r11170: root free pass on eventlog open access check
authorGerald Carter <jerry@samba.org>
Wed, 19 Oct 2005 02:50:45 +0000 (02:50 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 16:05:05 +0000 (11:05 -0500)
(This used to be commit 4e3ff41e1ee2e3c323814fd8c6aa44ecab412257)

packaging/RedHat/samba.spec.tmpl
source3/rpc_server/srv_eventlog_nt.c

index f9c4fcfbfa94e4ad2884217057ee77a8b5fa7ed4..004f57cf5227fb9a75412c4dc5f0663dd70ae6dd 100644 (file)
@@ -437,6 +437,7 @@ fi
 %{prefix}/bin/smbtree
 %attr(755,root,root) /lib/libnss_wins.s*
 %attr(755,root,root) %{prefix}/lib/samba/vfs/*.so
 %{prefix}/bin/smbtree
 %attr(755,root,root) /lib/libnss_wins.s*
 %attr(755,root,root) %{prefix}/lib/samba/vfs/*.so
+%attr(755,root,root) %{prefix}/lib/samba/auth/*.so
 %attr(755,root,root) %{prefix}/lib/samba/charset/*.so
 %attr(755,root,root) %{prefix}/lib/samba/idmap/*.so
 #%attr(755,root,root) %{prefix}/lib/samba/pdb/*.so
 %attr(755,root,root) %{prefix}/lib/samba/charset/*.so
 %attr(755,root,root) %{prefix}/lib/samba/idmap/*.so
 #%attr(755,root,root) %{prefix}/lib/samba/pdb/*.so
index 577ec48482a2258b0cbe273ba5d267d2b318d2ef..5901f68f5210677ac44e58b3d5d6a346e6611d46 100644 (file)
@@ -88,6 +88,13 @@ static BOOL elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
                return False;
        }
        
                return False;
        }
        
+       /* root free pass */
+
+       if ( geteuid() == sec_initial_uid() ) {
+               DEBUG(5,("elog_check_access: using root's token\n"));
+               token = get_root_nt_token();
+       }
+
        /* run the check, try for the max allowed */
        
        ret = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,
        /* run the check, try for the max allowed */
        
        ret = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,