From 0f2c93016d870adc4eb4e7072c05a8ef8273cb0c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 21 May 2006 12:56:49 +0000 Subject: r15774: take care of the SYSTEM_SECURITY flag metze (This used to be commit 98f58d710a4fe1cd3581b1fb25c4f0c0236b5092) --- source4/ntvfs/posix/pvfs_acl.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source4/ntvfs/posix') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 3826b2f157..3d276431dc 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -350,7 +350,9 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL; /* owner and root get extra permissions */ - if (uid == 0 || uid == name->st.st_uid) { + if (uid == 0) { + max_bits |= SEC_STD_ALL | SEC_FLAG_SYSTEM_SECURITY; + } else if (uid == name->st.st_uid) { max_bits |= SEC_STD_ALL; } @@ -359,6 +361,10 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, return NT_STATUS_OK; } + if (uid != 0 && (*access_mask & SEC_FLAG_SYSTEM_SECURITY)) { + return NT_STATUS_PRIVILEGE_NOT_HELD; + } + if (*access_mask & ~max_bits) { return NT_STATUS_ACCESS_DENIED; } -- cgit