Allow users with admin bits to store different user/group IDs

along with a StoreData call; they can already do so anyway by
using StoreStatus.  Fixes a spurious permission denied error
with arla clients.

diff --git a/src/viced/afsfileprocs.c b/src/viced/afsfileprocs.c
index 571ff046ea018a13960192cf9093da3a53790d75..1b28e108f8faa153763315dcd9d54521dedbad79 100644 (file)
--- a/src/viced/afsfileprocs.c
+++ b/src/viced/afsfileprocs.c
@@ -5619,8 +5619,14 @@ Check_PermissionRights(targetptr, client, rights, CallingRoutine, InStatus)
            }
            else {      /* store data or status */
              /* watch for chowns and chgrps */
-             if (CHOWN(InStatus, targetptr) || CHGRP(InStatus, targetptr))
-               return(EPERM);      /* Was EACCES */
+             if (CHOWN(InStatus, targetptr) || CHGRP(InStatus, targetptr)) {
+               if (VanillaUser (client)) 
+                 return(EPERM);        /* Was EACCES */
+               else
+                 osi_audit(PrivilegeEvent, 0,
+                           AUD_INT, (client ? client->ViceId : 0), 
+                           AUD_INT, CallingRoutine, AUD_END);
+             }
              /* must be sysadmin to set suid/sgid bits */
              if ((InStatus->Mask & AFS_SETMODE) &&
 #ifdef AFS_NT40_ENV