s3:smbd: add SEC_FLAG_MAXIMUM_ALLOWED handling to smbd_check_open_rights()

metze

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 2c2c64e51b2f35c0dabad0f04bab2a5e9456f07a..a974a6d7a2358f17c976386943a1b9f9dddec02c 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -76,9 +76,16 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
        /* Check if we have rights to open. */
        NTSTATUS status;
        struct security_descriptor *sd = NULL;
+       uint32_t desired_share_access;
        uint32_t rejected_share_access;
 
-       rejected_share_access = access_mask & ~(conn->share_access);
+       desired_share_access = access_mask;
+       if (desired_share_access & SEC_FLAG_MAXIMUM_ALLOWED) {
+               desired_share_access |= conn->share_access;
+               desired_share_access &= ~SEC_FLAG_MAXIMUM_ALLOWED;
+       }
+
+       rejected_share_access = desired_share_access & ~(conn->share_access);
 
        if (rejected_share_access) {
                *access_granted = rejected_share_access;