The routine call_nt_transact_create() in smbd/nttrans.c will always apply the
security descriptor if the 'params' block contains one but this is not always
correct. According to M$ documentation for CreateFile under the
CreateFile ignores lpSecurityDescriptor when opening an existing file, but
continues to use the other structure members.
So the routine should really check the smb_action and qualify the test on
FILE_WAS_CREATED; in addition to the other tests.
I have a patch which I'll attach once I submit this.
Created attachment 888 [details]
Check smb_action before applying SD
The patch includes some extra setup code for set_sd() if the underlying NT ACL
code make use of the granted access rights to determine if it can apply the SD.
It may not apply to the standard code but I needed it for something I was
jeremy, please look at this when you get a chance.
Applied (finally!) - thanks.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.