[SCM] Samba Shared Repository - branch master updated

Mon, 19 Dec 2022 12:42:22 -0800 

The branch, master has been updated
       via  80c0b416892 rpc_server:srvsvc - retrieve share ACL via root context
      from  87fddbad78d smbd/locking: make use of the same tdb hash_size and 
flags for all SMB related tdb's

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 80c0b416892bfacc0d919fe032461748d7962f05
Author: Andrew <awal...@ixsystems.com>
Date:   Fri Dec 16 08:16:10 2022 -0800

    rpc_server:srvsvc - retrieve share ACL via root context
    
    share_info.tdb has permissions of 0o600 and so we need
    to become_root() prior to retrieving the security info.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265
    
    Signed-off-by: Andrew Walker <awal...@ixsystems.com>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c 
b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index ed262a8cd0d..8a0c63fd50e 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -542,6 +542,7 @@ static bool is_hidden_share(int snum)
 static bool is_enumeration_allowed(struct pipes_struct *p,
                                    int snum)
 {
+       bool allowed;
        struct dcesrv_call_state *dce_call = p->dce_call;
        struct auth_session_info *session_info =
                dcesrv_call_session_info(dce_call);
@@ -558,9 +559,19 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
                return false;
        }
 
-       return share_access_check(session_info->security_token,
-                                 lp_servicename(talloc_tos(), lp_sub, snum),
-                                 FILE_READ_DATA, NULL);
+
+       /*
+        * share_access_check() must be opened as root
+        * because it ultimately gets a R/W db handle on share_info.tdb
+        * which has 0o600 permissions
+        */
+       become_root();
+       allowed = share_access_check(session_info->security_token,
+                                    lp_servicename(talloc_tos(), lp_sub, snum),
+                                    FILE_READ_DATA, NULL);
+       unbecome_root();
+
+       return allowed;
 }
 
 /****************************************************************************


-- 
Samba Shared Repository

Reply via email to