r10221: add "free pass for root" in svcctl and default winreg access checks

diff --git a/source/rpc_server/srv_reg_nt.c b/source/rpc_server/srv_reg_nt.c
index 07ebe4e20cccb046e82d1d5b803f8e4b66a7092a..7a48b8dd2205a6a84057c9e3f875542741d940d3 100644 (file)
--- a/source/rpc_server/srv_reg_nt.c
+++ b/source/rpc_server/srv_reg_nt.c
@@ -46,6 +46,14 @@ NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
                
        se_map_generic( &access_desired, &reg_generic_map );
        se_access_check( sec_desc, token, access_desired, access_granted, &result );
+
+       if ( !NT_STATUS_IS_OK(result) ) {
+               if ( geteuid() == sec_initial_uid() ) {
+                       DEBUG(5,("registry_access_check: access check bypassed for 'root'\n"));
+                       *access_granted = access_desired;
+                       return NT_STATUS_OK;
+               }
+       }
        
        return result;
 }

diff --git a/source/rpc_server/srv_svcctl_nt.c b/source/rpc_server/srv_svcctl_nt.c
index 2e44dc36922a39572cd3f40e0f61ab9249f0108d..16c3259840ed5c911d8937db27b0d918f23fce19 100644 (file)
--- a/source/rpc_server/srv_svcctl_nt.c
+++ b/source/rpc_server/srv_svcctl_nt.c
@@ -59,10 +59,18 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
                                      uint32 access_desired, uint32 *access_granted )
 {
        NTSTATUS result;
-       
+
        /* maybe add privilege checks in here later */
        
        se_access_check( sec_desc, token, access_desired, access_granted, &result );
+
+       if ( !NT_STATUS_IS_OK(result) ) {
+               if ( geteuid() == sec_initial_uid() ) {
+                       DEBUG(5,("svcctl_access_check: access check bypassed for 'root'\n"));
+                       *access_granted = access_desired;
+                       return NT_STATUS_OK;
+               }
+       }
        
        return result;
 }