Windows doesn't allow giving ownership away unless the user has
SEC_PRIV_RESTORE privilege.
This follows from MS-FSA 2.1.5.1, so it's a property of the filesystem
layer, not the SMB layer. By implementing this restriction here, we can
now have test for this restriction.
Other filesystems may want to deliberately allow this behaviour --
although I'm not aware of any that does -- therefor I'm putting in this
restriction in the implementation of the chmod VFS function and not into
the caller.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0666093cb0d820cc27a265c1f0a87bc76cd3c167)
+++ /dev/null
-samba3.blackbox.give_owner.give owner without SeRestorePrivilege\(fileserver\)
int ret;
uint8_t id_buf[4];
if (uid != -1) {
+ uid_t current_uid = get_current_uid(handle->conn);
+
+ if (current_uid != 0 && current_uid != uid) {
+ return EACCES;
+ }
+
SIVAL(id_buf, 0, uid);
ret = SMB_VFS_NEXT_SETXATTR(handle,
smb_fname->base_name,
int ret;
uint8_t id_buf[4];
if (uid != -1) {
+ uid_t current_uid = get_current_uid(handle->conn);
+
+ if (current_uid != 0 && current_uid != uid) {
+ return EACCES;
+ }
+
/* This isn't quite right (calling setxattr not
* lsetxattr), but for the test purposes of this
* module (fake NT ACLs from windows clients), it is
int ret;
uint8_t id_buf[4];
if (uid != -1) {
+ uid_t current_uid = get_current_uid(handle->conn);
+
+ if (current_uid != 0 && current_uid != uid) {
+ return EACCES;
+ }
+
SIVAL(id_buf, 0, uid);
ret = SMB_VFS_NEXT_FSETXATTR(handle, fsp, FAKE_UID, id_buf, sizeof(id_buf), 0);
if (ret != 0) {
projects / thirdparty / samba.git / commitdiff
