diff options
author | Gerald Carter <jerry@samba.org> | 2005-09-16 14:47:21 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:03:39 -0500 |
commit | 35b338a4fc95c14629579336dcf3bd240fda92d3 (patch) | |
tree | f469310069df51156d8206744f7a66a0966e09a1 /source/rpc_server | |
parent | ac3786a7a7dfc77d3b305ae67c97ab4f7f63961e (diff) | |
download | samba-35b338a4fc95c14629579336dcf3bd240fda92d3.tar.gz samba-35b338a4fc95c14629579336dcf3bd240fda92d3.tar.xz samba-35b338a4fc95c14629579336dcf3bd240fda92d3.zip |
r10264: reverse order of 'root free pass' checks in service and registry access_checks()
Diffstat (limited to 'source/rpc_server')
-rw-r--r-- | source/rpc_server/srv_reg_nt.c | 15 | ||||
-rw-r--r-- | source/rpc_server/srv_svcctl_nt.c | 14 |
2 files changed, 12 insertions, 17 deletions
diff --git a/source/rpc_server/srv_reg_nt.c b/source/rpc_server/srv_reg_nt.c index 7a48b8dd220..9ffc77fce80 100644 --- a/source/rpc_server/srv_reg_nt.c +++ b/source/rpc_server/srv_reg_nt.c @@ -45,16 +45,15 @@ NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, NTSTATUS result; se_map_generic( &access_desired, ®_generic_map ); - se_access_check( sec_desc, token, access_desired, access_granted, &result ); - if ( !NT_STATUS_IS_OK(result) ) { - if ( geteuid() == sec_initial_uid() ) { - DEBUG(5,("registry_access_check: access check bypassed for 'root'\n")); - *access_granted = access_desired; - return NT_STATUS_OK; - } + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,("registry_access_check: access check bypassed for 'root'\n")); + *access_granted = access_desired; + return NT_STATUS_OK; } - + + se_access_check( sec_desc, token, access_desired, access_granted, &result ); + return result; } diff --git a/source/rpc_server/srv_svcctl_nt.c b/source/rpc_server/srv_svcctl_nt.c index 16c3259840e..538b97a2b17 100644 --- a/source/rpc_server/srv_svcctl_nt.c +++ b/source/rpc_server/srv_svcctl_nt.c @@ -60,18 +60,14 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, { NTSTATUS result; - /* maybe add privilege checks in here later */ + if ( geteuid() == sec_initial_uid() ) { + DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n")); + *access_granted = access_desired; + return NT_STATUS_OK; + } se_access_check( sec_desc, token, access_desired, access_granted, &result ); - if ( !NT_STATUS_IS_OK(result) ) { - if ( geteuid() == sec_initial_uid() ) { - DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n")); - *access_granted = access_desired; - return NT_STATUS_OK; - } - } - return result; } |