s3: Use root_mode() to get uid_wrapper working correctly.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/registry/reg_dispatcher.c b/source3/registry/reg_dispatcher.c
index e9ed14bc7d05ecf5bf2c20fe32da21f8e795bffa..0f87b27698c6fe74a8d6875779ebc911f65b529b 100644 (file)
--- a/source3/registry/reg_dispatcher.c
+++ b/source3/registry/reg_dispatcher.c
@@ -170,7 +170,7 @@ bool regkey_access_check(struct registry_key_handle *key, uint32 requested,
        WERROR err;
 
        /* root free-pass, like we have on all other pipes like samr, lsa, etc. */
-       if (geteuid() == sec_initial_uid()) {
+       if (root_mode()) {
                *granted = REG_KEY_ALL;
                return true;
        }

diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c
index 409299abce382db0004e81fd8c4fee69bbcbcb3d..d06848ae1b97eaa7557d77f4e6ef386b3daad5cc 100644 (file)
--- a/source3/rpc_server/rpc_handles.c
+++ b/source3/rpc_server/rpc_handles.c
@@ -505,7 +505,7 @@ void *_policy_handle_find(struct pipes_struct *p,
                return NULL;
        }
        if ((access_required & rpc_hnd->access_granted) != access_required) {
-               if (geteuid() == sec_initial_uid()) {
+               if (root_mode()) {
                        DEBUG(4, ("%s: ACCESS should be DENIED (granted: "
                                  "%#010x; required: %#010x)\n", location,
                                  rpc_hnd->access_granted, access_required));

diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index 5318ba2c8cc05200a4405e9164429cda683ce749..76703d1389c55ed44744addfd855db7b33ad5efe 100644 (file)
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -2644,7 +2644,7 @@ static NTSTATUS get_user_info_18(struct pipes_struct *p,
        if (ret == False) {
                DEBUG(4, ("User %s not found\n", sid_string_dbg(user_sid)));
                TALLOC_FREE(smbpass);
-               return (geteuid() == sec_initial_uid()) ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED;
+               return root_mode() ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED;
        }
 
        DEBUG(3,("User:[%s] 0x%x\n", pdb_get_username(smbpass), pdb_get_acct_ctrl(smbpass) ));
@@ -3683,7 +3683,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
 
        /* determine which user right we need to check based on the acb_info */
 
-       if (geteuid() == sec_initial_uid()) {
+       if (root_mode()) {
                can_add_account = true;
        } else if (acb_info & ACB_WSTRUST) {
                needed_priv = SEC_PRIV_MACHINE_ACCOUNT;

diff --git a/source3/rpc_server/srv_access_check.c b/source3/rpc_server/srv_access_check.c
index 3efc75b3cb34901b1e2848ee16c615af08dd08a3..878e38b19232f8d659f5f9ccd8c207295e473719 100644 (file)
--- a/source3/rpc_server/srv_access_check.c
+++ b/source3/rpc_server/srv_access_check.c
@@ -64,7 +64,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t
        }
 
        /* Check if we are root */
-       if (geteuid() == sec_initial_uid()) {
+       if (root_mode()) {
                is_root = true;
        }