From a9b96c6b3d2fa111c2210b57fa816fcbc1946fc5 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Wed, 14 Sep 2005 12:49:24 +0000
Subject: r10221: add "free pass for root" in svcctl and default winreg access
 checks (This used to be commit 24901187962e24bfa5ba7722aba0aeb9397ac7b6)

---
 source3/rpc_server/srv_reg_nt.c    |  8 ++++++++
 source3/rpc_server/srv_svcctl_nt.c | 10 +++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c
index 07ebe4e20c..7a48b8dd22 100644
--- a/source3/rpc_server/srv_reg_nt.c
+++ b/source3/rpc_server/srv_reg_nt.c
@@ -46,6 +46,14 @@ NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
 		
 	se_map_generic( &access_desired, &reg_generic_map );
 	se_access_check( sec_desc, token, access_desired, access_granted, &result );
+
+	if ( !NT_STATUS_IS_OK(result) ) {
+		if ( geteuid() == sec_initial_uid() ) {
+			DEBUG(5,("registry_access_check: access check bypassed for 'root'\n"));
+			*access_granted = access_desired;
+			return NT_STATUS_OK;
+		}
+	}
 	
 	return result;
 }
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index 2e44dc3692..16c3259840 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -59,10 +59,18 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
                                      uint32 access_desired, uint32 *access_granted )
 {
 	NTSTATUS result;
-	
+
 	/* maybe add privilege checks in here later */
 	
 	se_access_check( sec_desc, token, access_desired, access_granted, &result );
+
+	if ( !NT_STATUS_IS_OK(result) ) {
+		if ( geteuid() == sec_initial_uid() ) {
+			DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n"));
+			*access_granted = access_desired;
+			return NT_STATUS_OK;
+		}
+	}
 	
 	return result;
 }
-- 
cgit