Bug 15265 - Access based share enum does not work in Samba 4.16+
Summary: Access based share enum does not work in Samba 4.16+
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DCE-RPCs and pipes (show other bugs)
Version: 4.17.4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-12-19 12:16 UTC by Andrew Walker
Modified: 2023-02-16 16:37 UTC (History)
2 users (show)

See Also:

Attachments
git-am fix for 4.17.next, 4.16.next. (2.00 KB, patch)
2022-12-19 20:56 UTC, Jeremy Allison 		jra: review? (awalker)
asn: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Walker 2022-12-19 12:16:03 UTC 
User reported that the transition from Samba 4.15 to 4.17 resulted in share parameter "access based share enum" ceased to work properly (share always rejected from share list).

It appears that Samba is now trying to open share_info.tdb as the user in question and failing because file permissions are 0o600.

```
[2022/12/16 07:12:04,  0] ../../source3/lib/sharesec.c:161(share_info_db_init)
  Failed to open share info database /var/db/system/samba4/share_info.tdb (Permission denied)
```

Merge request here: https://gitlab.com/samba-team/samba/-/merge_requests/2853

Gist of fix is to wrap share_access_check() in become_root() / unbecome_root() pair.
Comment 1 Samba QA Contact 2022-12-19 20:42:10 UTC 
This bug was referenced in samba master:

80c0b416892bfacc0d919fe032461748d7962f05
Comment 2 Jeremy Allison 2022-12-19 20:56:22 UTC 
Created attachment 17707 [details]
git-am fix for 4.17.next, 4.16.next.

Cherry-picked from master.
Comment 3 Andreas Schneider 2022-12-23 15:29:31 UTC 
Comment on attachment 17707 [details]
git-am fix for 4.17.next, 4.16.next.

LGTM
Comment 4 Jeremy Allison 2022-12-23 16:19:14 UTC 
Re-assigned to Jule for integration into 4.17.next, 4.16.next.
Comment 5 Jule Anger 2023-01-03 17:43:41 UTC 
Pushed to autobuild-v4-{17,16}-test.
Comment 6 Samba QA Contact 2023-01-03 19:20:11 UTC 
This bug was referenced in samba v4-16-test:

b9d02e857b2cd95a207e06e5c29daa23c45d180d
Comment 7 Samba QA Contact 2023-01-04 21:24:11 UTC 
This bug was referenced in samba v4-17-test:

4f47415e248452dc34b10008474853bbc81a2165
Comment 8 Jule Anger 2023-01-05 09:03:56 UTC 
Closing out bug report.

Thanks!
Comment 9 Samba QA Contact 2023-01-26 17:51:34 UTC 
This bug was referenced in samba v4-17-stable (Release samba-4.17.5):

4f47415e248452dc34b10008474853bbc81a2165
Comment 10 Samba QA Contact 2023-02-16 16:37:25 UTC 
This bug was referenced in samba v4-16-stable (Release samba-4.16.9):

b9d02e857b2cd95a207e06e5c29daa23c45d180d