From: Björn Jacke <bj@sernet.de>
Date: Fri, 10 Nov 2023 08:58:43 +0000 (+0100)
Subject: dosmode.c: prefer use of capabilities at two places over become_root
X-Git-Tag: talloc-2.4.2~651
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c1e2fbb1b9a7551becf5caa0f08d434edf9ad862;p=thirdparty%2Fsamba.git

dosmode.c: prefer use of capabilities at two places over become_root

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
---

diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 41241fd2bfc..5dfab65984a 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -387,12 +387,12 @@ NTSTATUS fget_ea_dos_attribute(struct files_struct *fsp,
 		   run because in cases like NFS, root might have even less
 		   rights than the real user
 		*/
-		become_root();
+		set_effective_capability(DAC_OVERRIDE_CAPABILITY);
 		sizeret = SMB_VFS_FGETXATTR(fsp,
 					    SAMBA_XATTR_DOS_ATTRIB,
 					    attrstr,
 					    sizeof(attrstr));
-		unbecome_root();
+		drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
 	}
 	if (sizeret == -1) {
 		DBG_INFO("Cannot get attribute "
@@ -507,14 +507,14 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
 			return NT_STATUS_ACCESS_DENIED;
 		}
 
-		become_root();
+		set_effective_capability(DAC_OVERRIDE_CAPABILITY);
 		ret = SMB_VFS_FSETXATTR(smb_fname->fsp,
 					SAMBA_XATTR_DOS_ATTRIB,
 					blob.data, blob.length, 0);
+		drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
 		if (ret == 0) {
 			status = NT_STATUS_OK;
 		}
-		unbecome_root();
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}