From 291b02a639aa6551ac1f59e47a78d5590d2b7f6e Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 31 Dec 2004 08:56:32 +0000
Subject: r4448: - fixed access_mask checking on acl set

- honor the change ownership requests of acl set, changing the underlying
  unix owner/group

- fix the access mask on file create with SEC_FLAG_MAXIMUM_ALLOWED
(This used to be commit 5761fa35ab727b51ef1b52459911bafbdd788755)
---
 source4/ntvfs/posix/pvfs_open.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'source4/ntvfs/posix/pvfs_open.c')

diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 3941414cd8..c59f2d22e9 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -124,7 +124,7 @@ static NTSTATUS pvfs_open_setup_eas_acl(struct pvfs_state *pvfs,
 		set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
 		set.set_secdesc.in.sd = io->ntcreatex.in.sec_desc;
 
-		status = pvfs_acl_set(pvfs, req, name, fd, &set);
+		status = pvfs_acl_set(pvfs, req, name, fd, SEC_STD_WRITE_DAC, &set);
 	} else {
 		/* otherwise setup an inherited acl from the parent */
 		status = pvfs_acl_inherit(pvfs, req, name, fd);
@@ -463,9 +463,12 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
 	}
 	
 	if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
-		access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
+		access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE | 
+			SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL;
 	}
 
+	access_mask |= SEC_FILE_READ_ATTRIBUTE;
+
 	if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
 		flags = O_RDWR;
 	} else {
-- 
cgit