From: Björn Jacke <bj@sernet.de>
Date: Fri, 17 Jun 2022 05:27:38 +0000 (+0200)
Subject: open.c: prefer capabilities over become_root
X-Git-Tag: talloc-2.4.2~643
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b250f25fe407f9a6269b804382de4854501f2d86;p=thirdparty%2Fsamba.git

open.c: prefer capabilities over become_root

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
---

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index cb1e2adbf1e..30d0d3ab728 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1054,11 +1054,11 @@ static void change_file_owner_to_parent_fsp(struct files_struct *parent_fsp,
                 return;
 	}
 
-	become_root();
+	set_effective_capability(DAC_OVERRIDE_CAPABILITY);
 	ret = SMB_VFS_FCHOWN(fsp,
 			     parent_fsp->fsp_name->st.st_ex_uid,
 			     (gid_t)-1);
-	unbecome_root();
+	drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
 	if (ret == -1) {
 		DBG_ERR("failed to fchown "
 			"file %s to parent directory uid %u. Error "
@@ -1091,11 +1091,11 @@ static NTSTATUS change_dir_owner_to_parent_fsp(struct files_struct *parent_fsp,
 		return NT_STATUS_OK;
 	}
 
-	become_root();
+	set_effective_capability(DAC_OVERRIDE_CAPABILITY);
 	ret = SMB_VFS_FCHOWN(fsp,
 			     parent_fsp->fsp_name->st.st_ex_uid,
 			     (gid_t)-1);
-	unbecome_root();
+	drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
 	if (ret == -1) {
 		status = map_nt_error_from_unix(errno);
 		DBG_ERR("failed to chown "
@@ -5558,13 +5558,13 @@ static NTSTATUS inherit_new_acl(files_struct *dirfsp, files_struct *fsp)
 
 	if (inherit_owner) {
 		/* We need to be root to force this. */
-		become_root();
+		set_effective_capability(DAC_OVERRIDE_CAPABILITY);
 	}
 	status = SMB_VFS_FSET_NT_ACL(metadata_fsp(fsp),
 			security_info_sent,
 			psd);
 	if (inherit_owner) {
-		unbecome_root();
+		drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
 	}
 	TALLOC_FREE(frame);
 	return status;