From 32892d6357469287bf9594b269bde5b9ffabd54e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 12 Nov 2012 16:22:52 -0800
Subject: [PATCH] Ensure when calculating the access mask for
 MAXIMUM_ALLOWED_ACCESS that we add in FILE_READ_ATTRIBUTES, even if this
 doesn't come from the file/directory ACL.

If we can access the path to this file, by
default we have FILE_READ_ATTRIBUTES from the
containing directory. See the section.
"Algorithm to Check Access to an Existing File"
in MS-FSA.pdf.
---
 source3/smbd/open.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index f97a3ec5e58..d10b6978be6 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1423,7 +1423,14 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
 				}
 			}
 
-			access_mask = access_granted;
+			/*
+			 * If we can access the path to this file, by
+			 * default we have FILE_READ_ATTRIBUTES from the
+			 * containing directory. See the section.
+			 * "Algorithm to Check Access to an Existing File"
+			 * in MS-FSA.pdf.
+			 */
+			access_mask = access_granted | FILE_READ_ATTRIBUTES;
 		} else {
 			access_mask = FILE_GENERIC_ALL;
 		}
-- 
2.11.4.GIT