From 58ea952fd0c716f94b1b79b8ed1829bb72732ccc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Mon, 25 Mar 2024 17:03:14 +0100 Subject: [PATCH 01/10] Revert "dosmode: prefer capabilities over become_root" This reverts commit 5e925f9755fad180863861157aa7548d83dd3fde. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme --- source3/smbd/dosmode.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 4ae08f38dcfa..a574de9b0dac 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -1037,9 +1037,9 @@ int file_set_dosmode(connection_struct *conn, return -1; } - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); ret = SMB_VFS_FCHMOD(smb_fname->fsp, unixmode); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); done: if (!newfile) { @@ -1209,9 +1209,9 @@ int file_ntimes(connection_struct *conn, /* Check if we have write access. */ if (can_write_to_fsp(fsp)) { /* We are allowed to become root and change the filetime. */ - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); ret = SMB_VFS_FNTIMES(fsp, ft); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); } return ret; -- 2.44.0 From 87479544381e103ee2b1def574a5865a3f6a93d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Mon, 25 Mar 2024 17:03:28 +0100 Subject: [PATCH 02/10] Revert "posix_acls.c: prefer capabilities over become_root" This reverts commit 1edf9ecaf56f3312e199e633bff0804243042e33. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme --- source3/smbd/posix_acls.c | 40 +++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 530056175e00..d275bdb908b3 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -2944,11 +2944,11 @@ static bool set_canon_ace_list(files_struct *fsp, "file [%s] primary group.\n", fsp_str_dbg(fsp)); - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); sret = SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl_type, the_acl); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); if (sret == 0) { ret = true; } @@ -3441,12 +3441,12 @@ static NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid) if (has_take_ownership_priv || has_restore_priv) { status = NT_STATUS_OK; - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); ret = SMB_VFS_FCHOWN(fsp, uid, gid); if (ret != 0) { status = map_nt_error_from_unix(errno); } - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); return status; } } @@ -3480,13 +3480,13 @@ static NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid) } status = NT_STATUS_OK; - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); /* Keep the current file gid the same. */ ret = SMB_VFS_FCHOWN(fsp, uid, (gid_t)-1); if (ret != 0) { status = map_nt_error_from_unix(errno); } - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); return status; } @@ -3707,12 +3707,12 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct if (acl_perms && file_ace_list) { if (set_acl_as_root) { - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); } ret = set_canon_ace_list(fsp, file_ace_list, false, &fsp->fsp_name->st, &acl_set_support); if (set_acl_as_root) { - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); } if (acl_set_support && ret == false) { DEBUG(3,("set_nt_acl: failed to set file acl on file " @@ -3727,13 +3727,13 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct if (acl_perms && acl_set_support && fsp->fsp_flags.is_directory) { if (dir_ace_list) { if (set_acl_as_root) { - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); } ret = set_canon_ace_list(fsp, dir_ace_list, true, &fsp->fsp_name->st, &acl_set_support); if (set_acl_as_root) { - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); } if (ret == false) { DEBUG(3,("set_nt_acl: failed to set default " @@ -3751,11 +3751,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct */ if (set_acl_as_root) { - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); } sret = SMB_VFS_SYS_ACL_DELETE_DEF_FD(fsp); if (set_acl_as_root) { - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); } if (sret == -1) { if (acl_group_override_fsp(fsp)) { @@ -3765,10 +3765,10 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct "Override delete_def_acl\n", fsp_str_dbg(fsp))); - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); sret = SMB_VFS_SYS_ACL_DELETE_DEF_FD(fsp); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); } if (sret == -1) { @@ -3786,14 +3786,14 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct if (acl_set_support) { if (set_acl_as_root) { - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); } store_inheritance_attributes(fsp, file_ace_list, dir_ace_list, psd->type); if (set_acl_as_root) { - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); } } @@ -3820,11 +3820,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct fsp_str_dbg(fsp), (unsigned int)posix_perms)); if (set_acl_as_root) { - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); } sret = SMB_VFS_FCHMOD(fsp, posix_perms); if (set_acl_as_root) { - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); } if(sret == -1) { if (acl_group_override_fsp(fsp)) { @@ -3834,9 +3834,9 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct "Override chmod\n", fsp_str_dbg(fsp))); - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); sret = SMB_VFS_FCHMOD(fsp, posix_perms); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); } if (sret == -1) { -- 2.44.0 From 88eb58af6783ad23d2e2b602ee9fdbbdf556b354 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Mon, 25 Mar 2024 17:03:35 +0100 Subject: [PATCH 03/10] Revert "open.c: prefer capabilities over become_root" This reverts commit b250f25fe407f9a6269b804382de4854501f2d86. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme --- source3/smbd/open.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index ae47d1306502..9512fb20c598 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -999,11 +999,11 @@ static void change_file_owner_to_parent_fsp(struct files_struct *parent_fsp, return; } - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); ret = SMB_VFS_FCHOWN(fsp, parent_fsp->fsp_name->st.st_ex_uid, (gid_t)-1); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); if (ret == -1) { DBG_ERR("failed to fchown " "file %s to parent directory uid %u. Error " @@ -1036,11 +1036,11 @@ static NTSTATUS change_dir_owner_to_parent_fsp(struct files_struct *parent_fsp, return NT_STATUS_OK; } - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); ret = SMB_VFS_FCHOWN(fsp, parent_fsp->fsp_name->st.st_ex_uid, (gid_t)-1); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); if (ret == -1) { status = map_nt_error_from_unix(errno); DBG_ERR("failed to chown " @@ -5542,13 +5542,13 @@ static NTSTATUS inherit_new_acl(files_struct *dirfsp, files_struct *fsp) if (inherit_owner) { /* We need to be root to force this. */ - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); } status = SMB_VFS_FSET_NT_ACL(metadata_fsp(fsp), security_info_sent, psd); if (inherit_owner) { - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); } TALLOC_FREE(frame); return status; -- 2.44.0 From 7f19afbd40d3ad3c8d186d0a2a64d07a2a8bd00a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Mon, 25 Mar 2024 17:03:44 +0100 Subject: [PATCH 04/10] Revert "vfs_recycle.c: prefer capabilities over become_root" This reverts commit 4227b011f6ada97a4cd72a440ed887ffdb3f219e. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme --- source3/modules/vfs_recycle.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c index a9d60f6adbbc..327a7eea06e3 100644 --- a/source3/modules/vfs_recycle.c +++ b/source3/modules/vfs_recycle.c @@ -401,10 +401,10 @@ static void recycle_do_touch(vfs_handle_struct *handle, /* mtime */ ft.mtime = touch_mtime ? ft.atime : smb_fname_tmp->st.st_ex_mtime; - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); ret = SMB_VFS_NEXT_FNTIMES(handle, smb_fname_tmp->fsp, &ft); err = errno; - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); if (ret == -1 ) { DEBUG(0, ("recycle: touching %s failed, reason = %s\n", smb_fname_str_dbg(smb_fname_tmp), strerror(err))); -- 2.44.0 From 10c7a3e47c62dcb1dfe7e384960d60cafcb9e44e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Mon, 25 Mar 2024 17:03:50 +0100 Subject: [PATCH 05/10] Revert "vfs_posix_eadb.c: prefer capabilities over become_root" This reverts commit 92278418dc885ed411f545e73c800ce93f858090. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme --- source3/modules/vfs_posix_eadb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/modules/vfs_posix_eadb.c b/source3/modules/vfs_posix_eadb.c index 34769f58a69e..b3e21b09b8c3 100644 --- a/source3/modules/vfs_posix_eadb.c +++ b/source3/modules/vfs_posix_eadb.c @@ -213,12 +213,12 @@ static bool posix_eadb_init(int snum, struct tdb_wrap **p_db) lp_ctx = loadparm_init_s3(NULL, loadparm_s3_helpers()); - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); db = tdb_wrap_open(NULL, eadb, 50000, lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT), O_RDWR|O_CREAT, 0600); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); talloc_unlink(NULL, lp_ctx); /* now we know dbname is not NULL */ -- 2.44.0 From 52ad635b2705bcfc8166bd90b1ad35ebb9cbc986 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Mon, 25 Mar 2024 17:03:57 +0100 Subject: [PATCH 06/10] Revert "vfs_default.c: prefer capabilities over become_root" This reverts commit 62464bd2db2a95b1253364f4493bbb6770b73193. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme --- source3/modules/vfs_default.