Fix bug #6160 - Office 2007 fails saving files to a Samba mapped drive.

Confirmed by reporters.
Jeremy.
(cherry picked from commit 2cc696192fbc66b10fa6377d84cdebd23a045284)

diff --git a/source/smbd/open.c b/source/smbd/open.c
index d2f85ce521afb13ff04422b84e0a332fd9eb3c6b..c89a5f61785ed8f2b6f9a73a4dc200fb2162026d 100644 (file)
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -2391,6 +2391,14 @@ NTSTATUS open_directory(connection_struct *conn,
                return status;
        }
 
+       /* We need to support SeSecurityPrivilege for this. */
+       if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
+               DEBUG(10, ("open_directory: open on %s "
+                       "failed - SEC_RIGHT_SYSTEM_SECURITY denied.\n",
+                       fname));
+               return NT_STATUS_PRIVILEGE_NOT_HELD;
+       }
+
        switch( create_disposition ) {
                case FILE_OPEN:
 
@@ -2924,6 +2932,20 @@ NTSTATUS create_file_unixpath(connection_struct *conn,
                status = NT_STATUS_PRIVILEGE_NOT_HELD;
                goto fail;
        }
+#else
+       /* We need to support SeSecurityPrivilege for this. */
+       if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
+               status = NT_STATUS_PRIVILEGE_NOT_HELD;
+               goto fail;
+       }
+       /* Don't allow a SACL set from an NTtrans create until we
+        * support SeSecurityPrivilege. */
+       if (!VALID_STAT(sbuf) &&
+                       lp_nt_acl_support(SNUM(conn)) &&
+                       sd && (sd->sacl != NULL)) {
+               status = NT_STATUS_PRIVILEGE_NOT_HELD;
+               goto fail;
+       }
 #endif
 
        if ((conn->fs_capabilities & FILE_NAMED_STREAMS)