Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no permission for that, but token has SeTakeOwnershipPrivilege

Autobuild-User: Richard Sharpe <sharpe@samba.org> Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104
author: Richard Sharpe <realrichardsharpe@gmail.com> 2012-02-22 06:25:54 -0800
committer: Richard Sharpe <sharpe@samba.org> 2012-02-22 19:19:32 +0100
commit: 108253250048673493a636fd9fb2bf99b64ccf3c (patch)
tree: e8b06d9078b6433ce9658fc039852fa9d25cc8c0 /libcli/security
parent: ee2e3d56a2a633cecf4d1b06badc6fb8fd12580e (diff)
download: samba-108253250048673493a636fd9fb2bf99b64ccf3c.tar.gz
samba-108253250048673493a636fd9fb2bf99b64ccf3c.tar.bz2
samba-108253250048673493a636fd9fb2bf99b64ccf3c.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 1b02a866b1..a9b618f577 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -205,6 +205,11 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
 		bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
 	}
 
+	if ((bits_remaining & SEC_STD_WRITE_OWNER) &&
+	     security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
+		bits_remaining &= ~(SEC_STD_WRITE_OWNER);
+	}
+
 	/* a NULL dacl allows access */
 	if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
 		*access_granted = access_desired;
author	Richard Sharpe <realrichardsharpe@gmail.com>	2012-02-22 06:25:54 -0800
committer	Richard Sharpe <sharpe@samba.org>	2012-02-22 19:19:32 +0100
commit	108253250048673493a636fd9fb2bf99b64ccf3c (patch)
tree	e8b06d9078b6433ce9658fc039852fa9d25cc8c0 /libcli/security
parent	ee2e3d56a2a633cecf4d1b06badc6fb8fd12580e (diff)
download	samba-108253250048673493a636fd9fb2bf99b64ccf3c.tar.gz samba-108253250048673493a636fd9fb2bf99b64ccf3c.tar.bz2 samba-108253250048673493a636fd9fb2bf99b64ccf3c.zip