Author: jerry Date: 2005-09-14 12:49:24 +0000 (Wed, 14 Sep 2005) New Revision: 10221
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10221 Log: add "free pass for root" in svcctl and default winreg access checks Modified: branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c trunk/source/registry/reg_frontend.c trunk/source/rpc_server/srv_svcctl_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c =================================================================== --- branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c 2005-09-14 01:32:37 UTC (rev 10220) +++ branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c 2005-09-14 12:49:24 UTC (rev 10221) @@ -46,6 +46,14 @@ se_map_generic( &access_desired, ®_generic_map ); se_access_check( sec_desc, token, access_desired, access_granted, &result ); + + if ( !NT_STATUS_IS_OK(result) ) { + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,("registry_access_check: access check bypassed for 'root'\n")); + *access_granted = access_desired; + return NT_STATUS_OK; + } + } return result; } Modified: branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c =================================================================== --- branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c 2005-09-14 01:32:37 UTC (rev 10220) +++ branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c 2005-09-14 12:49:24 UTC (rev 10221) @@ -59,10 +59,18 @@ uint32 access_desired, uint32 *access_granted ) { NTSTATUS result; - + /* maybe add privilege checks in here later */ se_access_check( sec_desc, token, access_desired, access_granted, &result ); + + if ( !NT_STATUS_IS_OK(result) ) { + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n")); + *access_granted = access_desired; + return NT_STATUS_OK; + } + } return result; } Modified: trunk/source/registry/reg_frontend.c =================================================================== --- trunk/source/registry/reg_frontend.c 2005-09-14 01:32:37 UTC (rev 10220) +++ trunk/source/registry/reg_frontend.c 2005-09-14 12:49:24 UTC (rev 10221) @@ -58,6 +58,15 @@ se_map_generic( &access_desired, ®_generic_map ); se_access_check( sec_desc, token, access_desired, access_granted, &result ); + + if ( !NT_STATUS_IS_OK(result) ) { + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,("registry_access_check: access check bypassed for 'root'\n")); + *access_granted = access_desired; + return NT_STATUS_OK; + } + } + return result; } Modified: trunk/source/rpc_server/srv_svcctl_nt.c =================================================================== --- trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-14 01:32:37 UTC (rev 10220) +++ trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-14 12:49:24 UTC (rev 10221) @@ -104,10 +104,18 @@ uint32 access_desired, uint32 *access_granted ) { NTSTATUS result; - + /* maybe add privilege checks in here later */ se_access_check( sec_desc, token, access_desired, access_granted, &result ); + + if ( !NT_STATUS_IS_OK(result) ) { + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n")); + *access_granted = access_desired; + return NT_STATUS_OK; + } + } return result; }
