SEC_PRIV_TAKE_OWNERSHIP not respected in se_access_check in Samba 3.6 (v3-6-test)
Jeremy Allison
jra at samba.org
Wed Feb 22 15:02:09 MST 2012
On Sun, Feb 19, 2012 at 07:36:02PM -0800, Richard Sharpe wrote:
> 2012/2/19 Richard Sharpe <realrichardsharpe at gmail.com>:
> > Hi,
> >
> > In libcli/security/access_check.c::se_access_check it seems that there
> > should be a section like this:
> >
> > if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) &&
> > security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
> > bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
> > }
> >
> > + if ((bits_remaining & SEC_STD_WRITE_OWNER) &&
> > + security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
> > + bits_remaining &= ~(SEC_STD_WRITE_OWNER);
> > + }
> > +
> > /* a NULL dacl allows access */
> > if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
> > *access_granted = access_desired;
> > return NT_STATUS_OK;
> > }
> >
> > Otherwise, how does a user who has the take ownership privilege do so?
>
> Here is the patch I have generated against master (I will create a bug
> in bugzilla):
>
> diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
> index 1b02a86..a9b618f 100644
> --- a/libcli/security/access_check.c
> +++ b/libcli/security/access_check.c
> @@ -205,6 +205,11 @@ NTSTATUS se_access_check(const struct security_descriptor *
> bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
> }
>
> + if ((bits_remaining & SEC_STD_WRITE_OWNER) &&
> + security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
> + bits_remaining &= ~(SEC_STD_WRITE_OWNER);
> + }
> +
> /* a NULL dacl allows access */
> if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
> *access_granted = access_desired;
Yes, this looks correct to me - thanks !
More information about the samba-technical
mailing list