diff options
author | Gerald Carter <jerry@samba.org> | 2005-09-14 12:49:24 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:03:38 -0500 |
commit | a9b96c6b3d2fa111c2210b57fa816fcbc1946fc5 (patch) | |
tree | 38a3c10aac1afbdfb131f63023d6a4e7d7f217a5 /source3 | |
parent | f94d9826465b391faa4a4697e03459104065c115 (diff) | |
download | samba-a9b96c6b3d2fa111c2210b57fa816fcbc1946fc5.tar.gz samba-a9b96c6b3d2fa111c2210b57fa816fcbc1946fc5.tar.bz2 samba-a9b96c6b3d2fa111c2210b57fa816fcbc1946fc5.zip |
r10221: add "free pass for root" in svcctl and default winreg access checks
(This used to be commit 24901187962e24bfa5ba7722aba0aeb9397ac7b6)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/rpc_server/srv_reg_nt.c | 8 | ||||
-rw-r--r-- | source3/rpc_server/srv_svcctl_nt.c | 10 |
2 files changed, 17 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c index 07ebe4e20c..7a48b8dd22 100644 --- a/source3/rpc_server/srv_reg_nt.c +++ b/source3/rpc_server/srv_reg_nt.c @@ -46,6 +46,14 @@ NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, se_map_generic( &access_desired, ®_generic_map ); se_access_check( sec_desc, token, access_desired, access_granted, &result ); + + if ( !NT_STATUS_IS_OK(result) ) { + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,("registry_access_check: access check bypassed for 'root'\n")); + *access_granted = access_desired; + return NT_STATUS_OK; + } + } return result; } diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 2e44dc3692..16c3259840 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -59,10 +59,18 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, uint32 access_desired, uint32 *access_granted ) { NTSTATUS result; - + /* maybe add privilege checks in here later */ se_access_check( sec_desc, token, access_desired, access_granted, &result ); + + if ( !NT_STATUS_IS_OK(result) ) { + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n")); + *access_granted = access_desired; + return NT_STATUS_OK; + } + } return result; } |