From 82a25d224b63148c4f9d38ae477328b12a5a03a6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 31 Oct 2008 10:51:05 -0700 Subject: [PATCH] Unify se_access_check with the S4 code. Will make calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier for files. Jeremy. --- source/include/proto.h | 5 +- source/lib/sharesec.c | 4 +- source/lib/util_seaccess.c | 655 +++++++++++++++--------------------- source/modules/vfs_acl_xattr.c | 6 +- source/printing/nt_printing.c | 10 +- source/registry/reg_dispatcher.c | 3 +- source/rpc_server/srv_eventlog_nt.c | 11 +- source/rpc_server/srv_lsa_nt.c | 6 +- source/rpc_server/srv_samr_nt.c | 4 +- source/rpc_server/srv_svcctl_nt.c | 6 +- source/smbd/file_access.c | 7 +- source/utils/net_rpc.c | 18 +- 12 files changed, 315 insertions(+), 420 deletions(-) rewrite source/lib/util_seaccess.c (61%) diff --git a/source/include/proto.h b/source/include/proto.h index 0e856a3df49..ea7481ca552 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -1458,9 +1458,8 @@ WERROR registry_push_value(TALLOC_CTX *mem_ctx, void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping); void security_acl_map_generic(struct security_acl *sa, const struct generic_mapping *mapping); void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping); -bool se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, - uint32 acc_desired, uint32 *acc_granted, - NTSTATUS *status); +NTSTATUS se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, + uint32 acc_desired, uint32 *acc_granted); NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size); /* The following definitions come from lib/util_sec.c */ diff --git a/source/lib/sharesec.c b/source/lib/sharesec.c index 95745e24f18..8dfadd72ec4 100644 --- a/source/lib/sharesec.c +++ b/source/lib/sharesec.c @@ -292,11 +292,11 @@ bool share_access_check(const NT_USER_TOKEN *token, const char *sharename, return True; } - ret = se_access_check(psd, token, desired_access, &granted, &status); + status = se_access_check(psd, token, desired_access, &granted); TALLOC_FREE(psd); - return ret; + return NT_STATUS_IS_OK(status); } /*************************************************************************** diff --git a/source/lib/util_seaccess.c b/source/lib/util_seaccess.c dissimilarity index 61% index 7e461556b37..17d4b782027 100644 --- a/source/lib/util_seaccess.c +++ b/source/lib/util_seaccess.c @@ -1,377 +1,278 @@ -/* - Unix SMB/CIFS implementation. - Copyright (C) Luke Kenneth Casson Leighton 1996-2000. - Copyright (C) Tim Potter 2000. - Copyright (C) Re-written by Jeremy Allison 2000. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" - -extern NT_USER_TOKEN anonymous_token; - -/********************************************************************************* - Check an ACE against a SID. We return the remaining needed permission - bits not yet granted. Zero means permission allowed (no more needed bits). -**********************************************************************************/ - -static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired, - NTSTATUS *status) -{ - uint32_t mask = ace->access_mask; - - /* - * Inherit only is ignored. - */ - - if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { - return acc_desired; - } - - /* - * If this ACE has no SID in common with the token, - * ignore it as it cannot be used to make an access - * determination. - */ - - if (!token_sid_in_ace( token, ace)) - return acc_desired; - - switch (ace->type) { - case SEC_ACE_TYPE_ACCESS_ALLOWED: - /* - * This is explicitly allowed. - * Remove the bits from the remaining - * access required. Return the remaining - * bits needed. - */ - acc_desired &= ~mask; - break; - case SEC_ACE_TYPE_ACCESS_DENIED: - /* - * This is explicitly denied. - * If any bits match terminate here, - * we are denied. - */ - if (acc_desired & mask) { - *status = NT_STATUS_ACCESS_DENIED; - return 0xFFFFFFFF; - } - break; - case SEC_ACE_TYPE_SYSTEM_ALARM: - case SEC_ACE_TYPE_SYSTEM_AUDIT: - *status = NT_STATUS_NOT_IMPLEMENTED; - return 0xFFFFFFFF; - default: - *status = NT_STATUS_INVALID_PARAMETER; - return 0xFFFFFFFF; - } - - return acc_desired; -} - -/********************************************************************************* - Maximum access was requested. Calculate the max possible. Fail if it doesn't - include other bits requested. -**********************************************************************************/ - -static bool get_max_access( SEC_ACL *the_acl, const NT_USER_TOKEN *token, uint32 *granted, - uint32 desired, - NTSTATUS *status) -{ - uint32 acc_denied = 0; - uint32 acc_granted = 0; - size_t i; - - for ( i = 0 ; i < the_acl->num_aces; i++) { - SEC_ACE *ace = &the_acl->aces[i]; - uint32 mask = ace->access_mask; - - if (!token_sid_in_ace( token, ace)) - continue; - - switch (ace->type) { - case SEC_ACE_TYPE_ACCESS_ALLOWED: - acc_granted |= (mask & ~acc_denied); - break; - case SEC_ACE_TYPE_ACCESS_DENIED: - acc_denied |= (mask & ~acc_granted); - break; - case SEC_ACE_TYPE_SYSTEM_ALARM: - case SEC_ACE_TYPE_SYSTEM_AUDIT: - *status = NT_STATUS_NOT_IMPLEMENTED; - *granted = 0; - return False; - default: - *status = NT_STATUS_INVALID_PARAMETER; - *granted = 0; - return False; - } - } - - /* - * If we were granted no access, or we desired bits that we - * didn't get, then deny. - */ - - if ((acc_granted == 0) || ((acc_granted & desired) != desired)) { - *status = NT_STATUS_ACCESS_DENIED; - *granted = 0; - return False; - } - - /* - * Return the access we did get. - */ - - *granted = acc_granted; - *status = NT_STATUS_OK; - return True; -} - -/* Map generic access rights to object specific rights. This technique is - used to give meaning to assigning read, write, execute and all access to - objects. Each type of object has its own mapping of generic to object - specific access rights. */ - -void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping) -{ - uint32 old_mask = *access_mask; - - if (*access_mask & GENERIC_READ_ACCESS) { - *access_mask &= ~GENERIC_READ_ACCESS; - *access_mask |= mapping->generic_read; - } - - if (*access_mask & GENERIC_WRITE_ACCESS) { - *access_mask &= ~GENERIC_WRITE_ACCESS; - *access_mask |= mapping->generic_write; - } - - if (*access_mask & GENERIC_EXECUTE_ACCESS) { - *access_mask &= ~GENERIC_EXECUTE_ACCESS; - *access_mask |= mapping->generic_execute; - } - - if (*access_mask & GENERIC_ALL_ACCESS) { - *access_mask &= ~GENERIC_ALL_ACCESS; - *access_mask |= mapping->generic_all; - } - - if (old_mask != *access_mask) { - DEBUG(10, ("se_map_generic(): mapped mask 0x%08x to 0x%08x\n", - old_mask, *access_mask)); - } -} - -/* Map generic access rights to object specific rights for all the ACE's - * in a security_acl. - */ - -void security_acl_map_generic(struct security_acl *sa, - const struct generic_mapping *mapping) -{ - unsigned int i; - - if (!sa) { - return; - } - - for (i = 0; i < sa->num_aces; i++) { - se_map_generic(&sa->aces[i].access_mask, mapping); - } -} - -/* Map standard access rights to object specific rights. This technique is - used to give meaning to assigning read, write, execute and all access to - objects. Each type of object has its own mapping of standard to object - specific access rights. */ - -void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping) -{ - uint32 old_mask = *access_mask; - - if (*access_mask & READ_CONTROL_ACCESS) { - *access_mask &= ~READ_CONTROL_ACCESS; - *access_mask |= mapping->std_read; - } - - if (*access_mask & (DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS)) { - *access_mask &= ~(DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS); - *access_mask |= mapping->std_all; - } - - if (old_mask != *access_mask) { - DEBUG(10, ("se_map_standard(): mapped mask 0x%08x to 0x%08x\n", - old_mask, *access_mask)); - } -} - -/***************************************************************************** - Check access rights of a user against a security descriptor. Look at - each ACE in the security descriptor until an access denied ACE denies - any of the desired rights to the user or any of the users groups, or one - or more ACEs explicitly grant all requested access rights. See - "Access-Checking" document in MSDN. -*****************************************************************************/ - -bool se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, - uint32 acc_desired, uint32 *acc_granted, - NTSTATUS *status) -{ - size_t i; - SEC_ACL *the_acl; - uint32 tmp_acc_desired = acc_desired; - - if (!status || !acc_granted) - return False; - - if (!token) - token = &anonymous_token; - - *status = NT_STATUS_OK; - *acc_granted = 0; - - DEBUG(10,("se_access_check: requested access 0x%08x, for NT token " - "with %u entries and first sid %s.\n", - (unsigned int)acc_desired, (unsigned int)token->num_sids, - sid_string_dbg(&token->user_sids[0]))); - - /* - * No security descriptor or security descriptor with no DACL - * present allows all access. - */ - - /* ACL must have something in it */ - - if (!sd || (sd && (!