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 98188a50c348..62ad5063af0f 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -1897,14 +1897,14 @@ static void vfswrap_get_dos_attributes_getxattr_done(struct tevent_req *subreq) state->as_root = true; - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); subreq = SMB_VFS_GETXATTRAT_SEND(state, state->ev, state->dir_fsp, state->smb_fname, SAMBA_XATTR_DOS_ATTRIB, sizeof(fstring)); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); if (tevent_req_nomem(subreq, req)) { return; } -- 2.44.0 From af7b930e2bfe2275cee14dc2154f2aea8875fa63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Mon, 25 Mar 2024 17:04:17 +0100 Subject: [PATCH 07/10] Revert "vfs_acl_common.c: prefer capabilities over become_root" This reverts commit 12734848dc9901b932644139aaa7e3f78e55c8dc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme --- source3/modules/vfs_acl_common.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 314fc79a3a68..e04b672cf9ae 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -764,9 +764,9 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp, /* Ok, we failed to chown and we have SEC_STD_WRITE_OWNER access - override. */ - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); return status; } @@ -1072,7 +1072,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle, goto out; } - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); if (is_directory) { ret = SMB_VFS_NEXT_UNLINKAT(handle, dirfsp, @@ -1084,7 +1084,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle, smb_fname, 0); } - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); if (ret == -1) { saved_errno = errno; -- 2.44.0 From 33e88911ee7a8974d52021632ca25c1ddfcb6f45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Mon, 25 Mar 2024 17:04:23 +0100 Subject: [PATCH 08/10] Revert "nfs4_acls.c: prefer capabilities over become_root" This reverts commit 06e5c1e32ea7907523cc19f021225e7541e2075f. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme --- source3/modules/nfs4_acls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 0cc2b6cf3642..c80f8390170b 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -1201,12 +1201,12 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, smbacl4_dump_nfs4acl(10, theacl); if (set_acl_as_root) { - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); } result = set_nfs4_native(handle, fsp, theacl); saved_errno = errno; if (set_acl_as_root) { - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); } TALLOC_FREE(frame); -- 2.44.0 From 32aa11e9b570ce1c0bec889b699bc4897c9d9843 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Mon, 25 Mar 2024 17:04:45 +0100 Subject: [PATCH 09/10] Revert "dosmode.c: prefer use of capabilities at two places over become_root" This reverts commit c1e2fbb1b9a7551becf5caa0f08d434edf9ad862. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme --- source3/smbd/dosmode.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index a574de9b0dac..4d897d6d7a13 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -388,12 +388,12 @@ NTSTATUS fget_ea_dos_attribute(struct files_struct *fsp, run because in cases like NFS, root might have even less rights than the real user */ - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); sizeret = SMB_VFS_FGETXATTR(fsp, SAMBA_XATTR_DOS_ATTRIB, attrstr, sizeof(attrstr)); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); } if (sizeret == -1) { DBG_INFO("Cannot get attribute " @@ -508,14 +508,14 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn, return NT_STATUS_ACCESS_DENIED; } - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); ret = SMB_VFS_FSETXATTR(smb_fname->fsp, SAMBA_XATTR_DOS_ATTRIB, blob.data, blob.length, 0); - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); if (ret == 0) { status = NT_STATUS_OK; } + unbecome_root(); if (!NT_STATUS_IS_OK(status)) { return status; } -- 2.44.0 From 0dec2ef188a93504da873d927ca2b26f8c491fb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Thu, 25 Jan 2024 00:46:38 +0100 Subject: [PATCH 10/10] Revert "token_util.c: prefer capabilities over become_root" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 944cb51506a94084d7ab52ee044fe6f66e1aaeb9. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Mar 27 10:47:23 UTC 2024 on atb-devel-224 --- source3/auth/token_util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index a7ff9bd6c3f1..023ad7cbb028 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -699,7 +699,7 @@ NTSTATUS finalize_local_nt_token(struct security_token *result, /* Add in BUILTIN sids */ - set_effective_capability(DAC_OVERRIDE_CAPABILITY); + become_root(); ok = secrets_fetch_domain_sid(lp_workgroup(), &_dom_sid); if (ok) { domain_sid = &_dom_sid; @@ -707,7 +707,7 @@ NTSTATUS finalize_local_nt_token(struct security_token *result, DEBUG(3, ("Failed to fetch domain sid for %s\n", lp_workgroup())); } - drop_effective_capability(DAC_OVERRIDE_CAPABILITY); + unbecome_root(); info = talloc_zero(talloc_tos(), struct acct_info); if (info == NULL) { -- 2.44.0