diff options
Diffstat (limited to 'source4/ntvfs/posix/pvfs_open.c')
-rw-r--r-- | source4/ntvfs/posix/pvfs_open.c | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c index 4b8de284882..17740f76366 100644 --- a/source4/ntvfs/posix/pvfs_open.c +++ b/source4/ntvfs/posix/pvfs_open.c @@ -862,14 +862,6 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, share_access = io->generic.in.share_access; access_mask = io->generic.in.access_mask; - if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) { - if (name->exists && (name->dos.attrib & FILE_ATTRIBUTE_READONLY)) { - access_mask = SEC_RIGHTS_FILE_READ; - } else { - access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE; - } - } - /* certain create options are not allowed */ if ((create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) && !(access_mask & SEC_STD_DELETE)) { @@ -914,12 +906,6 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, return NT_STATUS_INVALID_PARAMETER; } - if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) { - flags |= O_RDWR; - } else { - flags |= O_RDONLY; - } - if (io->generic.in.file_attr & FILE_ATTRIBUTE_DIRECTORY) { return NT_STATUS_INVALID_PARAMETER; } @@ -949,6 +935,12 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, return NT_STATUS_CANNOT_DELETE; } + /* check the security descriptor */ + status = pvfs_access_check(pvfs, req, name, &access_mask); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + f = talloc_p(req, struct pvfs_file); if (f == NULL) { return NT_STATUS_NO_MEMORY; @@ -1036,6 +1028,12 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, f->handle->have_opendb_entry = True; + if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) { + flags |= O_RDWR; + } else { + flags |= O_RDONLY; + } + /* do the actual open */ fd = open(f->handle->name->full_name, flags); if (fd == -1) { |