[SCM] Samba Shared Repository - branch v3-6-test updated

Karolin Seeger kseeger at samba.org
Sun Feb 26 13:01:30 MST 2012


The branch, v3-6-test has been updated
       via  4d60392 Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no permission for that, but token has SeTakeOwnershipPrivilege
      from  57ff85c s3: Fix bug 8567 -- segfault in dom_sid_compare

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 4d603924fa07b908994bdc0a15dcfa2f83a3f1be
Author: Richard Sharpe <realrichardsharpe at gmail.com>
Date:   Wed Feb 22 06:25:54 2012 -0800

    Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no permission for that, but token has SeTakeOwnershipPrivilege
    
    Autobuild-User: Richard Sharpe <sharpe at samba.org>
    Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104
    (cherry picked from commit 108253250048673493a636fd9fb2bf99b64ccf3c)
    
    Fix bug #8768 (Samba does not honor SeTakeOwnershipPrivilege when file opened
    with SEC_STD_WRITE_OWNER).

-----------------------------------------------------------------------

Summary of changes:
 libcli/security/access_check.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 1b02a86..a9b618f 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -205,6 +205,11 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
 		bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
 	}
 
+	if ((bits_remaining & SEC_STD_WRITE_OWNER) &&
+	     security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
+		bits_remaining &= ~(SEC_STD_WRITE_OWNER);
+	}
+
 	/* a NULL dacl allows access */
 	if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
 		*access_granted = access_desired;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list