>From 3990b0f2092cf4926229f3c121f1a18b8c8cb791 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 12 Oct 2012 14:46:27 -0700
Subject: [PATCH] Add use_privs check into check_parent_access() to override
 root allows everything.

Makes it match the usage in smbd_check_access_rights().
---
 source3/smbd/open.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index efabe4a..80d0f2d 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -211,6 +211,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
 
 static NTSTATUS check_parent_access(struct connection_struct *conn,
 				struct smb_filename *smb_fname,
+				bool use_privs,
 				uint32_t access_mask)
 {
 	NTSTATUS status;
@@ -225,7 +226,7 @@ static NTSTATUS check_parent_access(struct connection_struct *conn,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (get_current_uid(conn) == (uid_t)0) {
+	if (!use_privs && get_current_uid(conn) == (uid_t)0) {
 		/* I'm sorry sir, I didn't know you were root... */
 		DEBUG(10,("check_parent_access: root override "
 			"on %s. Granting 0x%x\n",
@@ -254,7 +255,7 @@ static NTSTATUS check_parent_access(struct connection_struct *conn,
 	 */
 	status = se_file_access_check(parent_sd,
 				get_current_nttok(conn),
-				false,
+				use_privs,
 				(access_mask & ~FILE_READ_ATTRIBUTES),
 				&access_granted);
 	if(!NT_STATUS_IS_OK(status)) {
@@ -753,6 +754,7 @@ static NTSTATUS open_file(files_struct *fsp,
 			} else if (local_flags & O_CREAT){
 				status = check_parent_access(conn,
 						smb_fname,
+						false,
 						SEC_DIR_ADD_FILE);
 			} else {
 				/* File didn't exist and no O_CREAT. */
@@ -2821,6 +2823,7 @@ static NTSTATUS mkdir_internal(connection_struct *conn,
 
 	status = check_parent_access(conn,
 					smb_dname,
+					false,
 					access_mask);
 	if(!NT_STATUS_IS_OK(status)) {
 		DEBUG(5,("mkdir_internal: check_parent_access "
-- 
1.7.7.3