svn commit: samba r15774 - in branches/SAMBA_4_0/source/ntvfs/posix: .

metze at samba.org metze at samba.org
Sun May 21 12:56:49 GMT 2006


Author: metze
Date: 2006-05-21 12:56:49 +0000 (Sun, 21 May 2006)
New Revision: 15774

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15774

Log:
take care of the SYSTEM_SECURITY flag

metze
Modified:
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c


Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c	2006-05-21 12:15:04 UTC (rev 15773)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c	2006-05-21 12:56:49 UTC (rev 15774)
@@ -350,7 +350,9 @@
 	uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL;
 
 	/* owner and root get extra permissions */
-	if (uid == 0 || uid == name->st.st_uid) {
+	if (uid == 0) {
+		max_bits |= SEC_STD_ALL | SEC_FLAG_SYSTEM_SECURITY;
+	} else if (uid == name->st.st_uid) {
 		max_bits |= SEC_STD_ALL;
 	}
 
@@ -359,6 +361,10 @@
 		return NT_STATUS_OK;
 	}
 
+	if (uid != 0 && (*access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
+		return NT_STATUS_PRIVILEGE_NOT_HELD;
+	}
+
 	if (*access_mask & ~max_bits) {
 		return NT_STATUS_ACCESS_DENIED;
 	}



More information about the samba-cvs mailing list