summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2001-10-09 21:22:33 +0000
committerJeremy Allison <jra@samba.org>2001-10-09 21:22:33 +0000
commita2272cb71f2c48ffeb9a89ce79b3cdbdef7cc249 (patch)
treed075901a14ebd0362cb05ab05b31b4e13d4cb516 /source3/rpc_server
parented94aa9d611aba4d82e717797565550a4a47270e (diff)
downloadsamba-a2272cb71f2c48ffeb9a89ce79b3cdbdef7cc249.tar.gz
samba-a2272cb71f2c48ffeb9a89ce79b3cdbdef7cc249.tar.bz2
samba-a2272cb71f2c48ffeb9a89ce79b3cdbdef7cc249.zip
Fix bug where removing root from a share SD stops further edit access.
Jeremy. (This used to be commit 4d57c7520fa106ef6c29c0678584e1726ded961f)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 7e82599f28..f1dabd64a9 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -225,7 +225,7 @@ static BOOL set_share_security(TALLOC_CTX *ctx, const char *share_name, SEC_DESC
prs_init(&ps, (uint32)sec_desc_size(psd), mem_ctx, MARSHALL);
- if (!sec_io_desc("nt_printing_setsec", &psd, &ps, 1)) {
+ if (!sec_io_desc("share_security", &psd, &ps, 1)) {
goto out;
}
@@ -310,6 +310,7 @@ BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 d
NT_USER_TOKEN *token = NULL;
user_struct *vuser = get_valid_user_struct(vuid);
BOOL ret = True;
+ BOOL is_root = False;
mem_ctx = talloc_init();
if (mem_ctx == NULL)
@@ -320,12 +321,24 @@ BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 d
if (!psd)
goto out;
- if (vuser)
+ if (vuser) {
token = vuser->nt_user_token;
- else
+ if (vuser->uid == (uid_t)0)
+ is_root = True;
+ } else {
token = conn->nt_user_token;
+ if (conn->uid == (uid_t)0)
+ is_root = True;
+ }
- ret = se_access_check(psd, token, desired_access, &granted, &status);
+ /*
+ * Root gets a free pass.
+ */
+
+ if (is_root)
+ ret = True;
+ else
+ ret = se_access_check(psd, token, desired_access, &granted, &status);
out: