The branch, master has been updated
via 1e8141f Fix bug #8797 - Samba does not correctly handle DENY ACEs
when privileges apply. Signed-off-by: Jeremy Allison <j...@samba.org>
from 177c61b s3: asprintf->talloc_asprintf
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1e8141f40ae7b67a45906f26483caff0a7cca7ed
Author: Richard Sharpe <realrichardsha...@gmail.com>
Date: Fri Mar 9 14:54:38 2012 -0800
Fix bug #8797 - Samba does not correctly handle DENY ACEs when privileges
apply.
Signed-off-by: Jeremy Allison <j...@samba.org>
Autobuild-User: Jeremy Allison <j...@samba.org>
Autobuild-Date: Sat Mar 10 01:33:45 CET 2012 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
libcli/security/access_check.c | 54 ++++++++++++++++++++-------------------
1 files changed, 28 insertions(+), 26 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index a9b618f..d9f6293 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -178,38 +178,12 @@ NTSTATUS se_access_check(const struct security_descriptor
*sd,
bits_remaining));
}
- /* s3 had this with #if 0 previously. To be sure the merge
- doesn't change any behaviour, we have the above #if check
- on _SAMBA_BUILD_. */
- if (access_desired & SEC_FLAG_SYSTEM_SECURITY) {
- if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
- bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY;
- } else {
- return NT_STATUS_PRIVILEGE_NOT_HELD;
- }
- }
-
/* the owner always gets SEC_STD_WRITE_DAC and SEC_STD_READ_CONTROL */
if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL)) &&
security_token_has_sid(token, sd->owner_sid)) {
bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL);
}
- /* TODO: remove this, as it is file server specific */
- if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) &&
- security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
- bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE);
- }
- if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) &&
- security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
- bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
- }
-
- if ((bits_remaining & SEC_STD_WRITE_OWNER) &&
- security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
- bits_remaining &= ~(SEC_STD_WRITE_OWNER);
- }
-
/* a NULL dacl allows access */
if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
*access_granted = access_desired;
@@ -247,6 +221,34 @@ NTSTATUS se_access_check(const struct security_descriptor
*sd,
bits_remaining |= explicitly_denied_bits;
+ /*
+ * We check privileges here because they override even DENY entries.
+ */
+
+ /* Does the user have the privilege to gain SEC_PRIV_SECURITY? */
+ if (bits_remaining & SEC_FLAG_SYSTEM_SECURITY) {
+ if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
+ bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY;
+ } else {
+ return NT_STATUS_PRIVILEGE_NOT_HELD;
+ }
+ }
+
+ /* TODO: remove this, as it is file server specific */
+ if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) &&
+ security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
+ bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE);
+ }
+ if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) &&
+ security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
+ bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
+ }
+
+ if ((bits_remaining & SEC_STD_WRITE_OWNER) &&
+ security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
+ bits_remaining &= ~(SEC_STD_WRITE_OWNER);
+ }
+
done:
if (bits_remaining != 0) {
*access_granted = bits_remaining;
--
Samba Shared Repository
