diff options
| author | Stefan Metzmacher <metze@samba.org> | 2011-03-21 11:21:57 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2011-03-21 23:25:05 +0100 |
| commit | 4928d66fc2f469b75090c34f8d233026485e4a1e (patch) | |
| tree | 3fe77325fec6f2d40505110c58e7ffa5b70e236c | |
| parent | f0ec69b53544b7ff702f94d58b3d64c33eaabc7a (diff) | |
| download | samba-4928d66fc2f469b75090c34f8d233026485e4a1e.tar.gz samba-4928d66fc2f469b75090c34f8d233026485e4a1e.tar.xz samba-4928d66fc2f469b75090c34f8d233026485e4a1e.zip | |
libcli/security: make sure that we don't grant SEC_STD_DELETE to the owner by default
In the file server SEC_STD_DELETE is granted on the file/directory
or by FILE_DELETE_CHILD on the parent directory.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Mar 21 23:25:05 CET 2011 on sn-devel-104
| -rw-r--r-- | libcli/security/access_check.c | 58 |
1 files changed, 30 insertions, 28 deletions
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c index c5f89af32a6..6bb64aeabe5 100644 --- a/libcli/security/access_check.c +++ b/libcli/security/access_check.c @@ -112,9 +112,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, unsigned i; if (security_token_has_sid(token, sd->owner_sid)) { - granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; - } else if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) { - granted |= SEC_STD_DELETE; + granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL; } if (sd->dacl == NULL) { @@ -171,7 +169,7 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, access_desired |= access_check_max_allowed(sd, token); access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED; *access_granted = access_desired; - bits_remaining = access_desired & ~SEC_STD_DELETE; + bits_remaining = access_desired; DEBUG(10,("se_access_check: MAX desired = 0x%x, granted = 0x%x, remaining = 0x%x\n", orig_access_desired, @@ -190,21 +188,13 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, } } - /* a NULL dacl allows access */ - if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) { - *access_granted = access_desired; - return NT_STATUS_OK; - } - - /* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */ - if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) && + /* the owner always gets SEC_STD_WRITE_DAC and SEC_STD_READ_CONTROL */ + if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL)) && security_token_has_sid(token, sd->owner_sid)) { - bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE); - } - if ((bits_remaining & SEC_STD_DELETE) && - (security_token_has_privilege(token, SEC_PRIV_RESTORE))) { - bits_remaining &= ~SEC_STD_DELETE; + bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL); } + + /* TODO: remove this, as it is file server specific */ if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) && security_token_has_privilege(token, SEC_PRIV_RESTORE)) { bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE); @@ -214,6 +204,12 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP); } + /* a NULL dacl allows access */ + if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) { + *access_granted = access_desired; + return NT_STATUS_OK; + } + if (sd->dacl == NULL) { goto done; } @@ -295,7 +291,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, access_desired |= access_check_max_allowed(sd, token); access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED; *access_granted = access_desired; - bits_remaining = access_desired & ~SEC_STD_DELETE; + bits_remaining = access_desired; } if (access_desired & SEC_FLAG_SYSTEM_SECURITY) { @@ -307,6 +303,22 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, } } + /* the owner always gets SEC_STD_WRITE_DAC and SEC_STD_READ_CONTROL */ + if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL)) && + security_token_has_sid(token, sd->owner_sid)) { + bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL); + } + + /* TODO: remove this, as it is file server specific */ + if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) && + security_token_has_privilege(token, SEC_PRIV_RESTORE)) { + bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE); + } + if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) && + security_token_has_privilege(token, SEC_PRIV_BACKUP)) { + bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP); + } + /* a NULL dacl allows access */ if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) { *access_granted = access_desired; @@ -314,16 +326,6 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, return NT_STATUS_OK; } - /* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */ - if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) && - security_token_has_sid(token, sd->owner_sid)) { - bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE); - } - if ((bits_remaining & SEC_STD_DELETE) && - security_token_has_privilege(token, SEC_PRIV_RESTORE)) { - bits_remaining &= ~SEC_STD_DELETE; - } - if (sd->dacl == NULL) { goto done; } |