SEC_PRIV_TAKE_OWNERSHIP not respected in se_access_check in Samba 3.6 (v3-6-test)
Richard Sharpe
realrichardsharpe at gmail.com
Sun Feb 19 20:36:02 MST 2012
2012/2/19 Richard Sharpe <realrichardsharpe at gmail.com>:
> Hi,
>
> In libcli/security/access_check.c::se_access_check it seems that there
> should be a section like this:
>
> if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) &&
> security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
> bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
> }
>
> + if ((bits_remaining & SEC_STD_WRITE_OWNER) &&
> + security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
> + bits_remaining &= ~(SEC_STD_WRITE_OWNER);
> + }
> +
> /* a NULL dacl allows access */
> if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
> *access_granted = access_desired;
> return NT_STATUS_OK;
> }
>
> Otherwise, how does a user who has the take ownership privilege do so?
Here is the patch I have generated against master (I will create a bug
in bugzilla):
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 1b02a86..a9b618f 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -205,6 +205,11 @@ NTSTATUS se_access_check(const struct security_descriptor *
bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
}
+ if ((bits_remaining & SEC_STD_WRITE_OWNER) &&
+ security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
+ bits_remaining &= ~(SEC_STD_WRITE_OWNER);
+ }
+
/* a NULL dacl allows access */
if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
*access_granted = access_desired;
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list