vfs_fake_acls: deny give-ownership

Windows doesn't allow giving ownership away unless the user has
SEC_PRIV_RESTORE privilege.

This follows from MS-FSA 2.1.5.1, so it's a property of the filesystem
layer, not the SMB layer. By implementing this restriction here, we can
now have test for this restriction.

Other filesystems may want to deliberately allow this behaviour --
although I'm not aware of any that does -- therefor I'm putting in this
restriction in the implementation of the chmod VFS function and not into
the caller.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/selftest/knownfail.d/samba3.blackbox.give_owner b/selftest/knownfail.d/samba3.blackbox.give_owner
deleted file mode 100644 (file)
index 28fc0c0..0000000
--- a/selftest/knownfail.d/samba3.blackbox.give_owner
+++ /dev/null
@@ -1 +0,0 @@
-samba3.blackbox.give_owner.give owner without SeRestorePrivilege\(fileserver\)

diff --git a/source3/modules/vfs_fake_acls.c b/source3/modules/vfs_fake_acls.c
index 7de5cf00bd632238cd6696cdff8069fe6f131ace..0f539d1f29cd998f5039410b4ca25aaaa1b2537a 100644 (file)
--- a/source3/modules/vfs_fake_acls.c
+++ b/source3/modules/vfs_fake_acls.c
@@ -413,6 +413,12 @@ static int fake_acls_chown(vfs_handle_struct *handle,
        int ret;
        uint8_t id_buf[4];
        if (uid != -1) {
+               uid_t current_uid = get_current_uid(handle->conn);
+
+               if (current_uid != 0 && current_uid != uid) {
+                       return EACCES;
+               }
+
                SIVAL(id_buf, 0, uid);
                ret = SMB_VFS_NEXT_SETXATTR(handle,
                                smb_fname,
@@ -447,6 +453,12 @@ static int fake_acls_lchown(vfs_handle_struct *handle,
        int ret;
        uint8_t id_buf[4];
        if (uid != -1) {
+               uid_t current_uid = get_current_uid(handle->conn);
+
+               if (current_uid != 0 && current_uid != uid) {
+                       return EACCES;
+               }
+
                /* This isn't quite right (calling setxattr not
                 * lsetxattr), but for the test purposes of this
                 * module (fake NT ACLs from windows clients), it is
@@ -486,6 +498,12 @@ static int fake_acls_fchown(vfs_handle_struct *handle, files_struct *fsp, uid_t
        int ret;
        uint8_t id_buf[4];
        if (uid != -1) {
+               uid_t current_uid = get_current_uid(handle->conn);
+
+               if (current_uid != 0 && current_uid != uid) {
+                       return EACCES;
+               }
+
                SIVAL(id_buf, 0, uid);
                ret = SMB_VFS_NEXT_FSETXATTR(handle, fsp, FAKE_UID, id_buf, sizeof(id_buf), 0);
                if (ret != 0) {