sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-24 02:04:21 +03:00
Code

system.c: fall back to become_root if CAP_DAC_OVERRIDE isn't usable

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15093

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
This commit is contained in:
Björn Jacke 2023-11-09 14:56:06 +01:00 committed by Bjoern Jacke
parent 4481a67c1b
commit a1738e8265
1 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
source3/lib/system.c
View File

@ -643,18 +643,45 @@ static bool set_process_capability(enum smbd_capability capability,
Gain the oplock capability from the kernel if possible.
****************************************************************************/
#if defined(HAVE_POSIX_CAPABILITIES) && defined(CAP_DAC_OVERRIDE)
static bool have_cap_dac_override = true;
#else
static bool have_cap_dac_override = false;
#endif
void set_effective_capability(enum smbd_capability capability)
{
bool ret = false;
if (capability != DAC_OVERRIDE_CAPABILITY || have_cap_dac_override) {
#if defined(HAVE_POSIX_CAPABILITIES)
set_process_capability(capability, True);
ret = set_process_capability(capability, True);
#endif /* HAVE_POSIX_CAPABILITIES */
}
/*
* Fallback to become_root() if CAP_DAC_OVERRIDE is not
* available.
*/
if (capability == DAC_OVERRIDE_CAPABILITY) {
if (!ret) {
have_cap_dac_override = false;
}
if (!have_cap_dac_override) {
become_root();
}
}
}
void drop_effective_capability(enum smbd_capability capability)
{
if (capability != DAC_OVERRIDE_CAPABILITY || have_cap_dac_override) {
#if defined(HAVE_POSIX_CAPABILITIES)
set_process_capability(capability, False);
set_process_capability(capability, False);
#endif /* HAVE_POSIX_CAPABILITIES */
} else {
unbecome_root();
}
}
/**************************************************************************