+/****************************************************************************
+ SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
+****************************************************************************/
+
+NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
+ const NT_USER_TOKEN *token,
+ uint32_t access_desired,
+ uint32_t *access_granted)
+{
+ return se_access_check(sd,
+ token,
+ (access_desired & ~FILE_READ_ATTRIBUTES),
+ access_granted);
+}
+
+/****************************************************************************
+ Check if we have open rights.
+****************************************************************************/
+
+static NTSTATUS check_open_rights(struct connection_struct *conn,
+ const char *fname,
+ uint32_t access_mask,
+ uint32_t *access_granted)
+{
+ /* Check if we have rights to open. */
+ NTSTATUS status;
+ struct security_descriptor *sd;
+
+ *access_granted = 0;
+
+ status = SMB_VFS_GET_NT_ACL(conn, fname,
+ (OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION),&sd);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("check_open_rights: Could not get acl "
+ "on %s: %s\n",
+ fname,
+ nt_errstr(status)));
+ return status;
+ }
+
+ status = smb1_file_se_access_check(sd,
+ conn->server_info->ptok,
+ access_mask,
+ access_granted);
+
+ TALLOC_FREE(sd);
+
+ DEBUG(10,("check_open_rights: file %s requesting "
+ "0x%x returning 0x%x (%s)\n",
+ fname,
+ (unsigned int)access_mask,
+ (unsigned int)*access_granted,
+ nt_errstr(status) ));
+
+ return status;
+}
+