sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-30 06:50:24 +03:00
Code

Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no permission for that, but token has SeTakeOwnershipPrivilege

Browse Source 
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104
This commit is contained in:
Richard Sharpe 2012-02-22 06:25:54 -08:00 committed by Richard Sharpe
parent ee2e3d56a2
commit 1082532500
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libcli/security/access_check.c
View File

@ -205,6 +205,11 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
}
if ((bits_remaining & SEC_STD_WRITE_OWNER) &&
security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
bits_remaining &= ~(SEC_STD_WRITE_OWNER);
}
/* a NULL dacl allows access */
if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
*access_granted = access_desired;