From 881dd7dbf6de0e11a3703afd2a1ba286ff0d62ad Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 2 Nov 2005 02:35:48 +0000 Subject: [PATCH] r11464: Allow smbcacls to modify a SD on W2K3. This may fix several bugzilla bugs - I need to go through and check. I also need to test against WNT/W2K and WXP. Jeremy. --- source/utils/smbcacls.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/source/utils/smbcacls.c b/source/utils/smbcacls.c index 01ca54c6491..26037f643eb 100644 --- a/source/utils/smbcacls.c +++ b/source/utils/smbcacls.c @@ -718,11 +718,24 @@ static int cacl_set(struct cli_state *cli, char *filename, sort_acl(old->dacl); /* Create new security descriptor and set it */ +#if 0 + /* We used to just have "WRITE_DAC_ACCESS" without WRITE_OWNER. + But if we're sending an owner, even if it's the same as the one + that already exists then W2K3 insists we open with WRITE_OWNER access. + I need to check that setting a SD with no owner set works against WNT + and W2K. JRA. + */ + sd = make_sec_desc(ctx,old->revision, old->type, old->owner_sid, old->grp_sid, NULL, old->dacl, &sd_size); - fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS); + fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS); +#else + sd = make_sec_desc(ctx,old->revision, old->type, NULL, NULL, + NULL, old->dacl, &sd_size); + fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS); +#endif if (fnum == -1) { printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli)); return EXIT_FAILED;