share-level permissions and SYSTEM_SECURITY to files and dirs failing even though token has SeSecurityPrivilege

Jeremy Allison jra at samba.org
Tue May 15 18:11:50 MDT 2012


On Tue, May 15, 2012 at 03:38:37PM -0700, Richard Sharpe wrote:
> Hi,
> 
> in smbd_check_access_rights we first check if the share permissions
> allow the mode of access. This fails of the caller asked for
> SYSTEM_SECURITY and no further check is made.
> 
> However, if the logged in user's token contains SeSecurityPrivilege
> and rejected_share_access was only SYSTEM_SECURITY, then I believe
> that the requested operation should be allowed to continue to further
> checks.
> 
> What say ye?

Errrr. Yeah. Sounds about right to me :-).

Jeremy.


More information about the samba-technical mailing list