diff options
author | Jeremy Allison <jra@samba.org> | 2011-11-04 14:07:23 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2011-11-04 14:16:51 -0700 |
commit | 55b9ba79f8c612d6413e8e673b39dd4e0548dc82 (patch) | |
tree | 50da3d92813bb66cbea85bcc1af6759051cf6480 | |
parent | 07edf6c65e514064f15ef0b31b5a98250568a505 (diff) | |
download | samba-55b9ba79f8c612d6413e8e673b39dd4e0548dc82.tar.gz samba-55b9ba79f8c612d6413e8e673b39dd4e0548dc82.tar.bz2 samba-55b9ba79f8c612d6413e8e673b39dd4e0548dc82.zip |
Move root check out of smb1_file_se_access_check() in preparation for deleting this function.
-rw-r--r-- | source3/smbd/open.c | 38 |
1 files changed, 25 insertions, 13 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c index c26a3379cb..6e93854b6b 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -49,15 +49,6 @@ static NTSTATUS smb1_file_se_access_check(struct connection_struct *conn, { *access_granted = 0; - if (get_current_uid(conn) == (uid_t)0) { - /* I'm sorry sir, I didn't know you were root... */ - *access_granted = access_desired; - if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) { - *access_granted |= FILE_GENERIC_ALL; - } - return NT_STATUS_OK; - } - return se_access_check(sd, token, (access_desired & ~FILE_READ_ATTRIBUTES), @@ -108,6 +99,15 @@ static NTSTATUS smbd_check_open_rights(struct connection_struct *conn, return NT_STATUS_ACCESS_DENIED; } + if (get_current_uid(conn) == (uid_t)0) { + /* I'm sorry sir, I didn't know you were root... */ + DEBUG(10,("smbd_check_open_rights: root override " + "on %s. Granting 0x%x\n", + smb_fname_str_dbg(smb_fname), + (unsigned int)access_mask )); + return NT_STATUS_OK; + } + if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) { DEBUG(10,("smbd_check_open_rights: not checking ACL " "on DELETE_ACCESS on file %s. Granting 0x%x\n", @@ -218,6 +218,19 @@ static NTSTATUS check_parent_access(struct connection_struct *conn, return NT_STATUS_NO_MEMORY; } + if (pp_parent_dir) { + *pp_parent_dir = parent_dir; + } + + if (get_current_uid(conn) == (uid_t)0) { + /* I'm sorry sir, I didn't know you were root... */ + DEBUG(10,("check_parent_access: root override " + "on %s. Granting 0x%x\n", + smb_fname_str_dbg(smb_fname), + (unsigned int)access_mask )); + return NT_STATUS_OK; + } + status = SMB_VFS_GET_NT_ACL(conn, parent_dir, SECINFO_DACL, @@ -248,9 +261,6 @@ static NTSTATUS check_parent_access(struct connection_struct *conn, return status; } - if (pp_parent_dir) { - *pp_parent_dir = parent_dir; - } return NT_STATUS_OK; } @@ -1474,7 +1484,9 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn, /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */ if (access_mask & MAXIMUM_ALLOWED_ACCESS) { - if (file_existed) { + if (get_current_uid(conn) == (uid_t)0) { + access_mask |= FILE_GENERIC_ALL; + } else if (file_existed) { struct security_descriptor *sd; uint32_t access_granted = 0; |