Author: jerry Date: 2005-09-16 14:47:21 +0000 (Fri, 16 Sep 2005) New Revision: 10264
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10264 Log: reverse order of 'root free pass' checks in service and registry access_checks() Modified: branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c trunk/source/registry/reg_frontend.c trunk/source/rpc_server/srv_svcctl_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c =================================================================== --- branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c 2005-09-16 13:12:08 UTC (rev 10263) +++ branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c 2005-09-16 14:47:21 UTC (rev 10264) @@ -45,16 +45,15 @@ NTSTATUS result; se_map_generic( &access_desired, ®_generic_map ); - se_access_check( sec_desc, token, access_desired, access_granted, &result ); - if ( !NT_STATUS_IS_OK(result) ) { - if ( geteuid() == sec_initial_uid() ) { - DEBUG(5,("registry_access_check: access check bypassed for 'root'\n")); - *access_granted = access_desired; - return NT_STATUS_OK; - } + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,("registry_access_check: access check bypassed for 'root'\n")); + *access_granted = access_desired; + return NT_STATUS_OK; } - + + se_access_check( sec_desc, token, access_desired, access_granted, &result ); + return result; } Modified: branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c =================================================================== --- branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c 2005-09-16 13:12:08 UTC (rev 10263) +++ branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c 2005-09-16 14:47:21 UTC (rev 10264) @@ -60,18 +60,14 @@ { NTSTATUS result; - /* maybe add privilege checks in here later */ + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n")); + *access_granted = access_desired; + return NT_STATUS_OK; + } se_access_check( sec_desc, token, access_desired, access_granted, &result ); - if ( !NT_STATUS_IS_OK(result) ) { - if ( geteuid() == sec_initial_uid() ) { - DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n")); - *access_granted = access_desired; - return NT_STATUS_OK; - } - } - return result; } Modified: trunk/source/registry/reg_frontend.c =================================================================== --- trunk/source/registry/reg_frontend.c 2005-09-16 13:12:08 UTC (rev 10263) +++ trunk/source/registry/reg_frontend.c 2005-09-16 14:47:21 UTC (rev 10264) @@ -57,17 +57,15 @@ NTSTATUS result; se_map_generic( &access_desired, ®_generic_map ); - se_access_check( sec_desc, token, access_desired, access_granted, &result ); - if ( !NT_STATUS_IS_OK(result) ) { - if ( geteuid() == sec_initial_uid() ) { - DEBUG(5,("registry_access_check: access check bypassed for 'root'\n")); - *access_granted = access_desired; - return NT_STATUS_OK; - } + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,("registry_access_check: access check bypassed for 'root'\n")); + *access_granted = access_desired; + return NT_STATUS_OK; } - + se_access_check( sec_desc, token, access_desired, access_granted, &result ); + return result; } Modified: trunk/source/rpc_server/srv_svcctl_nt.c =================================================================== --- trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-16 13:12:08 UTC (rev 10263) +++ trunk/source/rpc_server/srv_svcctl_nt.c 2005-09-16 14:47:21 UTC (rev 10264) @@ -110,18 +110,14 @@ { NTSTATUS result; - /* maybe add privilege checks in here later */ + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n")); + *access_granted = access_desired; + return NT_STATUS_OK; + } se_access_check( sec_desc, token, access_desired, access_granted, &result ); - if ( !NT_STATUS_IS_OK(result) ) { - if ( geteuid() == sec_initial_uid() ) { - DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n")); - *access_granted = access_desired; - return NT_STATUS_OK; - } - } - return result; }
