1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

vfs_acl_common.c: prefer capabilities over become_root

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
This commit is contained in:
Björn Jacke 2022-06-17 07:25:08 +02:00 committed by Bjoern Jacke
parent 06e5c1e32e
commit 12734848dc

View File

@ -761,9 +761,9 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp,
/* Ok, we failed to chown and we have
SEC_STD_WRITE_OWNER access - override. */
become_root();
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
unbecome_root();
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
return status;
}
@ -1069,7 +1069,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle,
goto out;
}
become_root();
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
if (is_directory) {
ret = SMB_VFS_NEXT_UNLINKAT(handle,
dirfsp,
@ -1081,7 +1081,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle,
smb_fname,
0);
}
unbecome_root();
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
if (ret == -1) {
saved_errno = errno;