[SCM] Samba Shared Repository - branch master updated

Tue Feb 28 12:22:02 MST 2012

The branch, master has been updated
       via  6081fab Fix problem reported by Tom Lee <tlee2951 at gmail.com> - when calculating the share security mask, take priviliges into account for the connecting user.
      from  d12bad7 torture: added samba4-ntvfs target

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6081fabe7e0f461ea7d288c40727d4fb5defce5d
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Feb 28 09:47:50 2012 -0800

    Fix problem reported by Tom Lee <tlee2951 at gmail.com> - when calculating
    the share security mask, take priviliges into account for the connecting
    user.
    
    Autobuild-User: Jeremy Allison <jra at samba.org>
    Autobuild-Date: Tue Feb 28 20:21:26 CET 2012 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/service.c |   31 ++++++++++++++++++++++++++++---
 1 files changed, 28 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index b08811b..8436fbe 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -523,6 +523,33 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
 }
 
 /****************************************************************************
+  Setup the share access mask for a connection.
+****************************************************************************/
+
+static void create_share_access_mask(connection_struct *conn, int snum)
+{
+	const struct security_token *token = conn->session_info->security_token;
+
+	share_access_check(token,
+			lp_servicename(snum),
+			MAXIMUM_ALLOWED_ACCESS,
+			&conn->share_access);
+
+	if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
+		conn->share_access |= SEC_FLAG_SYSTEM_SECURITY;
+	}
+	if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
+		conn->share_access |= (SEC_RIGHTS_PRIV_RESTORE);
+	}
+	if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
+		conn->share_access |= (SEC_RIGHTS_PRIV_BACKUP);
+	}
+	if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
+		conn->share_access |= (SEC_STD_WRITE_OWNER);
+	}
+}
+
+/****************************************************************************
   Make a connection, given the snum to connect to, and the vuser of the
   connecting user if appropriate.
 ****************************************************************************/
@@ -636,9 +663,7 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn,
 	 *
 	 */
 
-	share_access_check(conn->session_info->security_token,
-			   lp_servicename(snum), MAXIMUM_ALLOWED_ACCESS,
-			   &conn->share_access);
+	create_share_access_mask(conn, snum);
 
 	if ((conn->share_access & FILE_WRITE_DATA) == 0) {
 		if ((conn->share_access & FILE_READ_DATA) == 0) {


-- 
Samba Shared Repository
