The Samba-Bugzilla – Attachment 7352 Details for
Bug 8784
Open file with SEC_FLAG_SYSTEM_SECURITY mask requested is blocked by share security mask.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.next
0001-Fix-problem-reported-by-Tom-Lee-tlee2951-gmail.com-w.patch (text/plain), 2.43 KB, created by
Jeremy Allison
on 2012-02-28 21:05:02 UTC
(
hide
)
Description:
git-am fix for 3.6.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2012-02-28 21:05:02 UTC
Size:
2.43 KB
patch
obsolete
>From bb3283c3f18127caaf68fd13c4d61e056fb560f9 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 28 Feb 2012 09:47:50 -0800 >Subject: [PATCH] Fix problem reported by Tom Lee <tlee2951@gmail.com> - when > calculating the share security mask, take priviliges into > account for the connecting user. > >Autobuild-User: Jeremy Allison <jra@samba.org> >Autobuild-Date: Tue Feb 28 20:21:26 CET 2012 on sn-devel-104 >(cherry picked from commit 6081fabe7e0f461ea7d288c40727d4fb5defce5d) >--- > source3/smbd/service.c | 31 ++++++++++++++++++++++++++++--- > 1 files changed, 28 insertions(+), 3 deletions(-) > >diff --git a/source3/smbd/service.c b/source3/smbd/service.c >index 34b24f3..f57e57f 100644 >--- a/source3/smbd/service.c >+++ b/source3/smbd/service.c >@@ -732,6 +732,33 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum) > } > > /**************************************************************************** >+ Setup the share access mask for a connection. >+****************************************************************************/ >+ >+static void create_share_access_mask(connection_struct *conn, int snum) >+{ >+ const struct security_token *token = conn->session_info->security_token; >+ >+ share_access_check(token, >+ lp_servicename(snum), >+ MAXIMUM_ALLOWED_ACCESS, >+ &conn->share_access); >+ >+ if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { >+ conn->share_access |= SEC_FLAG_SYSTEM_SECURITY; >+ } >+ if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) { >+ conn->share_access |= (SEC_RIGHTS_PRIV_RESTORE); >+ } >+ if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) { >+ conn->share_access |= (SEC_RIGHTS_PRIV_BACKUP); >+ } >+ if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) { >+ conn->share_access |= (SEC_STD_WRITE_OWNER); >+ } >+} >+ >+/**************************************************************************** > Make a connection, given the snum to connect to, and the vuser of the > connecting user if appropriate. > ****************************************************************************/ >@@ -845,9 +872,7 @@ static connection_struct *make_connection_snum(struct smbd_server_connection *sc > * > */ > >- share_access_check(conn->session_info->security_token, >- lp_servicename(snum), MAXIMUM_ALLOWED_ACCESS, >- &conn->share_access); >+ create_share_access_mask(conn, snum); > > if ((conn->share_access & FILE_WRITE_DATA) == 0) { > if ((conn->share_access & FILE_READ_DATA) == 0) { >-- >1.7.5.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7352">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
obnox
:
review+
Actions:
View
Attachments on
bug 8784
: 7352