diff options
author | Andrew <awalker@ixsystems.com> | 2022-12-16 08:16:10 -0800 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2023-01-03 18:21:10 +0000 |
commit | b9d02e857b2cd95a207e06e5c29daa23c45d180d (patch) | |
tree | 378e32d23db9f0fe390a9a8f3cb3b7322dfe7b22 | |
parent | 104fcaa89f81d1a66735c1b85830e2e85460d1e0 (diff) | |
download | samba-b9d02e857b2cd95a207e06e5c29daa23c45d180d.tar.gz |
rpc_server:srvsvc - retrieve share ACL via root context
share_info.tdb has permissions of 0o600 and so we need
to become_root() prior to retrieving the security info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184
(cherry picked from commit 80c0b416892bfacc0d919fe032461748d7962f05)
-rw-r--r-- | source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c index f0686a411e1..3f268d66080 100644 --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c @@ -536,6 +536,7 @@ static bool is_hidden_share(int snum) static bool is_enumeration_allowed(struct pipes_struct *p, int snum) { + bool allowed; struct dcesrv_call_state *dce_call = p->dce_call; struct auth_session_info *session_info = dcesrv_call_session_info(dce_call); @@ -552,9 +553,19 @@ static bool is_enumeration_allowed(struct pipes_struct *p, return false; } - return share_access_check(session_info->security_token, - lp_servicename(talloc_tos(), lp_sub, snum), - FILE_READ_DATA, NULL); + + /* + * share_access_check() must be opened as root + * because it ultimately gets a R/W db handle on share_info.tdb + * which has 0o600 permissions + */ + become_root(); + allowed = share_access_check(session_info->security_token, + lp_servicename(talloc_tos(), lp_sub, snum), + FILE_READ_DATA, NULL); + unbecome_root(); + + return allowed; } /**************************************************************************** |