Wrap security_token_has_privilege() with a check for lp_enable_privileges()
jra at samba.org
Fri Oct 22 15:14:10 MDT 2010
On Sat, Oct 23, 2010 at 07:24:20AM +1100, Andrew Bartlett wrote:
> Why is this required?
> It seems to me that if this smb.conf option is not set, that due to the
> check in source3/lib/privilages.c:get_privileges() we cannot have any
> privileges associated with user tokens. (We may for some of the static
> tokens such as system or domain administrator that are not generated
> here, but that's not really an issue).
> Did you have this come up in a real use case, or is this simply about
> that you would feel safer 'knowing' that this cannot be invoked without
> the smb.conf option set?
No, it wasn't a real use case, I just wanted to make sure
that if smb.conf "enable privilages" was set to "no" that
all priviliages were disabled.
I didn't see such a check in security_token_has_privilege()
so really wanted to make sure there's no way this can happen.
> I really think that going back to having s3_ prefix functions is not the
> right approach. To do so consistently we would have to break apart
> se_access_check() again into s3 and s4 codepaths, and as this check was
> never here in the old user_have_privileges() codepath.
Yes, I didn't want to modify se_access_check() again, which
is why I put it where I did.
I didn't go through all the codepaths carefully enough
to be sure we can't have a privilage set. If you have
done so then I'm happy to revert (I wasn't really happy
with it anyway :-).
More information about the samba-technical