vfs_acl_common: fix take ownership vs give ownership

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933 Signed-off-by: Ralph Boehme <[email protected]> Reviewed-by: Jeremy Allison <[email protected]>
lidan-fnst · Oct 9, 2017 · 7e7afef · 7e7afef
1 parent e62f90a
commit 7e7afef
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
@@ -1019,6 +1019,7 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp,
 				   bool chown_needed)
 {
 	NTSTATUS status;
+	const struct security_token *token = NULL;
 
 	status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
@@ -1033,6 +1034,18 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp,
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
+	/*
+	 * Only allow take-ownership, not give-ownership. That's the way Windows
+	 * implements SEC_STD_WRITE_OWNER. MS-FSA 2.1.5.16 just states: If
+	 * InputBuffer.OwnerSid is not a valid owner SID for a file in the
+	 * objectstore, as determined in an implementation specific manner, the
+	 * object store MUST return STATUS_INVALID_OWNER.
+	 */
+	token = get_current_nttok(fsp->conn);
+	if (!security_token_is_sid(token, psd->owner_sid)) {
+		return NT_STATUS_INVALID_OWNER;
+	}
+
 	DBG_DEBUG("overriding chown on file %s for sid %s\n",
 		   fsp_str_dbg(fsp), sid_string_tos(psd->owner_sid));