From 5c8e34cae96ee65d34da61801a0f04c562006369 Mon Sep 17 00:00:00 2001 From: Andrew Date: Fri, 16 Dec 2022 08:16:10 -0800 Subject: [PATCH] rpc_server:srvsvc - retrieve share ACL via root context share_info.tdb has permissions of 0o600 and so we need to become_root() prior to retrieving the security info. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265 Signed-off-by: Andrew Walker Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184 (cherry picked from commit 80c0b416892bfacc0d919fe032461748d7962f05) --- source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c index 233718ff310..fbc617c3ac1 100644 --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c @@ -540,6 +540,7 @@ static bool is_hidden_share(int snum) static bool is_enumeration_allowed(struct pipes_struct *p, int snum) { + bool allowed; struct dcesrv_call_state *dce_call = p->dce_call; struct auth_session_info *session_info = dcesrv_call_session_info(dce_call); @@ -556,9 +557,19 @@ static bool is_enumeration_allowed(struct pipes_struct *p, return false; } - return share_access_check(session_info->security_token, - lp_servicename(talloc_tos(), lp_sub, snum), - FILE_READ_DATA, NULL); + + /* + * share_access_check() must be opened as root + * because it ultimately gets a R/W db handle on share_info.tdb + * which has 0o600 permissions + */ + become_root(); + allowed = share_access_check(session_info->security_token, + lp_servicename(talloc_tos(), lp_sub, snum), + FILE_READ_DATA, NULL); + unbecome_root(); + + return allowed; } /**************************************************************************** -- 2.34.1