const SE_PRIV se_disk_operators = SE_DISK_OPERATOR;
const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN;
const SE_PRIV se_restore = SE_RESTORE;
+const SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP;
/********************************************************************
This is a list of privileges reported by a WIndows 2000 SP4 AD DC
1) If we have root privileges, then it will just work.
2) If we have SeTakeOwnershipPrivilege we can change the user to the current user.
- 3) If we have write permission to the file and dos_filemodes is set
+ 3) If we have SeRestorePrivilege we can change the user to any other user.
+ 4) If we have write permission to the file and dos_filemodes is set
then allow chown to the currently authenticated user.
****************************************************************************/
int ret;
files_struct *fsp;
SMB_STRUCT_STAT st;
- SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP;
if(!CAN_WRITE(conn)) {
return -1;
if (ret == 0)
return 0;
- /* Case (2). */
- if (lp_enable_privileges() &&
- (user_has_privileges(current_user.nt_user_token,&se_take_ownership))) {
- become_root();
- /* Keep the current file gid the same - take ownership doesn't imply group change. */
- ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1);
- unbecome_root();
- return ret;
+ /* Case (2) / (3) */
+ if (lp_enable_privileges()) {
+
+ BOOL has_take_ownership_priv = user_has_privileges(current_user.nt_user_token,
+ &se_take_ownership);
+ BOOL has_restore_priv = user_has_privileges(current_user.nt_user_token,
+ &se_restore);
+
+ /* Case (2) */
+ if ( ( has_take_ownership_priv && ( uid == current_user.uid ) ) ||
+ /* Case (3) */
+ ( has_restore_priv ) ) {
+
+ become_root();
+ /* Keep the current file gid the same - take ownership doesn't imply group change. */
+ ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1);
+ unbecome_root();
+ return ret;
+ }
}
- /* Case (3). */
+ /* Case (4). */
if (!lp_dos_filemode(SNUM(conn))) {
return -1;
}