]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ff3b500)
Revert "rpc_server:srvsvc - retrieve share ACL via root context"
authorVolker Lendecke <vl@samba.org>
Tue, 19 Dec 2023 09:30:58 +0000 (10:30 +0100)
committerStefan Metzmacher <metze@samba.org>
Wed, 20 Dec 2023 11:20:51 +0000 (11:20 +0000)
This reverts commit 80c0b416892bfacc0d919fe032461748d7962f05.

With the previous patch it is no longer required. We open
share_info.tdb as root when starting up rpcd_classic and keep it open.

Commit 80c0b416892bfacc0d919fe032461748d7962f05 only fixed the
problem in one place, but we had it in a lot more places...

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 20 11:20:51 UTC 2023 on atb-devel-224

source3/rpc_server/srvsvc/srv_srvsvc_nt.c patch | blob | blame | history

diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index d6e7bed5949f346310681418d33997e8703c37fa..29d224c427d6857d58e2adada3ef16b97deac70d 100644 (file)
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -542,7 +542,6 @@ static bool is_hidden_share(int snum)
 static bool is_enumeration_allowed(struct pipes_struct *p,
                                    int snum)
 {
-       bool allowed;
        struct dcesrv_call_state *dce_call = p->dce_call;
        struct auth_session_info *session_info =
                dcesrv_call_session_info(dce_call);
@@ -559,19 +558,9 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
                return false;
        }
 
-
-       /*
-        * share_access_check() must be opened as root
-        * because it ultimately gets a R/W db handle on share_info.tdb
-        * which has 0o600 permissions
-        */
-       become_root();
-       allowed = share_access_check(session_info->security_token,
-                                    lp_servicename(talloc_tos(), lp_sub, snum),
-                                    FILE_READ_DATA, NULL);
-       unbecome_root();
-
-       return allowed;
+       return share_access_check(session_info->security_token,
+                                 lp_servicename(talloc_tos(), lp_sub, snum),
+                                 FILE_READ_DATA, NULL);
 }
 
 /****************************************************************************
Mirror of https://github.com/samba-team/samba.git