We can't allow open with access that has been denied via the share
security descriptor
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jul 5 16:21:54 CEST 2011 on sn-devel-104
/* Check if we have rights to open. */
NTSTATUS status;
struct security_descriptor *sd = NULL;
+ uint32_t rejected_share_access;
+
+ rejected_share_access = access_mask & ~(conn->share_access);
+
+ if (rejected_share_access) {
+ *access_granted = rejected_share_access;
+ return NT_STATUS_ACCESS_DENIED;
+ }
if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
*access_granted = access_mask;