From: Andrew Date: Fri, 16 Dec 2022 16:16:10 +0000 (-0800) Subject: rpc_server:srvsvc - retrieve share ACL via root context X-Git-Tag: samba-4.16.9~34 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b9d02e857b2cd95a207e06e5c29daa23c45d180d;p=thirdparty%2Fsamba.git rpc_server:srvsvc - retrieve share ACL via root context share_info.tdb has permissions of 0o600 and so we need to become_root() prior to retrieving the security info. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265 Signed-off-by: Andrew Walker Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184 (cherry picked from commit 80c0b416892bfacc0d919fe032461748d7962f05) --- diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c index f0686a411e1..3f268d66080 100644 --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c @@ -536,6 +536,7 @@ static bool is_hidden_share(int snum) static bool is_enumeration_allowed(struct pipes_struct *p, int snum) { + bool allowed; struct dcesrv_call_state *dce_call = p->dce_call; struct auth_session_info *session_info = dcesrv_call_session_info(dce_call); @@ -552,9 +553,19 @@ static bool is_enumeration_allowed(struct pipes_struct *p, return false; } - return share_access_check(session_info->security_token, - lp_servicename(talloc_tos(), lp_sub, snum), - FILE_READ_DATA, NULL); + + /* + * share_access_check() must be opened as root + * because it ultimately gets a R/W db handle on share_info.tdb + * which has 0o600 permissions + */ + become_root(); + allowed = share_access_check(session_info->security_token, + lp_servicename(talloc_tos(), lp_sub, snum), + FILE_READ_DATA, NULL); + unbecome_root(); + + return allowed; } /****************************************************************************