vfs_acl_common: fix take ownership vs give ownership

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 55f3141dfa754caa3acc5d7fc55d384b7a02875a..7958fd1ca7259abc299d02a977863923405f6908 100644 (file)
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -1019,6 +1019,7 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp,
                                   bool chown_needed)
 {
        NTSTATUS status;
+       const struct security_token *token = NULL;
 
        status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
        if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
@@ -1033,6 +1034,18 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp,
                return NT_STATUS_ACCESS_DENIED;
        }
 
+       /*
+        * Only allow take-ownership, not give-ownership. That's the way Windows
+        * implements SEC_STD_WRITE_OWNER. MS-FSA 2.1.5.16 just states: If
+        * InputBuffer.OwnerSid is not a valid owner SID for a file in the
+        * objectstore, as determined in an implementation specific manner, the
+        * object store MUST return STATUS_INVALID_OWNER.
+        */
+       token = get_current_nttok(fsp->conn);
+       if (!security_token_is_sid(token, psd->owner_sid)) {
+               return NT_STATUS_INVALID_OWNER;
+       }
+
        DBG_DEBUG("overriding chown on file %s for sid %s\n",
                   fsp_str_dbg(fsp), sid_string_tos(psd->owner_sid));