Fix profile acls in some corner cases

Always add back the real original owner of the directory in the ACE List after
we steal its ACE for the Administrators group.
(cherry picked from commit 5d8f374ad75e06354ac27f34e3f44b3d459ac2ef)

1 files changed, 18 insertions, 3 deletions

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 39fb32f654c..bc96838a09a 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3036,19 +3036,22 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
 	canon_ace *dir_ace = NULL;
 	SEC_ACE *nt_ace_list = NULL;
 	size_t num_profile_acls = 0;
+	DOM_SID orig_owner_sid;
 	SEC_DESC *psd = NULL;
+	int i;
 
 	/*
 	 * Get the owner, group and world SIDs.
 	 */
 
+	create_file_sids(sbuf, &owner_sid, &group_sid);
+
 	if (lp_profile_acls(SNUM(conn))) {
 		/* For WXP SP1 the owner must be administrators. */
+		sid_copy(&orig_owner_sid, &owner_sid);
 		sid_copy(&owner_sid, &global_sid_Builtin_Administrators);
 		sid_copy(&group_sid, &global_sid_Builtin_Users);
-		num_profile_acls = 2;
-	} else {
-		create_file_sids(sbuf, &owner_sid, &group_sid);
+		num_profile_acls = 3;
 	}
 
 	if ((security_info & DACL_SECURITY_INFORMATION) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) {
@@ -3210,6 +3213,18 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
 
 			num_aces = merge_default_aces(nt_ace_list, num_aces);
 
+			if (lp_profile_acls(SNUM(conn))) {
+				for (i = 0; i < num_aces; i++) {
+					if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
+						add_or_replace_ace(nt_ace_list, &num_aces,
+	    							   &orig_owner_sid,
+			    					   nt_ace_list[i].type,
+					    			   nt_ace_list[i].access_mask,
+								   nt_ace_list[i].flags);
+						break;
+					}
+				}
+			}
 		}
 
 		if (num_aces) {