samba-3c94475a06472c71ec364d4c3e098c9740f702bd.tar.gz |
Ensure when calculating the access mask for MAXIMUM_ALLOWED_ACCESS that we add in FILE_READ_ATTRIBUTES, even if this doesn't come from the file/directory ACL.
If we can access the path to this file, by
default we have FILE_READ_ATTRIBUTES from the
containing directory. See the section.
"Algorithm to Check Access to an Existing File"
in MS-FSA.pdf.
(cherry picked from commit 32892d6357469287bf9594b269bde5b9ffabd54e)
-rw-r--r-- | source3/smbd/open.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c index f97a3ec5e58..d10b6978be6 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1423,7 +1423,14 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn, } } - access_mask = access_granted; + /* + * If we can access the path to this file, by + * default we have FILE_READ_ATTRIBUTES from the + * containing directory. See the section. + * "Algorithm to Check Access to an Existing File" + * in MS-FSA.pdf. + */ + access_mask = access_granted | FILE_READ_ATTRIBUTES; } else { access_mask = FILE_GENERIC_ALL; } |