[SCM] Samba Shared Repository - branch master updated

Jeremy Allison Fri, 07 Oct 2011 12:53:50 -0700

The branch, master has been updated
       via  c80ba57 Fix bug #8509 - Read-only handles on SAMR allow 
SAMR_DOMAIN_ACCESS_CREATE_USER.
      from  bcb0212 s4:dsdb/password_hash: add 
DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit c80ba57169cee2ec66e8afe3616956c17958a3ae
Author: Jeremy Allison <[email protected]>
Date:   Fri Oct 7 11:09:44 2011 -0700

    Fix bug #8509 - Read-only handles on SAMR allow 
SAMR_DOMAIN_ACCESS_CREATE_USER.
    
    Not a security issue as we also check inside _samr_CreateUser2.
    Thanks to Andreas Schneider <[email protected]> for finding and testing this.
    
    Autobuild-User: Jeremy Allison <[email protected]>
    Autobuild-Date: Fri Oct  7 21:51:27 CEST 2011 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/srv_access_check.c |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_access_check.c 
b/source3/rpc_server/srv_access_check.c
index 12d9024..4e74b04 100644
--- a/source3/rpc_server/srv_access_check.c
+++ b/source3/rpc_server/srv_access_check.c
@@ -52,6 +52,7 @@ NTSTATUS access_check_object( struct security_descriptor 
*psd, struct security_t
 {
        NTSTATUS status = NT_STATUS_ACCESS_DENIED;
        uint32 saved_mask = 0;
+       bool priv_granted = false;
 
        /* check privileges; certain SAM access bits should be overridden
           by privileges (mostly having to do with creating/modifying/deleting
@@ -59,6 +60,7 @@ NTSTATUS access_check_object( struct security_descriptor 
*psd, struct security_t
 
        if ((needed_priv_1 != SEC_PRIV_INVALID && 
security_token_has_privilege(token, needed_priv_1)) ||
            (needed_priv_2 != SEC_PRIV_INVALID && 
security_token_has_privilege(token, needed_priv_2))) {
+               priv_granted = true;
                saved_mask = (des_access & rights_mask);
                des_access &= ~saved_mask;
 
@@ -81,6 +83,7 @@ NTSTATUS access_check_object( struct security_descriptor 
*psd, struct security_t
                DEBUG(4,("%s: ACCESS should be DENIED  (requested: %#010x)\n", 
debug, des_access));
                DEBUGADD(4,("but overritten by euid == sec_initial_uid()\n"));
 
+               priv_granted = true;
                *acc_granted = des_access;
 
                status = NT_STATUS_OK;
@@ -89,10 +92,12 @@ NTSTATUS access_check_object( struct security_descriptor 
*psd, struct security_t
 
 
 done:
-       /* add in any bits saved during the privilege check (only
-          matters is status is ok) */
+       if (priv_granted) {
+               /* add in any bits saved during the privilege check (only
+                  matters if status is ok) */
 
-       *acc_granted |= rights_mask;
+               *acc_granted |= rights_mask;
+       }
 
        DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n",
                debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED",


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to