smbd: Ensure SEC_FLAG_SYSTEM_SECURITY also opens the underlying fd.

smbtorture3 SMB2-SAL test shows this is needed as we store the SACL in the same
data store as the DACL.

Without this, opening a file with SEC_FLAG_SYSTEM_SECURITY | READ_ATTRIBUTES
would do a stat open, meaning when we call SMB_VFS_FGET_NT_ACL()
on the fsp we have no open fd to work on.

Pair-Programmed-With: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 16c24383b237001ca80189ce54b971f9ad8e411c..9beabb6a109a1b136379818fa3c56049c4232464 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1157,6 +1157,7 @@ static NTSTATUS open_file(files_struct *fsp,
                FILE_EXECUTE |
                WRITE_DAC_ACCESS |
                WRITE_OWNER_ACCESS |
+               SEC_FLAG_SYSTEM_SECURITY |
                READ_CONTROL_ACCESS;
        bool creating = !file_existed && (flags & O_CREAT);
        bool truncating = (flags & O_TRUNC);