svn commit: samba r10264 - branches/SAMBA_3_0/source/rpc_server
trunk/source/registry trunk/source/rpc_server
jerry at samba.org
jerry at samba.org
Fri Sep 16 14:47:22 GMT 2005
Author: jerry
Date: 2005-09-16 14:47:21 +0000 (Fri, 16 Sep 2005)
New Revision: 10264
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10264
Log:
reverse order of 'root free pass' checks in service and registry access_checks()
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c
branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c
trunk/source/registry/reg_frontend.c
trunk/source/rpc_server/srv_svcctl_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c 2005-09-16 13:12:08 UTC (rev 10263)
+++ branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c 2005-09-16 14:47:21 UTC (rev 10264)
@@ -45,16 +45,15 @@
NTSTATUS result;
se_map_generic( &access_desired, ®_generic_map );
- se_access_check( sec_desc, token, access_desired, access_granted, &result );
- if ( !NT_STATUS_IS_OK(result) ) {
- if ( geteuid() == sec_initial_uid() ) {
- DEBUG(5,("registry_access_check: access check bypassed for 'root'\n"));
- *access_granted = access_desired;
- return NT_STATUS_OK;
- }
+ if ( geteuid() == sec_initial_uid() ) {
+ DEBUG(5,("registry_access_check: access check bypassed for 'root'\n"));
+ *access_granted = access_desired;
+ return NT_STATUS_OK;
}
-
+
+ se_access_check( sec_desc, token, access_desired, access_granted, &result );
+
return result;
}
Modified: branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c 2005-09-16 13:12:08 UTC (rev 10263)
+++ branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c 2005-09-16 14:47:21 UTC (rev 10264)
@@ -60,18 +60,14 @@
{
NTSTATUS result;
- /* maybe add privilege checks in here later */
+ if ( geteuid() == sec_initial_uid() ) {
+ DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n"));
+ *access_granted = access_desired;
+ return NT_STATUS_OK;
+ }
se_access_check( sec_desc, token, access_desired, access_granted, &result );
- if ( !NT_STATUS_IS_OK(result) ) {
- if ( geteuid() == sec_initial_uid() ) {
- DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n"));
- *access_granted = access_desired;
- return NT_STATUS_OK;
- }
- }
-
return result;
}
Modified: trunk/source/registry/reg_frontend.c
===================================================================
--- trunk/source/registry/reg_frontend.c 2005-09-16 13:12:08 UTC (rev 10263)
+++ trunk/source/registry/reg_frontend.c 2005-09-16 14:47:21 UTC (rev 10264)
@@ -57,17 +57,15 @@
NTSTATUS result;
se_map_generic( &access_desired, ®_generic_map );
- se_access_check( sec_desc, token, access_desired, access_granted, &result );
- if ( !NT_STATUS_IS_OK(result) ) {
- if ( geteuid() == sec_initial_uid() ) {
- DEBUG(5,("registry_access_check: access check bypassed for 'root'\n"));
- *access_granted = access_desired;
- return NT_STATUS_OK;
- }
+ if ( geteuid() == sec_initial_uid() ) {
+ DEBUG(5,("registry_access_check: access check bypassed for 'root'\n"));
+ *access_granted = access_desired;
+ return NT_STATUS_OK;
}
-
+ se_access_check( sec_desc, token, access_desired, access_granted, &result );
+
return result;
}
Modified: trunk/source/rpc_server/srv_svcctl_nt.c
===================================================================
--- trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-16 13:12:08 UTC (rev 10263)
+++ trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-16 14:47:21 UTC (rev 10264)
@@ -110,18 +110,14 @@
{
NTSTATUS result;
- /* maybe add privilege checks in here later */
+ if ( geteuid() == sec_initial_uid() ) {
+ DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n"));
+ *access_granted = access_desired;
+ return NT_STATUS_OK;
+ }
se_access_check( sec_desc, token, access_desired, access_granted, &result );
- if ( !NT_STATUS_IS_OK(result) ) {
- if ( geteuid() == sec_initial_uid() ) {
- DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n"));
- *access_granted = access_desired;
- return NT_STATUS_OK;
- }
- }
-
return result;
}
More information about the samba-cvs
mailing list