Ignore:
Timestamp:
May 24, 2009, 7:45:16 AM (16 years ago)
Author:
Herwig Bauernfeind
Message:

Update Samba 3.3 branch to 3.3.2

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/samba-3.3.x/source/smbd/open.c

    r221 r222  
    5959
    6060        *access_granted = 0;
     61
     62        if (conn->server_info->utok.uid == 0 || conn->admin_user) {
     63                /* I'm sorry sir, I didn't know you were root... */
     64                *access_granted = access_mask;
     65                if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
     66                        *access_granted |= FILE_GENERIC_ALL;
     67                }
     68                return NT_STATUS_OK;
     69        }
    6170
    6271        status = SMB_VFS_GET_NT_ACL(conn, fname,
     
    23832392        }
    23842393
     2394        /* We need to support SeSecurityPrivilege for this. */
     2395        if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
     2396                DEBUG(10, ("open_directory: open on %s "
     2397                        "failed - SEC_RIGHT_SYSTEM_SECURITY denied.\n",
     2398                        fname));
     2399                return NT_STATUS_PRIVILEGE_NOT_HELD;
     2400        }
     2401
    23852402        switch( create_disposition ) {
    23862403                case FILE_OPEN:
     
    24632480                                        access_mask,
    24642481                                        &access_granted);
     2482
     2483                /* Were we trying to do a directory open
     2484                 * for delete and didn't get DELETE
     2485                 * access (only) ? Check if the
     2486                 * directory allows DELETE_CHILD.
     2487                 * See here:
     2488                 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
     2489                 * for details. */
     2490
     2491                if ((NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
     2492                                (access_mask & DELETE_ACCESS) &&
     2493                                (access_granted == DELETE_ACCESS) &&
     2494                                can_delete_file_in_directory(conn, fname))) {
     2495                        DEBUG(10,("open_directory: overrode ACCESS_DENIED "
     2496                                "on directory %s\n",
     2497                                fname ));
     2498                        status = NT_STATUS_OK;
     2499                }
     2500
    24652501                if (!NT_STATUS_IS_OK(status)) {
    24662502                        DEBUG(10, ("open_directory: check_open_rights on "
     
    28972933                goto fail;
    28982934        }
     2935#else
     2936        /* We need to support SeSecurityPrivilege for this. */
     2937        if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
     2938                status = NT_STATUS_PRIVILEGE_NOT_HELD;
     2939                goto fail;
     2940        }
     2941        /* Don't allow a SACL set from an NTtrans create until we
     2942         * support SeSecurityPrivilege. */
     2943        if (!VALID_STAT(sbuf) &&
     2944                        lp_nt_acl_support(SNUM(conn)) &&
     2945                        sd && (sd->sacl != NULL)) {
     2946                status = NT_STATUS_PRIVILEGE_NOT_HELD;
     2947                goto fail;
     2948        }
    28992949#endif
    29002950
Note: See TracChangeset for help on using the changeset viewer.