(sd->type & SEC_DESC_DACL_PRESENT) || sd->dacl == NULL))) { - *status = NT_STATUS_OK; - *acc_granted = acc_desired; - DEBUG(5, ("se_access_check: no sd or blank DACL, access allowed\n")); - return True; - } - - /* The user sid is the first in the token */ - if (DEBUGLVL(3)) { - DEBUG(3, ("se_access_check: user sid is %s\n", - sid_string_dbg( - &token->user_sids[PRIMARY_USER_SID_INDEX]))); - - for (i = 1; i < token->num_sids; i++) { - DEBUGADD(3, ("se_access_check: also %s\n", - sid_string_dbg(&token->user_sids[i]))); - } - } - - /* Is the token the owner of the SID ? */ - - if (sd->owner_sid) { - for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&token->user_sids[i], sd->owner_sid)) { - /* - * The owner always has SEC_RIGHTS_WRITE_DAC & READ_CONTROL. - */ - if (tmp_acc_desired & WRITE_DAC_ACCESS) - tmp_acc_desired &= ~WRITE_DAC_ACCESS; - if (tmp_acc_desired & READ_CONTROL_ACCESS) - tmp_acc_desired &= ~READ_CONTROL_ACCESS; - } - } - } - - the_acl = sd->dacl; - - if (tmp_acc_desired & MAXIMUM_ALLOWED_ACCESS) { - tmp_acc_desired &= ~MAXIMUM_ALLOWED_ACCESS; - return get_max_access( the_acl, token, acc_granted, tmp_acc_desired, - status); - } - - for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) { - SEC_ACE *ace = &the_acl->aces[i]; - - DEBUGADD(10,("se_access_check: ACE %u: type %d, flags = " - "0x%02x, SID = %s mask = %x, current desired " - "= %x\n", (unsigned int)i, ace->type, ace->flags, - sid_string_dbg(&ace->trustee), - (unsigned int) ace->access_mask, - (unsigned int)tmp_acc_desired )); - - tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status); - if (NT_STATUS_V(*status)) { - *acc_granted = 0; - DEBUG(5,("se_access_check: ACE %u denied with status %s.\n", (unsigned int)i, nt_errstr(*status))); - return False; - } - } - - /* - * If there are no more desired permissions left then - * access was allowed. - */ - - if (tmp_acc_desired == 0) { - *acc_granted = acc_desired; - *status = NT_STATUS_OK; - DEBUG(5,("se_access_check: access (%x) granted.\n", (unsigned int)acc_desired )); - return True; - } - - *acc_granted = 0; - *status = NT_STATUS_ACCESS_DENIED; - DEBUG(5,("se_access_check: access (%x) denied.\n", (unsigned int)acc_desired )); - return False; -} - - -/******************************************************************* - samr_make_sam_obj_sd - ********************************************************************/ - -NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) -{ - DOM_SID adm_sid; - DOM_SID act_sid; - - SEC_ACE ace[3]; - - SEC_ACL *psa = NULL; - - sid_copy(&adm_sid, &global_sid_Builtin); - sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); - - sid_copy(&act_sid, &global_sid_Builtin); - sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); - - /*basic access for every one*/ - init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, - GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0); - - /*full access for builtin aliases Administrators and Account Operators*/ - init_sec_ace(&ace[1], &adm_sid, - SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0); - init_sec_ace(&ace[2], &act_sid, - SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0); - - if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) - return NT_STATUS_NO_MEMORY; - - if ((*psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, - SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, - psa, sd_size)) == NULL) - return NT_STATUS_NO_MEMORY; - - return NT_STATUS_OK; -} +/* + Unix SMB/CIFS implementation. + + Copyright (C) Andrew Tridgell 2004 + Copyright (C) Gerald Carter 2005 + Copyright (C) Volker Lendecke 2007 + Copyright (C) Jeremy Allison 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" + +extern NT_USER_TOKEN anonymous_token; + +/* Map generic access rights to object specific rights. This technique is + used to give meaning to assigning read, write, execute and all access to + objects. Each type of object has its own mapping of generic to object + specific access rights. */ + +void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping) +{ + uint32 old_mask = *access_mask; + + if (*access_mask & GENERIC_READ_ACCESS) { + *access_mask &= ~GENERIC_READ_ACCESS; + *access_mask |= mapping->generic_read; + } + + if (*access_mask & GENERIC_WRITE_ACCESS) { + *access_mask &= ~GENERIC_WRITE_ACCESS; + *access_mask |= mapping->generic_write; + } + + if (*access_mask & GENERIC_EXECUTE_ACCESS) { + *access_mask &= ~GENERIC_EXECUTE_ACCESS; + *access_mask |= mapping->generic_execute; + } + + if (*access_mask & GENERIC_ALL_ACCESS) { + *access_mask &= ~GENERIC_ALL_ACCESS; + *access_mask |= mapping->generic_all; + } + + if (old_mask != *access_mask) { + DEBUG(10, ("se_map_generic(): mapped mask 0x%08x to 0x%08x\n", + old_mask, *access_mask)); + } +} + +/* Map generic access rights to object specific rights for all the ACE's + * in a security_acl. + */ + +void security_acl_map_generic(struct security_acl *sa, + const struct generic_mapping *mapping) +{ + unsigned int i; + + if (!sa) { + return; + } + + for (i = 0; i < sa->num_aces; i++) { + se_map_generic(&sa->aces[i].access_mask, mapping); + } +} + +/* Map standard access rights to object specific rights. This technique is + used to give meaning to assigning read, write, execute and all access to + objects. Each type of object has its own mapping of standard to object + specific access rights. */ + +void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping) +{ + uint32 old_mask = *access_mask; + + if (*access_mask & SEC_STD_READ_CONTROL) { + *access_mask &= ~SEC_STD_READ_CONTROL; + *access_mask |= mapping->std_read; + } + + if (*access_mask & (SEC_STD_DELETE|SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER|SEC_STD_SYNCHRONIZE)) { + *access_mask &= ~(SEC_STD_DELETE|SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER|SEC_STD_SYNCHRONIZE); + *access_mask |= mapping->std_all; + } + + if (old_mask != *access_mask) { + DEBUG(10, ("se_map_standard(): mapped mask 0x%08x to 0x%08x\n", + old_mask, *access_mask)); + } +} + +/* + perform a SEC_FLAG_MAXIMUM_ALLOWED access check +*/ +static uint32_t access_check_max_allowed(const struct security_descriptor *sd, + const NT_USER_TOKEN *token) +{ + uint32_t denied = 0, granted = 0; + unsigned i; + + if (is_sid_in_token(token, sd->owner_sid)) { + granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; + } else if (user_has_privileges(token, &se_restore)) { + granted |= SEC_STD_DELETE; + } + + if (sd->dacl == NULL) { + return granted & ~denied; + } + + for (i = 0;idacl->num_aces; i++) { + struct security_ace *ace = &sd->dacl->aces[i]; + + if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { + continue; + } + + if (!is_sid_in_token(token, &ace->trustee)) { + continue; + } + + switch (ace->type) { + case SEC_ACE_TYPE_ACCESS_ALLOWED: + granted |= ace->access_mask; + break; + case SEC_ACE_TYPE_ACCESS_DENIED: + case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: + denied |= ace->access_mask; + break; + default: /* Other ACE types not handled/supported */ + break; + } + } + + return granted & ~denied; +} + +/* + the main entry point for access checking. +*/ +NTSTATUS se_access_check(const struct security_descriptor *sd, + const NT_USER_TOKEN *token, + uint32_t access_desired, + uint32_t *access_granted) +{ + int i; + uint32_t bits_remaining; + + *access_granted = access_desired; + bits_remaining = access_desired; + + /* handle the maximum allowed flag */ + if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) { + access_desired |= access_check_max_allowed(sd, token); + access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED; + *access_granted = access_desired; + bits_remaining = access_desired & ~SEC_STD_DELETE; + } + +#if 0 + /* We need to support SeSecurityPrivilege for this. */ + + if (access_desired & SEC_FLAG_SYSTEM_SECURITY) { + if (user_has_privileges(token, &sec_security)) { + bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY; + } else { + return NT_STATUS_PRIVILEGE_NOT_HELD; + } + } +#endif + + /* a NULL dacl allows access */ + if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) { + *access_granted = access_desired; + return NT_STATUS_OK; + } + + /* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */ + if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) && + is_sid_in_token(token, sd->owner_sid)) { + bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE); + } + if ((bits_remaining & SEC_STD_DELETE) && + user_has_privileges(token, &se_restore)) { + bits_remaining &= ~SEC_STD_DELETE; + } + + if (sd->dacl == NULL) { + goto done; + } + + /* check each ace in turn. */ + for (i=0; bits_remaining && i < sd->dacl->num_aces; i++) { + struct security_ace *ace = &sd->dacl->aces[i]; + + if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { + continue; + } + + if (!is_sid_in_token(token, &ace->trustee)) { + continue; + } + + switch (ace->type) { + case SEC_ACE_TYPE_ACCESS_ALLOWED: + bits_remaining &= ~ace->access_mask; + break; + case SEC_ACE_TYPE_ACCESS_DENIED: + case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: + if (bits_remaining & ace->access_mask) { + return NT_STATUS_ACCESS_DENIED; + } + break; + default: /* Other ACE types not handled/supported */ + break; + } + } + +done: + if (bits_remaining != 0) { + return NT_STATUS_ACCESS_DENIED; + } + + return NT_STATUS_OK; +} + +/******************************************************************* + samr_make_sam_obj_sd + ********************************************************************/ + +NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) +{ + DOM_SID adm_sid; + DOM_SID act_sid; + + SEC_ACE ace[3]; + + SEC_ACL *psa = NULL; + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + sid_copy(&act_sid, &global_sid_Builtin); + sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); + + /*basic access for every one*/ + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, + GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0); + + /*full access for builtin aliases Administrators and Account Operators*/ + init_sec_ace(&ace[1], &adm_sid, + SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0); + init_sec_ace(&ace[2], &act_sid, + SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if ((*psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, + SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, + psa, sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + return NT_STATUS_OK; +} diff --git a/source/modules/vfs_acl_xattr.c b/source/modules/vfs_acl_xattr.c index bfd9c844120..ffa5d9cc62b 100644 --- a/source/modules/vfs_acl_xattr.c +++ b/source/modules/vfs_acl_xattr.c @@ -376,11 +376,11 @@ static int open_acl_xattr(vfs_handle_struct *handle, &pdesc); if (NT_STATUS_IS_OK(status)) { /* See if we can access it. */ - if (!se_access_check(pdesc, + status = se_access_check(pdesc, handle->conn->server_info->ptok, fsp->access_mask, - &access_granted, - &status)) { + &access_granted); + if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return -1; } diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c index fb0d789948a..75b995ad624 100644 --- a/source/printing/nt_printing.c +++ b/source/printing/nt_printing.c @@ -5826,10 +5826,10 @@ bool print_access_check(struct auth_serversupplied_info *server_info, int snum, } /* Check access */ - result = se_access_check(secdesc->sd, server_info->ptok, access_type, - &access_granted, &status); + status = se_access_check(secdesc->sd, server_info->ptok, access_type, + &access_granted); - DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE")); + DEBUG(4, ("access check was %s\n", NT_STATUS_IS_OK(status) ? "SUCCESS" : "FAILURE")); /* see if we need to try the printer admin list */ @@ -5843,11 +5843,11 @@ bool print_access_check(struct auth_serversupplied_info *server_info, int snum, talloc_destroy(mem_ctx); - if (!result) { + if (!NT_STATUS_IS_OK(status)) { errno = EACCES; } - return result; + return NT_STATUS_IS_OK(status); } /**************************************************************************** diff --git a/source/registry/reg_dispatcher.c b/source/registry/reg_dispatcher.c index d06410a1b37..7d950c3c4e8 100644 --- a/source/registry/reg_dispatcher.c +++ b/source/registry/reg_dispatcher.c @@ -170,7 +170,8 @@ bool regkey_access_check( REGISTRY_KEY *key, uint32 requested, uint32 *granted, se_map_generic( &requested, ®_generic_map ); - if (!se_access_check(sec_desc, token, requested, granted, &status)) { + status =se_access_check(sec_desc, token, requested, granted); + if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(mem_ctx); return false; } diff --git a/source/rpc_server/srv_eventlog_nt.c b/source/rpc_server/srv_eventlog_nt.c index 0e2bcf41269..e56a2e90950 100644 --- a/source/rpc_server/srv_eventlog_nt.c +++ b/source/rpc_server/srv_eventlog_nt.c @@ -71,8 +71,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) { char *tdbname = elog_tdbname(talloc_tos(), info->logname ); SEC_DESC *sec_desc; - bool ret; - NTSTATUS ntstatus; + NTSTATUS status; if ( !tdbname ) return False; @@ -97,15 +96,15 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) /* run the check, try for the max allowed */ - ret = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS, - &info->access_granted, &ntstatus ); + status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS, + &info->access_granted); if ( sec_desc ) TALLOC_FREE( sec_desc ); - if ( !ret ) { + if (!NT_STATUS_IS_OK(status)) { DEBUG(8,("elog_check_access: se_access_check() return %s\n", - nt_errstr( ntstatus))); + nt_errstr(status))); return False; } diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c index 77eecaf9f85..0176d16fbc2 100644 --- a/source/rpc_server/srv_lsa_nt.c +++ b/source/rpc_server/srv_lsa_nt.c @@ -379,7 +379,8 @@ NTSTATUS _lsa_OpenPolicy2(pipes_struct *p, /* get the generic lsa policy SD until we store it */ lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); - if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) { + status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted); + if (!NT_STATUS_IS_OK(status)) { if (p->pipe_user.ut.uid != sec_initial_uid()) { return status; } @@ -429,7 +430,8 @@ NTSTATUS _lsa_OpenPolicy(pipes_struct *p, /* get the generic lsa policy SD until we store it */ lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); - if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) { + status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted); + if (!NT_STATUS_IS_OK(status)) { if (p->pipe_user.ut.uid != sec_initial_uid()) { return status; } diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index ef40aa08da1..38b0b0a31b7 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -186,8 +186,10 @@ static NTSTATUS access_check_samr_object( SEC_DESC *psd, NT_USER_TOKEN *token, /* check the security descriptor first */ - if ( se_access_check(psd, token, des_access, acc_granted, &status) ) + status = se_access_check(psd, token, des_access, acc_granted); + if (NT_STATUS_IS_OK(status)) { goto done; + } /* give root a free pass */ diff --git a/source/rpc_server/srv_svcctl_nt.c b/source/rpc_server/srv_svcctl_nt.c index a57d0ff4a4f..9898277b9a5 100644 --- a/source/rpc_server/srv_svcctl_nt.c +++ b/source/rpc_server/srv_svcctl_nt.c @@ -122,16 +122,12 @@ static struct service_control_op* find_service_by_name( const char *name ) static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, uint32 access_desired, uint32 *access_granted ) { - NTSTATUS result; - if ( geteuid() == sec_initial_uid() ) { DEBUG(5,("svcctl_access_check: using root's token\n")); token = get_root_nt_token(); } - se_access_check( sec_desc, token, access_desired, access_granted, &result ); - - return result; + return se_access_check( sec_desc, token, access_desired, access_granted); } /******************************************************************** diff --git a/source/smbd/file_access.c b/source/smbd/file_access.c index 84c993d06b0..c535bc7fd89 100644 --- a/source/smbd/file_access.c +++ b/source/smbd/file_access.c @@ -30,7 +30,6 @@ bool can_access_file_acl(struct connection_struct *conn, const char * fname, uint32_t access_mask) { - bool result; NTSTATUS status; uint32_t access_granted; struct security_descriptor *secdesc = NULL; @@ -45,10 +44,10 @@ bool can_access_file_acl(struct connection_struct *conn, return false; } - result = se_access_check(secdesc, conn->server_info->ptok, - access_mask, &access_granted, &status); + status = se_access_check(secdesc, conn->server_info->ptok, + access_mask, &access_granted); TALLOC_FREE(secdesc); - return result; + return NT_STATUS_IS_OK(status); } /**************************************************************************** diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c index 5bb4d0abbf4..2f1c12b5470 100644 --- a/source/utils/net_rpc.c +++ b/source/utils/net_rpc.c @@ -4285,16 +4285,15 @@ static void show_userlist(struct rpc_pipe_client *pipe_hnd, uint32 acc_granted; if (share_sd != NULL) { - if (!se_access_check(share_sd, &tokens[i].token, - 1, &acc_granted, &status)) { + status = se_access_check(share_sd, &tokens[i].token, + 1, &acc_granted); + + if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Could not check share_sd for " "user %s\n", tokens[i].name)); continue; } - - if (!NT_STATUS_IS_OK(status)) - continue; } if (root_sd == NULL) { @@ -4302,16 +4301,13 @@ static void show_userlist(struct rpc_pipe_client *pipe_hnd, continue; } - if (!se_access_check(root_sd, &tokens[i].token, - 1, &acc_granted, &status)) { + status = se_access_check(root_sd, &tokens[i].token, + 1, &acc_granted); + if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Could not check root_sd for user %s\n", tokens[i].name)); continue; } - - if (!NT_STATUS_IS_OK(status)) - continue; - d_printf(" %s\n", tokens[i].name); } -- 2.11.4.GIT