[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon Dec 19 20:42:02 UTC 2022
The branch, master has been updated
via 80c0b416892 rpc_server:srvsvc - retrieve share ACL via root context
from 87fddbad78d smbd/locking: make use of the same tdb hash_size and flags for all SMB related tdb's
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 80c0b416892bfacc0d919fe032461748d7962f05
Author: Andrew <awalker at ixsystems.com>
Date: Fri Dec 16 08:16:10 2022 -0800
rpc_server:srvsvc - retrieve share ACL via root context
share_info.tdb has permissions of 0o600 and so we need
to become_root() prior to retrieving the security info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index ed262a8cd0d..8a0c63fd50e 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -542,6 +542,7 @@ static bool is_hidden_share(int snum)
static bool is_enumeration_allowed(struct pipes_struct *p,
int snum)
{
+ bool allowed;
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
@@ -558,9 +559,19 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
return false;
}
- return share_access_check(session_info->security_token,
- lp_servicename(talloc_tos(), lp_sub, snum),
- FILE_READ_DATA, NULL);
+
+ /*
+ * share_access_check() must be opened as root
+ * because it ultimately gets a R/W db handle on share_info.tdb
+ * which has 0o600 permissions
+ */
+ become_root();
+ allowed = share_access_check(session_info->security_token,
+ lp_servicename(talloc_tos(), lp_sub, snum),
+ FILE_READ_DATA, NULL);
+ unbecome_root();
+
+ return allowed;
}
/****************************************************************************
--
Samba Shared Repository
More information about the samba-cvs
mailing list