diff options
author | Jeremy Allison <jra@samba.org> | 2001-10-09 21:22:33 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2001-10-09 21:22:33 +0000 |
commit | a2272cb71f2c48ffeb9a89ce79b3cdbdef7cc249 (patch) | |
tree | d075901a14ebd0362cb05ab05b31b4e13d4cb516 /source3 | |
parent | ed94aa9d611aba4d82e717797565550a4a47270e (diff) | |
download | samba-a2272cb71f2c48ffeb9a89ce79b3cdbdef7cc249.tar.gz samba-a2272cb71f2c48ffeb9a89ce79b3cdbdef7cc249.tar.bz2 samba-a2272cb71f2c48ffeb9a89ce79b3cdbdef7cc249.zip |
Fix bug where removing root from a share SD stops further edit access.
Jeremy.
(This used to be commit 4d57c7520fa106ef6c29c0678584e1726ded961f)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 7e82599f28..f1dabd64a9 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -225,7 +225,7 @@ static BOOL set_share_security(TALLOC_CTX *ctx, const char *share_name, SEC_DESC prs_init(&ps, (uint32)sec_desc_size(psd), mem_ctx, MARSHALL); - if (!sec_io_desc("nt_printing_setsec", &psd, &ps, 1)) { + if (!sec_io_desc("share_security", &psd, &ps, 1)) { goto out; } @@ -310,6 +310,7 @@ BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 d NT_USER_TOKEN *token = NULL; user_struct *vuser = get_valid_user_struct(vuid); BOOL ret = True; + BOOL is_root = False; mem_ctx = talloc_init(); if (mem_ctx == NULL) @@ -320,12 +321,24 @@ BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 d if (!psd) goto out; - if (vuser) + if (vuser) { token = vuser->nt_user_token; - else + if (vuser->uid == (uid_t)0) + is_root = True; + } else { token = conn->nt_user_token; + if (conn->uid == (uid_t)0) + is_root = True; + } - ret = se_access_check(psd, token, desired_access, &granted, &status); + /* + * Root gets a free pass. + */ + + if (is_root) + ret = True; + else + ret = se_access_check(psd, token, desired_access, &granted, &status); out: |