--- samba-3.0.10/source/smbd/posix_acls.c.orig 2005-03-24 17:07:24.000000000 +0900 +++ samba-3.0.10/source/smbd/posix_acls.c 2005-03-24 17:07:29.000000000 +0900 @@ -1218,12 +1218,14 @@ DOM_SID *pfile_owner_sid, DOM_SID *pfile_grp_sid, canon_ace **ppfile_ace, canon_ace **ppdir_ace, - SEC_ACL *dacl) + uint32 security_info_sent, + SEC_DESC *psd) { extern DOM_SID global_sid_Creator_Owner; extern DOM_SID global_sid_Creator_Group; extern DOM_SID global_sid_World; extern struct generic_mapping file_generic_mapping; + SEC_ACL *dacl = psd->dacl; BOOL all_aces_are_inherit_only = (fsp->is_directory ? True : False); canon_ace *file_ace = NULL; canon_ace *dir_ace = NULL; @@ -1343,7 +1345,17 @@ * Note what kind of a POSIX ACL this should map to. */ - if( sid_equal(¤t_ace->trustee, &global_sid_World)) { + if (security_info_sent & OWNER_SECURITY_INFORMATION + && sid_equal(¤t_ace->trustee, psd->owner_sid) + && NT_STATUS_IS_OK(sid_to_uid( psd->owner_sid, ¤t_ace->unix_ug.uid))) { + current_ace->owner_type = UID_ACE; + current_ace->type = SMB_ACL_USER_OBJ; + } else if (security_info_sent & GROUP_SECURITY_INFORMATION + && sid_equal(¤t_ace->trustee, psd->grp_sid) + && NT_STATUS_IS_OK(sid_to_gid( psd->grp_sid, ¤t_ace->unix_ug.gid))) { + current_ace->owner_type = GID_ACE; + current_ace->type = SMB_ACL_GROUP_OBJ; + } else if( sid_equal(¤t_ace->trustee, &global_sid_World)) { current_ace->owner_type = WORLD_ACE; current_ace->unix_ug.world = -1; current_ace->type = SMB_ACL_OTHER; @@ -1923,7 +1935,7 @@ */ if (!create_canon_ace_lists( fsp, pst, pfile_owner_sid, pfile_grp_sid, - &file_ace, &dir_ace, psd->dacl)) + &file_ace, &dir_ace, security_info_sent, psd)) return False; if ((file_ace == NULL) && (dir_ace == NULL)) { @@ -2937,12 +2949,6 @@ if (!fsp) return -1; - /* only allow chown to the current user. This is more secure, - and also copes with the case where the SID in a take ownership ACL is - a local SID on the users workstation - */ - uid = current_user.uid; - become_root(); /* Keep the current file gid the same. */ ret = SMB_VFS_FCHOWN(fsp, fsp->fd, uid, (gid_t)-1);