From 108253250048673493a636fd9fb2bf99b64ccf3c Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Wed, 22 Feb 2012 06:25:54 -0800 Subject: Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no permission for that, but token has SeTakeOwnershipPrivilege Autobuild-User: Richard Sharpe Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104 --- libcli/security/access_check.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'libcli/security/access_check.c') diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c index 1b02a866b1d..a9b618f577b 100644 --- a/libcli/security/access_check.c +++ b/libcli/security/access_check.c @@ -205,6 +205,11 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP); } + if ((bits_remaining & SEC_STD_WRITE_OWNER) && + security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) { + bits_remaining &= ~(SEC_STD_WRITE_OWNER); + } + /* a NULL dacl allows access */ if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) { *access_granted = access_desired; -- cgit