mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
Revert "posix_acls.c: prefer capabilities over become_root"
This reverts commit 1edf9ecaf5
.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
parent
58ea952fd0
commit
8747954438
@ -2944,11 +2944,11 @@ static bool set_canon_ace_list(files_struct *fsp,
|
||||
"file [%s] primary group.\n",
|
||||
fsp_str_dbg(fsp));
|
||||
|
||||
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
become_root();
|
||||
sret = SMB_VFS_SYS_ACL_SET_FD(fsp,
|
||||
the_acl_type,
|
||||
the_acl);
|
||||
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
unbecome_root();
|
||||
if (sret == 0) {
|
||||
ret = true;
|
||||
}
|
||||
@ -3441,12 +3441,12 @@ static NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid)
|
||||
|
||||
if (has_take_ownership_priv || has_restore_priv) {
|
||||
status = NT_STATUS_OK;
|
||||
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
become_root();
|
||||
ret = SMB_VFS_FCHOWN(fsp, uid, gid);
|
||||
if (ret != 0) {
|
||||
status = map_nt_error_from_unix(errno);
|
||||
}
|
||||
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
unbecome_root();
|
||||
return status;
|
||||
}
|
||||
}
|
||||
@ -3480,13 +3480,13 @@ static NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid)
|
||||
}
|
||||
|
||||
status = NT_STATUS_OK;
|
||||
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
become_root();
|
||||
/* Keep the current file gid the same. */
|
||||
ret = SMB_VFS_FCHOWN(fsp, uid, (gid_t)-1);
|
||||
if (ret != 0) {
|
||||
status = map_nt_error_from_unix(errno);
|
||||
}
|
||||
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
unbecome_root();
|
||||
|
||||
return status;
|
||||
}
|
||||
@ -3707,12 +3707,12 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct
|
||||
|
||||
if (acl_perms && file_ace_list) {
|
||||
if (set_acl_as_root) {
|
||||
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
become_root();
|
||||
}
|
||||
ret = set_canon_ace_list(fsp, file_ace_list, false,
|
||||
&fsp->fsp_name->st, &acl_set_support);
|
||||
if (set_acl_as_root) {
|
||||
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
unbecome_root();
|
||||
}
|
||||
if (acl_set_support && ret == false) {
|
||||
DEBUG(3,("set_nt_acl: failed to set file acl on file "
|
||||
@ -3727,13 +3727,13 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct
|
||||
if (acl_perms && acl_set_support && fsp->fsp_flags.is_directory) {
|
||||
if (dir_ace_list) {
|
||||
if (set_acl_as_root) {
|
||||
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
become_root();
|
||||
}
|
||||
ret = set_canon_ace_list(fsp, dir_ace_list, true,
|
||||
&fsp->fsp_name->st,
|
||||
&acl_set_support);
|
||||
if (set_acl_as_root) {
|
||||
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
unbecome_root();
|
||||
}
|
||||
if (ret == false) {
|
||||
DEBUG(3,("set_nt_acl: failed to set default "
|
||||
@ -3751,11 +3751,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct
|
||||
*/
|
||||
|
||||
if (set_acl_as_root) {
|
||||
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
become_root();
|
||||
}
|
||||
sret = SMB_VFS_SYS_ACL_DELETE_DEF_FD(fsp);
|
||||
if (set_acl_as_root) {
|
||||
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
unbecome_root();
|
||||
}
|
||||
if (sret == -1) {
|
||||
if (acl_group_override_fsp(fsp)) {
|
||||
@ -3765,10 +3765,10 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct
|
||||
"Override delete_def_acl\n",
|
||||
fsp_str_dbg(fsp)));
|
||||
|
||||
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
become_root();
|
||||
sret =
|
||||
SMB_VFS_SYS_ACL_DELETE_DEF_FD(fsp);
|
||||
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
unbecome_root();
|
||||
}
|
||||
|
||||
if (sret == -1) {
|
||||
@ -3786,14 +3786,14 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct
|
||||
|
||||
if (acl_set_support) {
|
||||
if (set_acl_as_root) {
|
||||
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
become_root();
|
||||
}
|
||||
store_inheritance_attributes(fsp,
|
||||
file_ace_list,
|
||||
dir_ace_list,
|
||||
psd->type);
|
||||
if (set_acl_as_root) {
|
||||
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
unbecome_root();
|
||||
}
|
||||
}
|
||||
|
||||
@ -3820,11 +3820,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct
|
||||
fsp_str_dbg(fsp), (unsigned int)posix_perms));
|
||||
|
||||
if (set_acl_as_root) {
|
||||
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
become_root();
|
||||
}
|
||||
sret = SMB_VFS_FCHMOD(fsp, posix_perms);
|
||||
if (set_acl_as_root) {
|
||||
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
unbecome_root();
|
||||
}
|
||||
if(sret == -1) {
|
||||
if (acl_group_override_fsp(fsp)) {
|
||||
@ -3834,9 +3834,9 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct
|
||||
"Override chmod\n",
|
||||
fsp_str_dbg(fsp)));
|
||||
|
||||
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
become_root();
|
||||
sret = SMB_VFS_FCHMOD(fsp, posix_perms);
|
||||
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
unbecome_root();
|
||||
}
|
||||
|
||||
if (sret == -1) {
|
||||
|
Loading…
Reference in New Issue
Block a user