The Samba-Bugzilla – Attachment 18277 Details for
Bug 15583
set_nt_acl sometimes fails with NT_STATUS_INVALID_PARAMETER - openat() EACCES
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.20 backported from master
v420-bug15583.patch (text/plain), 18.45 KB, created by
Ralph Böhme
on 2024-03-27 14:51:45 UTC
(
hide
)
Description:
Patch for 4.20 backported from master
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2024-03-27 14:51:45 UTC
Size:
18.45 KB
patch
obsolete
>From 58ea952fd0c716f94b1b79b8ed1829bb72732ccc Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bjacke@samba.org> >Date: Mon, 25 Mar 2024 17:03:14 +0100 >Subject: [PATCH 01/10] Revert "dosmode: prefer capabilities over become_root" > >This reverts commit 5e925f9755fad180863861157aa7548d83dd3fde. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 >Signed-off-by: Bjoern Jacke <bjacke@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >--- > source3/smbd/dosmode.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > >diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c >index 4ae08f38dcfa..a574de9b0dac 100644 >--- a/source3/smbd/dosmode.c >+++ b/source3/smbd/dosmode.c >@@ -1037,9 +1037,9 @@ int file_set_dosmode(connection_struct *conn, > return -1; > } > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > ret = SMB_VFS_FCHMOD(smb_fname->fsp, unixmode); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > > done: > if (!newfile) { >@@ -1209,9 +1209,9 @@ int file_ntimes(connection_struct *conn, > /* Check if we have write access. */ > if (can_write_to_fsp(fsp)) { > /* We are allowed to become root and change the filetime. */ >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > ret = SMB_VFS_FNTIMES(fsp, ft); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > > return ret; >-- >2.44.0 > > >From 87479544381e103ee2b1def574a5865a3f6a93d9 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bjacke@samba.org> >Date: Mon, 25 Mar 2024 17:03:28 +0100 >Subject: [PATCH 02/10] Revert "posix_acls.c: prefer capabilities over > become_root" > >This reverts commit 1edf9ecaf56f3312e199e633bff0804243042e33. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 >Signed-off-by: Bjoern Jacke <bjacke@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >--- > source3/smbd/posix_acls.c | 40 +++++++++++++++++++-------------------- > 1 file changed, 20 insertions(+), 20 deletions(-) > >diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c >index 530056175e00..d275bdb908b3 100644 >--- a/source3/smbd/posix_acls.c >+++ b/source3/smbd/posix_acls.c >@@ -2944,11 +2944,11 @@ static bool set_canon_ace_list(files_struct *fsp, > "file [%s] primary group.\n", > fsp_str_dbg(fsp)); > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > sret = SMB_VFS_SYS_ACL_SET_FD(fsp, > the_acl_type, > the_acl); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > if (sret == 0) { > ret = true; > } >@@ -3441,12 +3441,12 @@ static NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid) > > if (has_take_ownership_priv || has_restore_priv) { > status = NT_STATUS_OK; >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > ret = SMB_VFS_FCHOWN(fsp, uid, gid); > if (ret != 0) { > status = map_nt_error_from_unix(errno); > } >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > return status; > } > } >@@ -3480,13 +3480,13 @@ static NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid) > } > > status = NT_STATUS_OK; >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > /* Keep the current file gid the same. */ > ret = SMB_VFS_FCHOWN(fsp, uid, (gid_t)-1); > if (ret != 0) { > status = map_nt_error_from_unix(errno); > } >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > > return status; > } >@@ -3707,12 +3707,12 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > > if (acl_perms && file_ace_list) { > if (set_acl_as_root) { >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > } > ret = set_canon_ace_list(fsp, file_ace_list, false, > &fsp->fsp_name->st, &acl_set_support); > if (set_acl_as_root) { >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > if (acl_set_support && ret == false) { > DEBUG(3,("set_nt_acl: failed to set file acl on file " >@@ -3727,13 +3727,13 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > if (acl_perms && acl_set_support && fsp->fsp_flags.is_directory) { > if (dir_ace_list) { > if (set_acl_as_root) { >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > } > ret = set_canon_ace_list(fsp, dir_ace_list, true, > &fsp->fsp_name->st, > &acl_set_support); > if (set_acl_as_root) { >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > if (ret == false) { > DEBUG(3,("set_nt_acl: failed to set default " >@@ -3751,11 +3751,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > */ > > if (set_acl_as_root) { >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > } > sret = SMB_VFS_SYS_ACL_DELETE_DEF_FD(fsp); > if (set_acl_as_root) { >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > if (sret == -1) { > if (acl_group_override_fsp(fsp)) { >@@ -3765,10 +3765,10 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > "Override delete_def_acl\n", > fsp_str_dbg(fsp))); > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > sret = > SMB_VFS_SYS_ACL_DELETE_DEF_FD(fsp); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > > if (sret == -1) { >@@ -3786,14 +3786,14 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > > if (acl_set_support) { > if (set_acl_as_root) { >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > } > store_inheritance_attributes(fsp, > file_ace_list, > dir_ace_list, > psd->type); > if (set_acl_as_root) { >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > } > >@@ -3820,11 +3820,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > fsp_str_dbg(fsp), (unsigned int)posix_perms)); > > if (set_acl_as_root) { >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > } > sret = SMB_VFS_FCHMOD(fsp, posix_perms); > if (set_acl_as_root) { >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > if(sret == -1) { > if (acl_group_override_fsp(fsp)) { >@@ -3834,9 +3834,9 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct > "Override chmod\n", > fsp_str_dbg(fsp))); > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > sret = SMB_VFS_FCHMOD(fsp, posix_perms); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > > if (sret == -1) { >-- >2.44.0 > > >From 88eb58af6783ad23d2e2b602ee9fdbbdf556b354 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bjacke@samba.org> >Date: Mon, 25 Mar 2024 17:03:35 +0100 >Subject: [PATCH 03/10] Revert "open.c: prefer capabilities over become_root" > >This reverts commit b250f25fe407f9a6269b804382de4854501f2d86. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 >Signed-off-by: Bjoern Jacke <bjacke@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >--- > source3/smbd/open.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index ae47d1306502..9512fb20c598 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -999,11 +999,11 @@ static void change_file_owner_to_parent_fsp(struct files_struct *parent_fsp, > return; > } > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > ret = SMB_VFS_FCHOWN(fsp, > parent_fsp->fsp_name->st.st_ex_uid, > (gid_t)-1); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > if (ret == -1) { > DBG_ERR("failed to fchown " > "file %s to parent directory uid %u. Error " >@@ -1036,11 +1036,11 @@ static NTSTATUS change_dir_owner_to_parent_fsp(struct files_struct *parent_fsp, > return NT_STATUS_OK; > } > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > ret = SMB_VFS_FCHOWN(fsp, > parent_fsp->fsp_name->st.st_ex_uid, > (gid_t)-1); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > if (ret == -1) { > status = map_nt_error_from_unix(errno); > DBG_ERR("failed to chown " >@@ -5542,13 +5542,13 @@ static NTSTATUS inherit_new_acl(files_struct *dirfsp, files_struct *fsp) > > if (inherit_owner) { > /* We need to be root to force this. */ >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > } > status = SMB_VFS_FSET_NT_ACL(metadata_fsp(fsp), > security_info_sent, > psd); > if (inherit_owner) { >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > TALLOC_FREE(frame); > return status; >-- >2.44.0 > > >From 7f19afbd40d3ad3c8d186d0a2a64d07a2a8bd00a Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bjacke@samba.org> >Date: Mon, 25 Mar 2024 17:03:44 +0100 >Subject: [PATCH 04/10] Revert "vfs_recycle.c: prefer capabilities over > become_root" > >This reverts commit 4227b011f6ada97a4cd72a440ed887ffdb3f219e. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 >Signed-off-by: Bjoern Jacke <bjacke@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >--- > source3/modules/vfs_recycle.