From aa0a7cf51a8b4ed2f188c2c38c4d5d47688de9ad Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 13 Sep 2012 16:11:31 -0700
Subject: [PATCH] Add bool use_privs parameter to smbd_check_access_rights()

If this is set we should use it in preference to blindly assuming
root can do anything. Currently set to 'false' in (most) callers.
---
 source3/smbd/dir.c         |  2 ++
 source3/smbd/file_access.c |  2 ++
 source3/smbd/open.c        | 16 ++++++++++++----
 source3/smbd/proto.h       |  1 +
 source3/smbd/trans2.c      |  1 +
 5 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index b212c38dd39..e12812e8da2 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -533,6 +533,7 @@ NTSTATUS dptr_create(connection_struct *conn,
 		}
 		status = smbd_check_access_rights(conn,
 						smb_dname,
+						backup_intent,
 						SEC_DIR_LIST);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
@@ -1281,6 +1282,7 @@ static bool user_can_read_file(connection_struct *conn,
 
 	return NT_STATUS_IS_OK(smbd_check_access_rights(conn,
 				smb_fname,
+				false,
 				FILE_READ_DATA));
 }
 
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 6ced6a62558..015679deb0b 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -124,6 +124,7 @@ bool can_delete_file_in_directory(connection_struct *conn,
 
 	ret = NT_STATUS_IS_OK(smbd_check_access_rights(conn,
 				smb_fname_parent,
+				false,
 				FILE_DELETE_CHILD));
  out:
 	TALLOC_FREE(dname);
@@ -140,6 +141,7 @@ bool can_write_to_file(connection_struct *conn,
 {
 	return NT_STATUS_IS_OK(smbd_check_access_rights(conn,
 				smb_fname,
+				false,
 				FILE_WRITE_DATA));
 }
 
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 0da238679eb..ccad07c6e9b 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -65,6 +65,7 @@ static bool parent_override_delete(connection_struct *conn,
 
 NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
 				const struct smb_filename *smb_fname,
+				bool use_privs,
 				uint32_t access_mask)
 {
 	/* Check if we have rights to open. */
@@ -84,7 +85,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	if (get_current_uid(conn) == (uid_t)0) {
+	if (!use_privs && get_current_uid(conn) == (uid_t)0) {
 		/* I'm sorry sir, I didn't know you were root... */
 		DEBUG(10,("smbd_check_access_rights: root override "
 			"on %s. Granting 0x%x\n",
@@ -135,7 +136,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
 	 */
 	status = se_file_access_check(sd,
 				get_current_nttok(conn),
-				false,
+				use_privs,
 				(access_mask & ~FILE_READ_ATTRIBUTES),
 				&rejected_mask);
 
@@ -745,6 +746,7 @@ static NTSTATUS open_file(files_struct *fsp,
 			if (file_existed) {
 				status = smbd_check_access_rights(conn,
 						smb_fname,
+						false,
 						access_mask);
 			} else if (local_flags & O_CREAT){
 				status = check_parent_access(conn,
@@ -836,6 +838,7 @@ static NTSTATUS open_file(files_struct *fsp,
 
 		status = smbd_check_access_rights(conn,
 				smb_fname,
+				false,
 				access_mask);
 
 		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
@@ -2308,7 +2311,9 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 			if (((can_access_mask & FILE_WRITE_DATA) &&
 				!CAN_WRITE(conn)) ||
 				!NT_STATUS_IS_OK(smbd_check_access_rights(conn,
-						smb_fname, can_access_mask))) {
+							smb_fname,
+							false,
+							can_access_mask))) {
 				can_access = False;
 			}
 
@@ -3025,7 +3030,10 @@ static NTSTATUS open_directory(connection_struct *conn,
 	}
 
 	if (info == FILE_WAS_OPENED) {
-		status = smbd_check_access_rights(conn, smb_dname, access_mask);
+		status = smbd_check_access_rights(conn,
+						smb_dname,
+						false,
+						access_mask);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(10, ("open_directory: smbd_check_access_rights on "
 				"file %s failed with %s\n",
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 5d6a2999735..a1cef16139b 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -598,6 +598,7 @@ void reply_nttranss(struct smb_request *req);
 
 NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
 				const struct smb_filename *smb_fname,
+				bool use_privs,
 				uint32_t access_mask);
 NTSTATUS fd_open(struct connection_struct *conn, files_struct *fsp,
 		 int flags, mode_t mode);
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 2bc85bf5505..d108ee6243f 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -67,6 +67,7 @@ NTSTATUS check_access(connection_struct *conn,
 	} else {
 		NTSTATUS status = smbd_check_access_rights(conn,
 					smb_fname,
+					false,
 					access_mask);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
-- 
2.11.4.GIT