1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

dosmode.c: prefer use of capabilities at two places over become_root

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
This commit is contained in:
Björn Jacke 2023-11-10 09:58:43 +01:00 committed by Bjoern Jacke
parent a1738e8265
commit c1e2fbb1b9

View File

@ -387,12 +387,12 @@ NTSTATUS fget_ea_dos_attribute(struct files_struct *fsp,
run because in cases like NFS, root might have even less
rights than the real user
*/
become_root();
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
sizeret = SMB_VFS_FGETXATTR(fsp,
SAMBA_XATTR_DOS_ATTRIB,
attrstr,
sizeof(attrstr));
unbecome_root();
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
}
if (sizeret == -1) {
DBG_INFO("Cannot get attribute "
@ -507,14 +507,14 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
return NT_STATUS_ACCESS_DENIED;
}
become_root();
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
ret = SMB_VFS_FSETXATTR(smb_fname->fsp,
SAMBA_XATTR_DOS_ATTRIB,
blob.data, blob.length, 0);
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
if (ret == 0) {
status = NT_STATUS_OK;
}
unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
return status;
}