The branch, master has been updated
via 1082532 Honor SeTakeOwnershiPrivilege when client asks for
SEC_STD_WRITE_OWNER but has no permission for that, but token has
SeTakeOwnershipPrivilege
from ee2e3d5 s3-vfstest: Fake smb_requests
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 108253250048673493a636fd9fb2bf99b64ccf3c
Author: Richard Sharpe <[email protected]>
Date: Wed Feb 22 06:25:54 2012 -0800
Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but
has no permission for that, but token has SeTakeOwnershipPrivilege
Autobuild-User: Richard Sharpe <[email protected]>
Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
libcli/security/access_check.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 1b02a86..a9b618f 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -205,6 +205,11 @@ NTSTATUS se_access_check(const struct security_descriptor
*sd,
bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
}
+ if ((bits_remaining & SEC_STD_WRITE_OWNER) &&
+ security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
+ bits_remaining &= ~(SEC_STD_WRITE_OWNER);
+ }
+
/* a NULL dacl allows access */
if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
*access_granted = access_desired;
--
Samba Shared Repository
