s3/smbd: fix FSCTL_SET_SPARSE permission checks

On Windows servers (tested against Windows Server 2008 & 2012) the
FSCTL_SET_SPARSE ioctl is processed if FILE_WRITE_DATA,
FILE_WRITE_ATTRIBUTES _or_ SEC_FILE_APPEND_DATA permissions are granted
on the open file-handle.
Fix Samba such that it matches this behaviour, rather than only checking
for FILE_WRITE_DATA or FILE_WRITE_ATTRIBUTES.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 6fd5d69587a4a2afc4d7a569fa341f98182ae62d..8c0781b19ed830669f8bf528cb5242ca450ce782 100644 (file)
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -876,8 +876,13 @@ NTSTATUS file_set_sparse(connection_struct *conn,
                return NT_STATUS_MEDIA_WRITE_PROTECTED;
        }
 
-       if (!(fsp->access_mask & FILE_WRITE_DATA) &&
-                       !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+       /*
+        * Windows Server 2008 & 2012 permit FSCTL_SET_SPARSE if any of the
+        * following access flags are granted.
+        */
+       if ((fsp->access_mask & (FILE_WRITE_DATA
+                               | FILE_WRITE_ATTRIBUTES
+                               | SEC_FILE_APPEND_DATA)) == 0) {
                DEBUG(9,("file_set_sparse: fname[%s] set[%u] "
                        "access_mask[0x%08X] - access denied\n",
                        smb_fname_str_dbg(fsp->fsp_name),