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c >index a9d60f6adbbc..327a7eea06e3 100644 >--- a/source3/modules/vfs_recycle.c >+++ b/source3/modules/vfs_recycle.c >@@ -401,10 +401,10 @@ static void recycle_do_touch(vfs_handle_struct *handle, > /* mtime */ > ft.mtime = touch_mtime ? ft.atime : smb_fname_tmp->st.st_ex_mtime; > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > ret = SMB_VFS_NEXT_FNTIMES(handle, smb_fname_tmp->fsp, &ft); > err = errno; >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > if (ret == -1 ) { > DEBUG(0, ("recycle: touching %s failed, reason = %s\n", > smb_fname_str_dbg(smb_fname_tmp), strerror(err))); >-- >2.44.0 > > >From 10c7a3e47c62dcb1dfe7e384960d60cafcb9e44e Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bjacke@samba.org> >Date: Mon, 25 Mar 2024 17:03:50 +0100 >Subject: [PATCH 05/10] Revert "vfs_posix_eadb.c: prefer capabilities over > become_root" > >This reverts commit 92278418dc885ed411f545e73c800ce93f858090. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 >Signed-off-by: Bjoern Jacke <bjacke@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >--- > source3/modules/vfs_posix_eadb.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/modules/vfs_posix_eadb.c b/source3/modules/vfs_posix_eadb.c >index 34769f58a69e..b3e21b09b8c3 100644 >--- a/source3/modules/vfs_posix_eadb.c >+++ b/source3/modules/vfs_posix_eadb.c >@@ -213,12 +213,12 @@ static bool posix_eadb_init(int snum, struct tdb_wrap **p_db) > > lp_ctx = loadparm_init_s3(NULL, loadparm_s3_helpers()); > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > db = tdb_wrap_open(NULL, eadb, 50000, > lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT), > O_RDWR|O_CREAT, 0600); > >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > talloc_unlink(NULL, lp_ctx); > /* now we know dbname is not NULL */ > >-- >2.44.0 > > >From 52ad635b2705bcfc8166bd90b1ad35ebb9cbc986 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bjacke@samba.org> >Date: Mon, 25 Mar 2024 17:03:57 +0100 >Subject: [PATCH 06/10] Revert "vfs_default.c: prefer capabilities over > become_root" > >This reverts commit 62464bd2db2a95b1253364f4493bbb6770b73193. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 >Signed-off-by: Bjoern Jacke <bjacke@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >--- > source3/modules/vfs_default.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c >index 98188a50c348..62ad5063af0f 100644 >--- a/source3/modules/vfs_default.c >+++ b/source3/modules/vfs_default.c >@@ -1897,14 +1897,14 @@ static void vfswrap_get_dos_attributes_getxattr_done(struct tevent_req *subreq) > > state->as_root = true; > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > subreq = SMB_VFS_GETXATTRAT_SEND(state, > state->ev, > state->dir_fsp, > state->smb_fname, > SAMBA_XATTR_DOS_ATTRIB, > sizeof(fstring)); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > if (tevent_req_nomem(subreq, req)) { > return; > } >-- >2.44.0 > > >From af7b930e2bfe2275cee14dc2154f2aea8875fa63 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bjacke@samba.org> >Date: Mon, 25 Mar 2024 17:04:17 +0100 >Subject: [PATCH 07/10] Revert "vfs_acl_common.c: prefer capabilities over > become_root" > >This reverts commit 12734848dc9901b932644139aaa7e3f78e55c8dc. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 >Signed-off-by: Bjoern Jacke <bjacke@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >--- > source3/modules/vfs_acl_common.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > >diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c >index 314fc79a3a68..e04b672cf9ae 100644 >--- a/source3/modules/vfs_acl_common.c >+++ b/source3/modules/vfs_acl_common.c >@@ -764,9 +764,9 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp, > > /* Ok, we failed to chown and we have > SEC_STD_WRITE_OWNER access - override. */ >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > > return status; > } >@@ -1072,7 +1072,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle, > goto out; > } > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > if (is_directory) { > ret = SMB_VFS_NEXT_UNLINKAT(handle, > dirfsp, >@@ -1084,7 +1084,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle, > smb_fname, > 0); > } >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > > if (ret == -1) { > saved_errno = errno; >-- >2.44.0 > > >From 33e88911ee7a8974d52021632ca25c1ddfcb6f45 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bjacke@samba.org> >Date: Mon, 25 Mar 2024 17:04:23 +0100 >Subject: [PATCH 08/10] Revert "nfs4_acls.c: prefer capabilities over > become_root" > >This reverts commit 06e5c1e32ea7907523cc19f021225e7541e2075f. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 >Signed-off-by: Bjoern Jacke <bjacke@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >--- > source3/modules/nfs4_acls.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c >index 0cc2b6cf3642..c80f8390170b 100644 >--- a/source3/modules/nfs4_acls.c >+++ b/source3/modules/nfs4_acls.c >@@ -1201,12 +1201,12 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, > smbacl4_dump_nfs4acl(10, theacl); > > if (set_acl_as_root) { >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > } > result = set_nfs4_native(handle, fsp, theacl); > saved_errno = errno; > if (set_acl_as_root) { >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > > TALLOC_FREE(frame); >-- >2.44.0 > > >From 32aa11e9b570ce1c0bec889b699bc4897c9d9843 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bjacke@samba.org> >Date: Mon, 25 Mar 2024 17:04:45 +0100 >Subject: [PATCH 09/10] Revert "dosmode.c: prefer use of capabilities at two > places over become_root" > >This reverts commit c1e2fbb1b9a7551becf5caa0f08d434edf9ad862. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 >Signed-off-by: Bjoern Jacke <bjacke@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >--- > source3/smbd/dosmode.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > >diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c >index a574de9b0dac..4d897d6d7a13 100644 >--- a/source3/smbd/dosmode.c >+++ b/source3/smbd/dosmode.c >@@ -388,12 +388,12 @@ NTSTATUS fget_ea_dos_attribute(struct files_struct *fsp, > run because in cases like NFS, root might have even less > rights than the real user > */ >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > sizeret = SMB_VFS_FGETXATTR(fsp, > SAMBA_XATTR_DOS_ATTRIB, > attrstr, > sizeof(attrstr)); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > } > if (sizeret == -1) { > DBG_INFO("Cannot get attribute " >@@ -508,14 +508,14 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn, > return NT_STATUS_ACCESS_DENIED; > } > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > ret = SMB_VFS_FSETXATTR(smb_fname->fsp, > SAMBA_XATTR_DOS_ATTRIB, > blob.data, blob.length, 0); >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); > if (ret == 0) { > status = NT_STATUS_OK; > } >+ unbecome_root(); > if (!NT_STATUS_IS_OK(status)) { > return status; > } >-- >2.44.0 > > >From 0dec2ef188a93504da873d927ca2b26f8c491fb8 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bjacke@samba.org> >Date: Thu, 25 Jan 2024 00:46:38 +0100 >Subject: [PATCH 10/10] Revert "token_util.c: prefer capabilities over > become_root" >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >This reverts commit 944cb51506a94084d7ab52ee044fe6f66e1aaeb9. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 >Signed-off-by: Bjoern Jacke <bjacke@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> > >Autobuild-User(master): Ralph Böhme <slow@samba.org> >Autobuild-Date(master): Wed Mar 27 10:47:23 UTC 2024 on atb-devel-224 >--- > source3/auth/token_util.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c >index a7ff9bd6c3f1..023ad7cbb028 100644 >--- a/source3/auth/token_util.c >+++ b/source3/auth/token_util.c >@@ -699,7 +699,7 @@ NTSTATUS finalize_local_nt_token(struct security_token *result, > > /* Add in BUILTIN sids */ > >- set_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ become_root(); > ok = secrets_fetch_domain_sid(lp_workgroup(), &_dom_sid); > if (ok) { > domain_sid = &_dom_sid; >@@ -707,7 +707,7 @@ NTSTATUS finalize_local_nt_token(struct security_token *result, > DEBUG(3, ("Failed to fetch domain sid for %s\n", > lp_workgroup())); > } >- drop_effective_capability(DAC_OVERRIDE_CAPABILITY); >+ unbecome_root(); > > info = talloc_zero(talloc_tos(), struct acct_info); > if (info == NULL) { >-- >2.44.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18277">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 15583
:
18248
|
18249
|
18250
|
18251
|
18252
|
18277
|
18278