[SCM] Samba Shared Repository - branch master updated

Günther Deschner gd at samba.org
Tue Jun 1 15:06:50 MDT 2010 

The branch, master has been updated
       via  1ba611a... s3-eventlog: try to pass RPC-EVENTLOG during make test as non-root.
      from  b81f8b1... s3-vfs: Send the share name instead of the path in smb_traffic_analyzer.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 1ba611a56c2b12f5138172be7bc23d187893cf16
Author: Günther Deschner <gd at samba.org>
Date:   Tue Jun 1 23:02:13 2010 +0200

    s3-eventlog: try to pass RPC-EVENTLOG during make test as non-root.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/srv_eventlog_nt.c |   27 ++++++++++++++++++++++-----
 1 files changed, 22 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c
index 4171ef6..99185ef 100644
--- a/source3/rpc_server/srv_eventlog_nt.c
+++ b/source3/rpc_server/srv_eventlog_nt.c
@@ -73,6 +73,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
 {
 	char *tdbname = elog_tdbname(talloc_tos(), info->logname );
 	struct security_descriptor *sec_desc;
+	struct security_ace *ace;
 	NTSTATUS status;
 
 	if ( !tdbname )
@@ -89,11 +90,28 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
 		return False;
 	}
 
+	ace = talloc_zero(sec_desc, struct security_ace);
+	if (ace == NULL) {
+		TALLOC_FREE(sec_desc);
+		return false;
+	}
+
+	ace->type		= SEC_ACE_TYPE_ACCESS_ALLOWED;
+	ace->flags		= 0;
+	ace->access_mask	= REG_KEY_ALL;
+	ace->trustee		= global_sid_System;
+
+	status = security_descriptor_dacl_add(sec_desc, ace);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(sec_desc);
+		return false;
+	}
+
 	/* root free pass */
 
 	if ( geteuid() == sec_initial_uid() ) {
-		DEBUG(5,("elog_check_access: using root's token\n"));
-		token = get_root_nt_token();
+		DEBUG(5,("elog_check_access: running as root, using system token\n"));
+		token = get_system_token();
 	}
 
 	/* run the check, try for the max allowed */
@@ -101,8 +119,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
 	status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,
 		&info->access_granted);
 
-	if ( sec_desc )
-		TALLOC_FREE( sec_desc );
+	TALLOC_FREE(sec_desc);
 
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(8,("elog_check_access: se_access_check() return %s\n",
@@ -317,7 +334,7 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info )
 		goto done;
 	}
 
-	wresult = reg_open_path(ctx, path, REG_KEY_READ, get_root_nt_token(),
+	wresult = reg_open_path(ctx, path, REG_KEY_READ, get_system_token(),
 				&key);
 
 	if ( !W_ERROR_IS_OK( wresult ) ) {


-- 
Samba Shared Repository

More information about the samba-cvs mailing list