diff options
author | midipix <writeonce@midipix.org> | 2020-04-02 21:19:43 +0000 |
---|---|---|
committer | midipix <writeonce@midipix.org> | 2020-04-02 21:20:45 +0000 |
commit | 84ee3682973710a6dec8fcfad407911b18dd669d (patch) | |
tree | 2f0177fa56ce0c135044c3db000d7e6d74ff37f7 /src | |
parent | 4b7e618b8583dd8af5fa3581d40a5f104f409f0c (diff) | |
download | ntapi-84ee3682973710a6dec8fcfad407911b18dd669d.tar.bz2 ntapi-84ee3682973710a6dec8fcfad407911b18dd669d.tar.xz |
__ntapi_acl_init_common_descriptor(): properly handle admins-owned entities.
Diffstat (limited to 'src')
-rw-r--r-- | src/acl/ntapi_acl_helper.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c index 455ef1f..c467f23 100644 --- a/src/acl/ntapi_acl_helper.c +++ b/src/acl/ntapi_acl_helper.c @@ -87,6 +87,12 @@ void __stdcall __ntapi_acl_init_common_descriptor( if (system_access == owner_access) system_access = 0; + /* is the built-in administrators group both the owner and the group? */ + if (!__ntapi->tt_sid_compare(owner,(nt_sid *)&sid_admins)) + if (!__ntapi->tt_sid_compare(group,(nt_sid *)&sid_admins)) + if (admin_access == owner_access) + admin_access = 0; + /* ace's */ ace = (nt_access_allowed_ace *)&sd->buffer; ace = __acl_ace_init(ace,system_access,&sid_system,ace_flags,&ace_count); |