The branch, master has been updated
via 8cfc6ea9232 Revert "rpc_server:srvsvc - retrieve share ACL via root
context"
via ff3b50034e2 rpcd_classic: Open share_info.tdb as root
from 6d3146f94b2 smbd: Modernize a few DEBUG statements
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8cfc6ea92320be4ef26b91fce58fd76bfc7b95eb
Author: Volker Lendecke <v...@samba.org>
Date: Tue Dec 19 10:30:58 2023 +0100
Revert "rpc_server:srvsvc - retrieve share ACL via root context"
This reverts commit 80c0b416892bfacc0d919fe032461748d7962f05.
With the previous patch it is no longer required. We open
share_info.tdb as root when starting up rpcd_classic and keep it open.
Commit 80c0b416892bfacc0d919fe032461748d7962f05 only fixed the
problem in one place, but we had it in a lot more places...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Wed Dec 20 11:20:51 UTC 2023 on atb-devel-224
commit ff3b50034e2821e54633daafc751d3ea3c00f4c3
Author: Volker Lendecke <v...@samba.org>
Date: Wed Dec 13 12:07:00 2023 +0100
rpcd_classic: Open share_info.tdb as root
srvsvc needs it, but for example NetShareGetInfo() runs as a
user. Opening share_info.tdb at that point is too late.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/rpcd_classic.c | 6 ++++++
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 17 +++--------------
2 files changed, 9 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/rpcd_classic.c
b/source3/rpc_server/rpcd_classic.c
index 9766d0a760b..2b7e9398d90 100644
--- a/source3/rpc_server/rpcd_classic.c
+++ b/source3/rpc_server/rpcd_classic.c
@@ -115,6 +115,12 @@ static NTSTATUS classic_servers(
exit(1);
}
+ status = share_info_db_init();
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("share_info_db_init failed: %s\n", nt_errstr(status));
+ exit(1);
+ }
+
lp_load_with_shares(get_dyn_CONFIGFILE());
mangle_reset_cache();
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index d6e7bed5949..29d224c427d 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -542,7 +542,6 @@ static bool is_hidden_share(int snum)
static bool is_enumeration_allowed(struct pipes_struct *p,
int snum)
{
- bool allowed;
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
@@ -559,19 +558,9 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
return false;
}
-
- /*
- * share_access_check() must be opened as root
- * because it ultimately gets a R/W db handle on share_info.tdb
- * which has 0o600 permissions
- */
- become_root();
- allowed = share_access_check(session_info->security_token,
- lp_servicename(talloc_tos(), lp_sub, snum),
- FILE_READ_DATA, NULL);
- unbecome_root();
-
- return allowed;
+ return share_access_check(session_info->security_token,
+ lp_servicename(talloc_tos(), lp_sub, snum),
+ FILE_READ_DATA, NULL);
}
/****************************************************************************
--
Samba Shared Repository
