diff options
author | Jeremy Allison <jra@samba.org> | 2012-11-12 16:21:15 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2012-12-06 09:40:25 +0100 |
commit | 7f687101ce9d79c07d7616b188c9088b8bc06d26 (patch) | |
tree | 55d2ee8c10f1fdf963b8cf3ec9f81bcc90f4b927 | |
parent | 43c2b1ac0599963a3d794185c9cc372c3bc4a3a1 (diff) | |
download | samba-7f687101ce9d79c07d7616b188c9088b8bc06d26.tar.gz |
Add comment explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's.
If we can access the path to this file, by
default we have FILE_READ_ATTRIBUTES from the
containing directory. See the section.
"Algorithm to Check Access to an Existing File"
in MS-FSA.pdf.
(cherry picked from commit a115a4e9799e8e5497232a149d4d927308c81a5b)
-rw-r--r-- | source3/smbd/open.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 10c2180194a..f97a3ec5e58 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -58,6 +58,13 @@ NTSTATUS smb1_file_se_access_check(struct connection_struct *conn, return NT_STATUS_OK; } + /* + * If we can access the path to this file, by + * default we have FILE_READ_ATTRIBUTES from the + * containing directory. See the section: + * "Algorithm to Check Access to an Existing File" + * in MS-FSA.pdf. + */ return se_access_check(sd, token, (access_desired & ~FILE_READ_ATTRIBUTES), |