From 3249ab33be33d96ea02811ce04ea5420d55bdde6 Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: Thu, 14 May 2020 06:21:12 +0000
Subject: __ntapi_acl_init_common_descriptor_meta(): tweak support of Admins
 privileges.

---
 src/acl/ntapi_acl_helper.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/src/acl/ntapi_acl_helper.c b/src/acl/ntapi_acl_helper.c
index 92f5b4d..927e661 100644
--- a/src/acl/ntapi_acl_helper.c
+++ b/src/acl/ntapi_acl_helper.c
@@ -192,6 +192,11 @@ static int32_t __acl_init_common_meta_impl(
 			meta->other_sid = sid;
 		}
 
+		else if (!meta->admin_ace && !(__ntapi->tt_sid_compare(sid,(nt_sid *)&sid_admins))) {
+			meta->admin_ace = ace;
+			meta->admin_sid = sid;
+		}
+
 		else if (!(__ntapi->tt_sid_compare(sid,meta->owner))) {
 			if (meta->group_ace)
 				return NT_STATUS_INVALID_ACL;
@@ -201,14 +206,6 @@ static int32_t __acl_init_common_meta_impl(
 			meta->group     = sid;
 		}
 
-		else if (!(__ntapi->tt_sid_compare(sid,(nt_sid *)&sid_admins))) {
-			if (meta->admin_ace)
-				return NT_STATUS_INVALID_ACL;
-
-			meta->admin_ace = ace;
-			meta->admin_sid = sid;
-		}
-
 		else if ((value[0] == 0) && (value[1] == 0)
 				&& (value[2] == 0) && (value[3] == 0)
 				&& (value[4] == 0) && (value[5] == 5)
-- 
cgit v1.2.3