r11464: Allow smbcacls to modify a SD on W2K3. This may fix several

bugzilla bugs - I need to go through and check. I also
need to test against WNT/W2K and WXP.
Jeremy.

diff --git a/source/utils/smbcacls.c b/source/utils/smbcacls.c
index 01ca54c649176c0b83045a690c15f64fb98b9a09..26037f643eba8d880b6c616e5acf881282fceebc 100644 (file)
--- a/source/utils/smbcacls.c
+++ b/source/utils/smbcacls.c
@@ -718,11 +718,24 @@ static int cacl_set(struct cli_state *cli, char *filename,
        sort_acl(old->dacl);
 
        /* Create new security descriptor and set it */
+#if 0
+       /* We used to just have "WRITE_DAC_ACCESS" without WRITE_OWNER.
+          But if we're sending an owner, even if it's the same as the one
+          that already exists then W2K3 insists we open with WRITE_OWNER access.
+          I need to check that setting a SD with no owner set works against WNT
+          and W2K. JRA.
+       */
+
        sd = make_sec_desc(ctx,old->revision, old->type, old->owner_sid, old->grp_sid,
                           NULL, old->dacl, &sd_size);
 
-       fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS);
+       fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS);
+#else
+       sd = make_sec_desc(ctx,old->revision, old->type, NULL, NULL,
+                          NULL, old->dacl, &sd_size);
 
+       fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS);
+#endif
        if (fnum == -1) {
                printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli));
                return EXIT_FAILED;