Windows: AFSRetrieveValidAuthGroup FILE_READ_DATA

Only an AuthGroup belonging to a Context Control Block that was
granted the FILE_READ_DATA permission is capable of reading
data from the file server.

Change-Id: I93a7d8e65a6bc87b44399a30da5c0dd7d4e07685
Reviewed-on: http://gerrit.openafs.org/6398
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp b/src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp
index f6f973f..f037664 100644 (file)
--- a/src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp
@@ -8458,7 +8458,7 @@ AFSRetrieveValidAuthGroup( IN AFSFcb *Fcb,
 
                     break;
                 }
-                else if( pCcb->GrantedAccess != 0)
+                else if( pCcb->GrantedAccess & FILE_READ_DATA)
                 {
                     //
                     // At least get the read-only access