Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no...

author Richard Sharpe <realrichardsharpe@gmail.com>

Wed, 22 Feb 2012 14:25:54 +0000 (06:25 -0800)

committer Richard Sharpe <sharpe@samba.org>

Wed, 22 Feb 2012 18:19:32 +0000 (19:19 +0100)
author Richard Sharpe <realrichardsharpe@gmail.com>
Wed, 22 Feb 2012 14:25:54 +0000 (06:25 -0800)
committer Richard Sharpe <sharpe@samba.org>
Wed, 22 Feb 2012 18:19:32 +0000 (19:19 +0100)
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c

index 1b02a866b1df5fab5e208294bcebf3ab71f4fc09..a9b618f577b2a1ab1cd1f6a8a93cfde78f2ecdf1 100644 (file)
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -205,6 +205,11 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
                 bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
         }
  
+       if ((bits_remaining & SEC_STD_WRITE_OWNER) &&
+            security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
+               bits_remaining &= ~(SEC_STD_WRITE_OWNER);
+       }
+
         /* a NULL dacl allows access */
         if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
                 *access_granted = access_desired;
author	Richard Sharpe <realrichardsharpe@gmail.com>
	Wed, 22 Feb 2012 14:25:54 +0000 (06:25 -0800)
committer	Richard Sharpe <sharpe@samba.org>
	Wed, 22 Feb 2012 18:19:32 +0000 (19:19 +0100)