When processing DENY ACE entries for owner rights SIDs (S-1-3-4) the code OR's in the deny access mask bits without taking into account if they were being requested in the requested access mask. E.g. The current logic has: An ACL containining: [0] SID: S-1-3-4 TYPE: DENY MASK: DENY_WRITE [0] SID: S-1-3-4 TYPE: ALLOW MASK: ALLOW_ALL prohibits an open request by the owner for READ_FILE - even though this is explicitly allowed. Fix and regression test (that passes against Win2K12 to follow). Bug and idea for a fix reported to samba-technical list by Shilpa K <shilpa.krishnareddy@gmail.com>
Created attachment 12752 [details] git-am fix for master
Created attachment 12755 [details] git-am fix for master. Slightly improved commit message and regression test.
Created attachment 12758 [details] Ralph's correct fix !
Created attachment 12763 [details] git-am fix for 4.5.next Contains cherry-pick info from master.
Created attachment 12764 [details] git-am fix for 4.4.next Cherry-pick of fix from master. Doesn't include back-port of regression test (not needed as already tested in master/4.5.x patch).
Reassigning to Karolin for inclusion in 4.4 and 4.5
(In reply to Ralph Böhme from comment #6) Pushed to autobuild-v4-{5,4}-test.
(In reply to Karolin Seeger from comment #7) Pushed to both branches. Closing out bug report. Thanks!