summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-11-04 14:07:23 -0700
committerJeremy Allison <jra@samba.org>2011-11-04 14:16:51 -0700
commit55b9ba79f8c612d6413e8e673b39dd4e0548dc82 (patch)
tree50da3d92813bb66cbea85bcc1af6759051cf6480 /source3/smbd
parent07edf6c65e514064f15ef0b31b5a98250568a505 (diff)
downloadsamba-55b9ba79f8c612d6413e8e673b39dd4e0548dc82.tar.gz
samba-55b9ba79f8c612d6413e8e673b39dd4e0548dc82.tar.bz2
samba-55b9ba79f8c612d6413e8e673b39dd4e0548dc82.zip
Move root check out of smb1_file_se_access_check() in preparation for deleting this function.
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/open.c38
1 files changed, 25 insertions, 13 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index c26a3379cb..6e93854b6b 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -49,15 +49,6 @@ static NTSTATUS smb1_file_se_access_check(struct connection_struct *conn,
{
*access_granted = 0;
- if (get_current_uid(conn) == (uid_t)0) {
- /* I'm sorry sir, I didn't know you were root... */
- *access_granted = access_desired;
- if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
- *access_granted |= FILE_GENERIC_ALL;
- }
- return NT_STATUS_OK;
- }
-
return se_access_check(sd,
token,
(access_desired & ~FILE_READ_ATTRIBUTES),
@@ -108,6 +99,15 @@ static NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
return NT_STATUS_ACCESS_DENIED;
}
+ if (get_current_uid(conn) == (uid_t)0) {
+ /* I'm sorry sir, I didn't know you were root... */
+ DEBUG(10,("smbd_check_open_rights: root override "
+ "on %s. Granting 0x%x\n",
+ smb_fname_str_dbg(smb_fname),
+ (unsigned int)access_mask ));
+ return NT_STATUS_OK;
+ }
+
if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
DEBUG(10,("smbd_check_open_rights: not checking ACL "
"on DELETE_ACCESS on file %s. Granting 0x%x\n",
@@ -218,6 +218,19 @@ static NTSTATUS check_parent_access(struct connection_struct *conn,
return NT_STATUS_NO_MEMORY;
}
+ if (pp_parent_dir) {
+ *pp_parent_dir = parent_dir;
+ }
+
+ if (get_current_uid(conn) == (uid_t)0) {
+ /* I'm sorry sir, I didn't know you were root... */
+ DEBUG(10,("check_parent_access: root override "
+ "on %s. Granting 0x%x\n",
+ smb_fname_str_dbg(smb_fname),
+ (unsigned int)access_mask ));
+ return NT_STATUS_OK;
+ }
+
status = SMB_VFS_GET_NT_ACL(conn,
parent_dir,
SECINFO_DACL,
@@ -248,9 +261,6 @@ static NTSTATUS check_parent_access(struct connection_struct *conn,
return status;
}
- if (pp_parent_dir) {
- *pp_parent_dir = parent_dir;
- }
return NT_STATUS_OK;
}
@@ -1474,7 +1484,9 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
/* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
- if (file_existed) {
+ if (get_current_uid(conn) == (uid_t)0) {
+ access_mask |= FILE_GENERIC_ALL;
+ } else if (file_existed) {
struct security_descriptor *sd;
uint32_t access_granted = 0;