[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Sat Oct 8 12:08:08 MDT 2011
The branch, v3-6-test has been updated
via 928523b Fix bug #8509 - Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER.
from 5253d36 Fix bug #8507 - smbd doesn't correctly honor the "force create mode" bits from a cifsfs create.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 928523b7878757e11bdec1cb89fa7b3e7e12f115
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 7 11:09:44 2011 -0700
Fix bug #8509 - Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER.
Not a security issue as we also check inside _samr_CreateUser2.
Thanks to Andreas Schneider <asn at samba.org> for finding and testing this.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Fri Oct 7 21:51:27 CEST 2011 on sn-devel-104
(cherry picked from commit c80ba57169cee2ec66e8afe3616956c17958a3ae)
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/srv_access_check.c | 11 ++++++++---
1 files changed, 8 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_access_check.c b/source3/rpc_server/srv_access_check.c
index 12d9024..4e74b04 100644
--- a/source3/rpc_server/srv_access_check.c
+++ b/source3/rpc_server/srv_access_check.c
@@ -52,6 +52,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t
{
NTSTATUS status = NT_STATUS_ACCESS_DENIED;
uint32 saved_mask = 0;
+ bool priv_granted = false;
/* check privileges; certain SAM access bits should be overridden
by privileges (mostly having to do with creating/modifying/deleting
@@ -59,6 +60,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t
if ((needed_priv_1 != SEC_PRIV_INVALID && security_token_has_privilege(token, needed_priv_1)) ||
(needed_priv_2 != SEC_PRIV_INVALID && security_token_has_privilege(token, needed_priv_2))) {
+ priv_granted = true;
saved_mask = (des_access & rights_mask);
des_access &= ~saved_mask;
@@ -81,6 +83,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t
DEBUG(4,("%s: ACCESS should be DENIED (requested: %#010x)\n", debug, des_access));
DEBUGADD(4,("but overritten by euid == sec_initial_uid()\n"));
+ priv_granted = true;
*acc_granted = des_access;
status = NT_STATUS_OK;
@@ -89,10 +92,12 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t
done:
- /* add in any bits saved during the privilege check (only
- matters is status is ok) */
+ if (priv_granted) {
+ /* add in any bits saved during the privilege check (only
+ matters if status is ok) */
- *acc_granted |= rights_mask;
+ *acc_granted |= rights_mask;
+ }
DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n",
debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED",
--
Samba Shared Repository
More information about the samba-cvs
mailing list