The Samba-Bugzilla – Attachment 18248 Details for
Bug 15583
set_nt_acl sometimes fails with NT_STATUS_INVALID_PARAMETER - openat() EACCES
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch that fixes the behavior
0001-Revert-posix_acls.c-prefer-capabilities-over-become_.patch (text/plain), 5.17 KB, created by
Björn Baumbach
on 2024-02-15 22:32:17 UTC
(
hide
)
Description:
patch that fixes the behavior
Filename:
MIME Type:
Creator:
Björn Baumbach
Created:
2024-02-15 22:32:17 UTC
Size:
5.17 KB
patch
obsolete
>From 79f70d9d3f4487165ca407c0bd891e404cf5e9d8 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb@sernet.de> >Date: Thu, 15 Feb 2024 19:20:48 +0100 >Subject: [PATCH] Revert "posix_acls.c: prefer capabilities over become_root" > >This reverts commit 1edf9ecaf56f3312e199e633bff0804243042e33. >--- > source3/smbd/posix_acls.c | 40 +++++++++++++++++++-------------------- > 1 file changed, 20 insertions(+), 20 deletions(-) > >diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c >index 530056175e0..d275bdb908b 100644 >--- a/source3/smbd/posix_acls.c >+++ b/source3/smbd/posix_acls.c >@@ -2944,11 +2944,11 @@ static bool set_canon_ace_list(files_struct *fsp, > "file [%s] primary group.\n", > fsp_str_dbg(fsp)); > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > sret = SMB_VFS_SYS_ACL_SET_FD(fsp, > the_acl_type, > the_acl); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > if (sret == 0) { > ret = true; > } >@@ -3441,12 +3441,12 @@ static NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid) > > if (has_take_ownership_priv || has_restore_priv) { > status = NT_STATUS_OK; >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > ret = SMB_VFS_FCHOWN(fsp, uid, gid); > if (ret != 0) { > status = map_nt_error_from_unix(errno); > } >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > return status; > } > } >@@ -3480,13 +3480,13 @@ static NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid) > } > > status = NT_STATUS_OK; >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > /* Keep the current file gid the same. */ > ret = SMB_VFS_FCHOWN(fsp, uid, (gid_t)-1); > if (ret != 0) { > status = map_nt_error_from_unix(errno); > } >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > > return status; > } >@@ -3707,12 +3707,12 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > > if (acl_perms && file_ace_list) { > if (set_acl_as_root) { >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > } > ret = set_canon_ace_list(fsp, file_ace_list, false, > &fsp->fsp_name->st, &acl_set_support); > if (set_acl_as_root) { >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > if (acl_set_support && ret == false) { > DEBUG(3,("set_nt_acl: failed to set file acl on file " >@@ -3727,13 +3727,13 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > if (acl_perms && acl_set_support && fsp->fsp_flags.is_directory) { > if (dir_ace_list) { > if (set_acl_as_root) { >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > } > ret = set_canon_ace_list(fsp, dir_ace_list, true, > &fsp->fsp_name->st, > &acl_set_support); > if (set_acl_as_root) { >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > if (ret == false) { > DEBUG(3,("set_nt_acl: failed to set default " >@@ -3751,11 +3751,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > */ > > if (set_acl_as_root) { >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > } > sret = SMB_VFS_SYS_ACL_DELETE_DEF_FD(fsp); > if (set_acl_as_root) { >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > if (sret == -1) { > if (acl_group_override_fsp(fsp)) { >@@ -3765,10 +3765,10 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > "Override delete_def_acl\n", > fsp_str_dbg(fsp))); > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > sret = > SMB_VFS_SYS_ACL_DELETE_DEF_FD(fsp); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > > if (sret == -1) { >@@ -3786,14 +3786,14 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > > if (acl_set_support) { > if (set_acl_as_root) { >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > } > store_inheritance_attributes(fsp, > file_ace_list, > dir_ace_list, > psd->type); > if (set_acl_as_root) { >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > } > >@@ -3820,11 +3820,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > fsp_str_dbg(fsp), (unsigned int)posix_perms)); > > if (set_acl_as_root) { >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > } > sret = SMB_VFS_FCHMOD(fsp, posix_perms); > if (set_acl_as_root) { >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > if(sret == -1) { > if (acl_group_override_fsp(fsp)) { >@@ -3834,9 +3834,9 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > "Override chmod\n", > fsp_str_dbg(fsp))); > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > sret = SMB_VFS_FCHMOD(fsp, posix_perms); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > > if (sret == -1) { >-- >2.34.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 15583
: 18248 |
18249
|
18250
|
18251
|
18252
|
18277
|
18278