From: Richard Sharpe <realrichardsharpe@gmail.com>
Date: Wed, 22 Feb 2012 14:25:54 +0000 (-0800)
Subject: Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no... 
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=108253250048673493a636fd9fb2bf99b64ccf3c;p=metze%2Fsamba%2Fwip.git

Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no permission for that, but token has SeTakeOwnershipPrivilege

Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104
---

diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 1b02a866b1df..a9b618f577b2 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -205,6 +205,11 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
 		bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
 	}
 
+	if ((bits_remaining & SEC_STD_WRITE_OWNER) &&
+	     security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
+		bits_remaining &= ~(SEC_STD_WRITE_OWNER);
+	}
+
 	/* a NULL dacl allows access */
 	if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
 		*access_granted = access_desired;