r10264: reverse order of 'root free pass' checks in service and registry access_checks()

2 files changed, 12 insertions, 17 deletions

diff --git a/source/rpc_server/srv_reg_nt.c b/source/rpc_server/srv_reg_nt.c
index 7a48b8dd220..9ffc77fce80 100644
--- a/source/rpc_server/srv_reg_nt.c
+++ b/source/rpc_server/srv_reg_nt.c
@@ -45,16 +45,15 @@ NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
 	NTSTATUS result;
 		
 	se_map_generic( &access_desired, &reg_generic_map );
-	se_access_check( sec_desc, token, access_desired, access_granted, &result );
 
-	if ( !NT_STATUS_IS_OK(result) ) {
-		if ( geteuid() == sec_initial_uid() ) {
-			DEBUG(5,("registry_access_check: access check bypassed for 'root'\n"));
-			*access_granted = access_desired;
-			return NT_STATUS_OK;
-		}
+	if ( geteuid() == sec_initial_uid() ) {
+		DEBUG(5,("registry_access_check: access check bypassed for 'root'\n"));
+		*access_granted = access_desired;
+		return NT_STATUS_OK;
 	}
-	
+
+	se_access_check( sec_desc, token, access_desired, access_granted, &result );
+
 	return result;
 }
 
diff --git a/source/rpc_server/srv_svcctl_nt.c b/source/rpc_server/srv_svcctl_nt.c
index 16c3259840e..538b97a2b17 100644
--- a/source/rpc_server/srv_svcctl_nt.c
+++ b/source/rpc_server/srv_svcctl_nt.c
@@ -60,18 +60,14 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
 {
 	NTSTATUS result;
 
-	/* maybe add privilege checks in here later */
+	if ( geteuid() == sec_initial_uid() ) {
+		DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n"));
+		*access_granted = access_desired;
+		return NT_STATUS_OK;
+	}
 	
 	se_access_check( sec_desc, token, access_desired, access_granted, &result );
 
-	if ( !NT_STATUS_IS_OK(result) ) {
-		if ( geteuid() == sec_initial_uid() ) {
-			DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n"));
-			*access_granted = access_desired;
-			return NT_STATUS_OK;
-		}
-	}
-	
 	return result;
 }