summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-09-16 14:47:21 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:03:39 -0500
commitfbcaef3bf662b4a46ce7e131ae6bd04c3b735433 (patch)
tree51686250af8e18f5d298ceeab25f1d09cbce4e99
parent802437774d931562fdf4f08613dabf5f6df8cff6 (diff)
downloadsamba-fbcaef3bf662b4a46ce7e131ae6bd04c3b735433.tar.gz
samba-fbcaef3bf662b4a46ce7e131ae6bd04c3b735433.tar.bz2
samba-fbcaef3bf662b4a46ce7e131ae6bd04c3b735433.zip
r10264: reverse order of 'root free pass' checks in service and registry access_checks()
(This used to be commit 35b338a4fc95c14629579336dcf3bd240fda92d3)
-rw-r--r--source3/rpc_server/srv_reg_nt.c15
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c14
2 files changed, 12 insertions, 17 deletions
diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c
index 7a48b8dd22..9ffc77fce8 100644
--- a/source3/rpc_server/srv_reg_nt.c
+++ b/source3/rpc_server/srv_reg_nt.c
@@ -45,16 +45,15 @@ NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
NTSTATUS result;
se_map_generic( &access_desired, &reg_generic_map );
- se_access_check( sec_desc, token, access_desired, access_granted, &result );
- if ( !NT_STATUS_IS_OK(result) ) {
- if ( geteuid() == sec_initial_uid() ) {
- DEBUG(5,("registry_access_check: access check bypassed for 'root'\n"));
- *access_granted = access_desired;
- return NT_STATUS_OK;
- }
+ if ( geteuid() == sec_initial_uid() ) {
+ DEBUG(5,("registry_access_check: access check bypassed for 'root'\n"));
+ *access_granted = access_desired;
+ return NT_STATUS_OK;
}
-
+
+ se_access_check( sec_desc, token, access_desired, access_granted, &result );
+
return result;
}
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index 16c3259840..538b97a2b1 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -60,18 +60,14 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
{
NTSTATUS result;
- /* maybe add privilege checks in here later */
+ if ( geteuid() == sec_initial_uid() ) {
+ DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n"));
+ *access_granted = access_desired;
+ return NT_STATUS_OK;
+ }
se_access_check( sec_desc, token, access_desired, access_granted, &result );
- if ( !NT_STATUS_IS_OK(result) ) {
- if ( geteuid() == sec_initial_uid() ) {
- DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n"));
- *access_granted = access_desired;
- return NT_STATUS_OK;
- }
- }
-
return result;
}