summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-03-21 11:21:57 +0100
committerStefan Metzmacher <metze@samba.org>2011-03-21 23:25:05 +0100
commit4928d66fc2f469b75090c34f8d233026485e4a1e (patch)
tree3fe77325fec6f2d40505110c58e7ffa5b70e236c
parentf0ec69b53544b7ff702f94d58b3d64c33eaabc7a (diff)
downloadsamba-4928d66fc2f469b75090c34f8d233026485e4a1e.tar.gz
samba-4928d66fc2f469b75090c34f8d233026485e4a1e.tar.bz2
samba-4928d66fc2f469b75090c34f8d233026485e4a1e.zip
libcli/security: make sure that we don't grant SEC_STD_DELETE to the owner by default
In the file server SEC_STD_DELETE is granted on the file/directory or by FILE_DELETE_CHILD on the parent directory. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Mar 21 23:25:05 CET 2011 on sn-devel-104
-rw-r--r--libcli/security/access_check.c58
1 files changed, 30 insertions, 28 deletions
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index c5f89af32a..6bb64aeabe 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -112,9 +112,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
unsigned i;
if (security_token_has_sid(token, sd->owner_sid)) {
- granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE;
- } else if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
- granted |= SEC_STD_DELETE;
+ granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL;
}
if (sd->dacl == NULL) {
@@ -171,7 +169,7 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
access_desired |= access_check_max_allowed(sd, token);
access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED;
*access_granted = access_desired;
- bits_remaining = access_desired & ~SEC_STD_DELETE;
+ bits_remaining = access_desired;
DEBUG(10,("se_access_check: MAX desired = 0x%x, granted = 0x%x, remaining = 0x%x\n",
orig_access_desired,
@@ -190,21 +188,13 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
}
}
- /* a NULL dacl allows access */
- if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
- *access_granted = access_desired;
- return NT_STATUS_OK;
- }
-
- /* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */
- if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) &&
+ /* the owner always gets SEC_STD_WRITE_DAC and SEC_STD_READ_CONTROL */
+ if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL)) &&
security_token_has_sid(token, sd->owner_sid)) {
- bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE);
- }
- if ((bits_remaining & SEC_STD_DELETE) &&
- (security_token_has_privilege(token, SEC_PRIV_RESTORE))) {
- bits_remaining &= ~SEC_STD_DELETE;
+ bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL);
}
+
+ /* TODO: remove this, as it is file server specific */
if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) &&
security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE);
@@ -214,6 +204,12 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
}
+ /* a NULL dacl allows access */
+ if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
+ *access_granted = access_desired;
+ return NT_STATUS_OK;
+ }
+
if (sd->dacl == NULL) {
goto done;
}
@@ -295,7 +291,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
access_desired |= access_check_max_allowed(sd, token);
access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED;
*access_granted = access_desired;
- bits_remaining = access_desired & ~SEC_STD_DELETE;
+ bits_remaining = access_desired;
}
if (access_desired & SEC_FLAG_SYSTEM_SECURITY) {
@@ -307,6 +303,22 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
}
}
+ /* the owner always gets SEC_STD_WRITE_DAC and SEC_STD_READ_CONTROL */
+ if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL)) &&
+ security_token_has_sid(token, sd->owner_sid)) {
+ bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL);
+ }
+
+ /* TODO: remove this, as it is file server specific */
+ if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) &&
+ security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
+ bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE);
+ }
+ if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) &&
+ security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
+ bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
+ }
+
/* a NULL dacl allows access */
if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
*access_granted = access_desired;
@@ -314,16 +326,6 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
return NT_STATUS_OK;
}
- /* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */
- if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) &&
- security_token_has_sid(token, sd->owner_sid)) {
- bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE);
- }
- if ((bits_remaining & SEC_STD_DELETE) &&
- security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
- bits_remaining &= ~SEC_STD_DELETE;
- }
-
if (sd->dacl == NULL) {
goto done;
}