diff options
author | Günther Deschner <gd@samba.org> | 2010-06-01 23:02:13 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2010-06-01 23:05:17 +0200 |
commit | 1ba611a56c2b12f5138172be7bc23d187893cf16 (patch) | |
tree | dded0aa76b9f43a14eb58d8841f9090fa230ff9e | |
parent | b81f8b131c28c4c300d41eebb054bbf649bfbae4 (diff) | |
download | samba-1ba611a56c2b12f5138172be7bc23d187893cf16.tar.gz samba-1ba611a56c2b12f5138172be7bc23d187893cf16.tar.bz2 samba-1ba611a56c2b12f5138172be7bc23d187893cf16.zip |
s3-eventlog: try to pass RPC-EVENTLOG during make test as non-root.
Guenther
-rw-r--r-- | source3/rpc_server/srv_eventlog_nt.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 4171ef6d97..99185ef552 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -73,6 +73,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) { char *tdbname = elog_tdbname(talloc_tos(), info->logname ); struct security_descriptor *sec_desc; + struct security_ace *ace; NTSTATUS status; if ( !tdbname ) @@ -89,11 +90,28 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) return False; } + ace = talloc_zero(sec_desc, struct security_ace); + if (ace == NULL) { + TALLOC_FREE(sec_desc); + return false; + } + + ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED; + ace->flags = 0; + ace->access_mask = REG_KEY_ALL; + ace->trustee = global_sid_System; + + status = security_descriptor_dacl_add(sec_desc, ace); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(sec_desc); + return false; + } + /* root free pass */ if ( geteuid() == sec_initial_uid() ) { - DEBUG(5,("elog_check_access: using root's token\n")); - token = get_root_nt_token(); + DEBUG(5,("elog_check_access: running as root, using system token\n")); + token = get_system_token(); } /* run the check, try for the max allowed */ @@ -101,8 +119,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS, &info->access_granted); - if ( sec_desc ) - TALLOC_FREE( sec_desc ); + TALLOC_FREE(sec_desc); if (!NT_STATUS_IS_OK(status)) { DEBUG(8,("elog_check_access: se_access_check() return %s\n", @@ -317,7 +334,7 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) goto done; } - wresult = reg_open_path(ctx, path, REG_KEY_READ, get_root_nt_token(), + wresult = reg_open_path(ctx, path, REG_KEY_READ, get_system_token(), &key); if ( !W_ERROR_IS_OK( wresult ) ) { |