From ca4b1f76d46b8e250839cbe1012a96be20e05efc Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: Sat, 20 Oct 2018 17:17:47 -0400
Subject: __acl_init_common_meta_impl(): ace interp.: account for system-owned
 entities.

---
 src/acl/ntapi_acl_helper.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c
index 9d24554..f2d6b6b 100644
--- a/src/acl/ntapi_acl_helper.c
+++ b/src/acl/ntapi_acl_helper.c
@@ -107,6 +107,8 @@ static int32_t __acl_init_common_meta_impl(
 	nt_sid *		sid;
 	nt_acl *		acl;
 	nt_access_allowed_ace *	ace;
+	nt_access_allowed_ace *	sysace;
+	nt_sid *		syssid;
 	unsigned char *		value;
 	unsigned char		sacnt;
 	char *			mark = (char *)sd;
@@ -154,10 +156,13 @@ static int32_t __acl_init_common_meta_impl(
 		sid   = (nt_sid *)&ace->sid_start;
 		value = sid->identifier_authority.value;
 
-		if (!(__ntapi->tt_sid_compare(sid,&sid_system)))
+		if (!(__ntapi->tt_sid_compare(sid,&sid_system))) {
 			meta->system_acc = ace->mask;
 
-		else if (!(__ntapi->tt_sid_compare(sid,&sid_owner_rights))) {
+			sysace = ace;
+			syssid = sid;
+
+		} else if (!(__ntapi->tt_sid_compare(sid,&sid_owner_rights))) {
 			if (meta->owner_ace)
 				return NT_STATUS_INVALID_ACL;
 
@@ -215,6 +220,17 @@ static int32_t __acl_init_common_meta_impl(
 		ace  = (nt_access_allowed_ace *)mark;
 	}
 
+	if (!meta->group_ace && meta->owner_ace) {
+		if (meta->owner_ace->mask != meta->system_acc) {
+			if (!__ntapi->tt_sid_compare(meta->owner,&sid_system)) {
+				meta->group_ace  = sysace;
+				meta->group_sid  = syssid;
+				meta->group      = syssid;
+				meta->system_acc = meta->owner_ace->mask;
+			}
+		}
+	}
+
 	return NT_STATUS_SUCCESS;
 }
 
-- 
cgit v1.2.3