From 55b9ba79f8c612d6413e8e673b39dd4e0548dc82 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 4 Nov 2011 14:07:23 -0700
Subject: Move root check out of smb1_file_se_access_check() in preparation for
 deleting this function.

---
 source3/smbd/open.c | 38 +++++++++++++++++++++++++-------------
 1 file changed, 25 insertions(+), 13 deletions(-)

(limited to 'source3/smbd/open.c')

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index c26a3379cb..6e93854b6b 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -49,15 +49,6 @@ static NTSTATUS smb1_file_se_access_check(struct connection_struct *conn,
 {
 	*access_granted = 0;
 
-	if (get_current_uid(conn) == (uid_t)0) {
-		/* I'm sorry sir, I didn't know you were root... */
-		*access_granted = access_desired;
-		if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
-			*access_granted |= FILE_GENERIC_ALL;
-		}
-		return NT_STATUS_OK;
-	}
-
 	return se_access_check(sd,
 				token,
 				(access_desired & ~FILE_READ_ATTRIBUTES),
@@ -108,6 +99,15 @@ static NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
+	if (get_current_uid(conn) == (uid_t)0) {
+		/* I'm sorry sir, I didn't know you were root... */
+		DEBUG(10,("smbd_check_open_rights: root override "
+			"on %s. Granting 0x%x\n",
+			smb_fname_str_dbg(smb_fname),
+			(unsigned int)access_mask ));
+		return NT_STATUS_OK;
+	}
+
 	if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
 		DEBUG(10,("smbd_check_open_rights: not checking ACL "
 			"on DELETE_ACCESS on file %s. Granting 0x%x\n",
@@ -218,6 +218,19 @@ static NTSTATUS check_parent_access(struct connection_struct *conn,
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	if (pp_parent_dir) {
+		*pp_parent_dir = parent_dir;
+	}
+
+	if (get_current_uid(conn) == (uid_t)0) {
+		/* I'm sorry sir, I didn't know you were root... */
+		DEBUG(10,("check_parent_access: root override "
+			"on %s. Granting 0x%x\n",
+			smb_fname_str_dbg(smb_fname),
+			(unsigned int)access_mask ));
+		return NT_STATUS_OK;
+	}
+
 	status = SMB_VFS_GET_NT_ACL(conn,
 				parent_dir,
 				SECINFO_DACL,
@@ -248,9 +261,6 @@ static NTSTATUS check_parent_access(struct connection_struct *conn,
 		return status;
 	}
 
-	if (pp_parent_dir) {
-		*pp_parent_dir = parent_dir;
-	}
 	return NT_STATUS_OK;
 }
 
@@ -1474,7 +1484,9 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
 
 	/* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
 	if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
-		if (file_existed) {
+		if (get_current_uid(conn) == (uid_t)0) {
+			access_mask  |= FILE_GENERIC_ALL;
+		} else if (file_existed) {
 
 			struct security_descriptor *sd;
 			uint32_t access_granted = 0;
-- 
cgit