[SCM] Samba Shared Repository - branch v4-19-test updated

Jule Anger janger at samba.org
Mon Nov 20 10:01:02 UTC 2023 

The branch, v4-19-test has been updated
       via  a5b61b469a2 pytests: sid_strings: do not fail if epoch ending has zeros
       via  af4fe00f264 system.c: fall back to become_root if CAP_DAC_OVERRIDE isn't usable
      from  adb1da16e39 s3: smbd: Ignore fstat() error on deleted stream in fd_close().

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test


- Log -----------------------------------------------------------------
commit a5b61b469a2303c31ca681a10bc70fb7cb86668e
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date:   Wed Nov 15 13:03:27 2023 +1300

    pytests: sid_strings: do not fail if epoch ending has zeros
    
    To avoid collisions in random OID strings, we started using the epoch
    date modulus 100 million. The trouble is we did not strip out the
    leading zeros, so the field might be '00000123' when it should be
    '123', if the date happened not to correspond to an epoch with a zero
    in the eighth to last place. This has been the case for most of the
    last 1041 days, but fortunately the bug was only introduced earlier
    this year.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15520
    
    Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
    (cherry picked from commit 426ca4cf4b667aae03f0344cee449e972de90ac7)
    
    Autobuild-User(v4-19-test): Jule Anger <janger at samba.org>
    Autobuild-Date(v4-19-test): Mon Nov 20 10:00:15 UTC 2023 on atb-devel-224

commit af4fe00f2646bcc297053241d51ac841d982a078
Author: Björn Jacke <bj at sernet.de>
Date:   Thu Nov 9 14:56:06 2023 +0100

    system.c: fall back to become_root if CAP_DAC_OVERRIDE isn't usable
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15093
    
    Signed-off-by: Bjoern Jacke <bjacke at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    (cherry picked from commit a1738e8265dd256c5a1064482a6dfccbf9ca44f1)

-----------------------------------------------------------------------

Summary of changes:
 python/samba/tests/sid_strings.py |  2 +-
 source3/lib/system.c              | 31 +++++++++++++++++++++++++++++--
 2 files changed, 30 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/tests/sid_strings.py b/python/samba/tests/sid_strings.py
index 5ff1edc0642..139849a4981 100644
--- a/python/samba/tests/sid_strings.py
+++ b/python/samba/tests/sid_strings.py
@@ -98,7 +98,7 @@ class SidStringBase(TestCase):
 
         class_dn = f'CN={class_name},{self.schema_dn}'
 
-        governs_id = f'1.3.6.1.4.1.7165.4.6.2.9.{self.timestamp[-8:]}.{suffix}'
+        governs_id = f'1.3.6.1.4.1.7165.4.6.2.9.1{self.timestamp[-7:]}.{suffix}'
 
         # expected_sid can be a SID string, an error code, None, or a
         # special value indicating a deferred error, as follows:
diff --git a/source3/lib/system.c b/source3/lib/system.c
index 7c9a6b5fa08..57e917fa79c 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -643,18 +643,45 @@ static bool set_process_capability(enum smbd_capability capability,
  Gain the oplock capability from the kernel if possible.
 ****************************************************************************/
 
+#if defined(HAVE_POSIX_CAPABILITIES) && defined(CAP_DAC_OVERRIDE)
+static bool have_cap_dac_override = true;
+#else
+static bool have_cap_dac_override = false;
+#endif
+
 void set_effective_capability(enum smbd_capability capability)
 {
+	bool ret = false;
+
+	if (capability != DAC_OVERRIDE_CAPABILITY || have_cap_dac_override) {
 #if defined(HAVE_POSIX_CAPABILITIES)
-	set_process_capability(capability, True);
+		ret = set_process_capability(capability, True);
 #endif /* HAVE_POSIX_CAPABILITIES */
+	}
+
+	/*
+	 * Fallback to become_root() if CAP_DAC_OVERRIDE is not
+	 * available.
+	 */
+	if (capability == DAC_OVERRIDE_CAPABILITY) {
+		if (!ret) {
+			have_cap_dac_override = false;
+		}
+		if (!have_cap_dac_override) {
+			become_root();
+		}
+	}
 }
 
 void drop_effective_capability(enum smbd_capability capability)
 {
+	if (capability != DAC_OVERRIDE_CAPABILITY || have_cap_dac_override) {
 #if defined(HAVE_POSIX_CAPABILITIES)
-	set_process_capability(capability, False);
+		set_process_capability(capability, False);
 #endif /* HAVE_POSIX_CAPABILITIES */
+	} else {
+		unbecome_root();
+	}
 }
 
 /**************************************************************************


-- 
Samba Shared Repository

More information about the samba-cvs mailing list