mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
r15774: take care of the SYSTEM_SECURITY flag
metze
(This used to be commit 98f58d710a
)
This commit is contained in:
parent
2e415d4e98
commit
0f2c93016d
@ -350,7 +350,9 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
|
||||
uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL;
|
||||
|
||||
/* owner and root get extra permissions */
|
||||
if (uid == 0 || uid == name->st.st_uid) {
|
||||
if (uid == 0) {
|
||||
max_bits |= SEC_STD_ALL | SEC_FLAG_SYSTEM_SECURITY;
|
||||
} else if (uid == name->st.st_uid) {
|
||||
max_bits |= SEC_STD_ALL;
|
||||
}
|
||||
|
||||
@ -359,6 +361,10 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
if (uid != 0 && (*access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
|
||||
return NT_STATUS_PRIVILEGE_NOT_HELD;
|
||||
}
|
||||
|
||||
if (*access_mask & ~max_bits) {
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user