From 7e7afef819b4a858e6de48389c6f4fa7510cf5c6 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Wed, 4 Oct 2017 22:27:24 +0200 Subject: [PATCH] vfs_acl_common: fix take ownership vs give ownership Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison --- source3/modules/vfs_acl_common.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 55f3141dfa7..7958fd1ca72 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -1019,6 +1019,7 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp, bool chown_needed) { NTSTATUS status; + const struct security_token *token = NULL; status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { @@ -1033,6 +1034,18 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp, return NT_STATUS_ACCESS_DENIED; } + /* + * Only allow take-ownership, not give-ownership. That's the way Windows + * implements SEC_STD_WRITE_OWNER. MS-FSA 2.1.5.16 just states: If + * InputBuffer.OwnerSid is not a valid owner SID for a file in the + * objectstore, as determined in an implementation specific manner, the + * object store MUST return STATUS_INVALID_OWNER. + */ + token = get_current_nttok(fsp->conn); + if (!security_token_is_sid(token, psd->owner_sid)) { + return NT_STATUS_INVALID_OWNER; + } + DBG_DEBUG("overriding chown on file %s for sid %s\n", fsp_str_dbg(fsp), sid_string_tos(psd->owner_sid)); -- 2.34.1