From e722cb25d8b2584a21dc6b4ecbca3b04c4dcb2c1 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 2 Sep 2005 12:53:46 +0000 Subject: r9952: Adapt better to the Windows way of taking and assigning ownership: * Users with SeRestorePrivilege may chown files to anyone (be it as a backup software or directly using the ownership-tab in the security acl editor on xp), while * Users with SeTakeOwnershipPrivilege only can chown to themselves. Simo, Jeremy. I think this is correct now. Guenther (This used to be commit 1ef7a192eed457d302a08c692bb54a73a1af4afd) --- source3/include/privileges.h | 1 + source3/lib/privileges.c | 1 + source3/smbd/posix_acls.c | 33 ++++++++++++++++++++++----------- 3 files changed, 24 insertions(+), 11 deletions(-) (limited to 'source3') diff --git a/source3/include/privileges.h b/source3/include/privileges.h index 052cbb6c5f..3f425f6d72 100644 --- a/source3/include/privileges.h +++ b/source3/include/privileges.h @@ -70,6 +70,7 @@ extern const SE_PRIV se_add_users; extern const SE_PRIV se_disk_operators; extern const SE_PRIV se_remote_shutdown; extern const SE_PRIV se_restore; +extern const SE_PRIV se_take_ownership; /* diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 8bb6108448..a2797f2a5d 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -38,6 +38,7 @@ const SE_PRIV se_add_users = SE_ADD_USERS; const SE_PRIV se_disk_operators = SE_DISK_OPERATOR; const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN; const SE_PRIV se_restore = SE_RESTORE; +const SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP; /******************************************************************** This is a list of privileges reported by a WIndows 2000 SP4 AD DC diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 00ec3e0095..f1c9426676 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -2998,7 +2998,8 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) 1) If we have root privileges, then it will just work. 2) If we have SeTakeOwnershipPrivilege we can change the user to the current user. - 3) If we have write permission to the file and dos_filemodes is set + 3) If we have SeRestorePrivilege we can change the user to any other user. + 4) If we have write permission to the file and dos_filemodes is set then allow chown to the currently authenticated user. ****************************************************************************/ @@ -3007,7 +3008,6 @@ static int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_ int ret; files_struct *fsp; SMB_STRUCT_STAT st; - SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP; if(!CAN_WRITE(conn)) { return -1; @@ -3019,17 +3019,28 @@ static int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_ if (ret == 0) return 0; - /* Case (2). */ - if (lp_enable_privileges() && - (user_has_privileges(current_user.nt_user_token,&se_take_ownership))) { - become_root(); - /* Keep the current file gid the same - take ownership doesn't imply group change. */ - ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1); - unbecome_root(); - return ret; + /* Case (2) / (3) */ + if (lp_enable_privileges()) { + + BOOL has_take_ownership_priv = user_has_privileges(current_user.nt_user_token, + &se_take_ownership); + BOOL has_restore_priv = user_has_privileges(current_user.nt_user_token, + &se_restore); + + /* Case (2) */ + if ( ( has_take_ownership_priv && ( uid == current_user.uid ) ) || + /* Case (3) */ + ( has_restore_priv ) ) { + + become_root(); + /* Keep the current file gid the same - take ownership doesn't imply group change. */ + ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1); + unbecome_root(); + return ret; + } } - /* Case (3). */ + /* Case (4). */ if (!lp_dos_filemode(SNUM(conn))) { return -1; } -- cgit