From a2272cb71f2c48ffeb9a89ce79b3cdbdef7cc249 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 9 Oct 2001 21:22:33 +0000
Subject: Fix bug where removing root from a share SD stops further edit
 access. Jeremy. (This used to be commit
 4d57c7520fa106ef6c29c0678584e1726ded961f)

---
 source3/rpc_server/srv_srvsvc_nt.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

(limited to 'source3')

diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 7e82599f28..f1dabd64a9 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -225,7 +225,7 @@ static BOOL set_share_security(TALLOC_CTX *ctx, const char *share_name, SEC_DESC
 
 	prs_init(&ps, (uint32)sec_desc_size(psd), mem_ctx, MARSHALL);
  
-    if (!sec_io_desc("nt_printing_setsec", &psd, &ps, 1)) {
+    if (!sec_io_desc("share_security", &psd, &ps, 1)) {
         goto out;
     }
  
@@ -310,6 +310,7 @@ BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 d
 	NT_USER_TOKEN *token = NULL;
 	user_struct *vuser = get_valid_user_struct(vuid);
 	BOOL ret = True;
+	BOOL is_root = False;
 
 	mem_ctx = talloc_init();
 	if (mem_ctx == NULL)
@@ -320,12 +321,24 @@ BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 d
 	if (!psd)
 		goto out;
 
-	if (vuser)
+	if (vuser) {
 		token = vuser->nt_user_token;
-	else
+		if (vuser->uid == (uid_t)0)
+			is_root = True;
+	} else {
 		token = conn->nt_user_token;
+		if (conn->uid == (uid_t)0)
+			is_root = True;
+	}
 
-	ret = se_access_check(psd, token, desired_access, &granted, &status);
+	/*
+	 * Root gets a free pass.
+	 */
+
+	if (is_root)
+		ret = True;
+	else
+		ret = se_access_check(psd, token, desired_access, &granted, &status);
 
   out:
 
-- 
cgit