The branch, master has been updated via 1edf9ecaf56 posix_acls.c: prefer capabilities over become_root via b250f25fe40 open.c: prefer capabilities over become_root via 4227b011f6a vfs_recycle.c: prefer capabilities over become_root via 92278418dc8 vfs_posix_eadb.c: prefer capabilities over become_root via 62464bd2db2 vfs_default.c: prefer capabilities over become_root via 0e3836e3961 vfs_acl_xattr.c: prefer capabilities over become_root via 12734848dc9 vfs_acl_common.c: prefer capabilities over become_root via 06e5c1e32ea nfs4_acls.c: prefer capabilities over become_root via 944cb51506a token_util.c: prefer capabilities over become_root via c1e2fbb1b9a dosmode.c: prefer use of capabilities at two places over become_root via a1738e8265d system.c: fall back to become_root if CAP_DAC_OVERRIDE isn't usable from 4481a67c1b2 smbd: fix close order of base_fsp and stream_fsp in smb_fname_fsp_destructor()
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 1edf9ecaf56f3312e199e633bff0804243042e33 Author: Björn Jacke <b...@sernet.de> Date: Fri Jun 17 07:28:01 2022 +0200 posix_acls.c: prefer capabilities over become_root Signed-off-by: Bjoern Jacke <bja...@samba.org> Reviewed-by: Christof Schmitt <c...@samba.org> Autobuild-User(master): Björn Jacke <bja...@samba.org> Autobuild-Date(master): Thu Nov 16 22:39:05 UTC 2023 on atb-devel-224 commit b250f25fe407f9a6269b804382de4854501f2d86 Author: Björn Jacke <b...@sernet.de> Date: Fri Jun 17 07:27:38 2022 +0200 open.c: prefer capabilities over become_root Signed-off-by: Bjoern Jacke <bja...@samba.org> Reviewed-by: Christof Schmitt <c...@samba.org> commit 4227b011f6ada97a4cd72a440ed887ffdb3f219e Author: Björn Jacke <b...@sernet.de> Date: Fri Jun 17 07:26:53 2022 +0200 vfs_recycle.c: prefer capabilities over become_root Signed-off-by: Bjoern Jacke <bja...@samba.org> Reviewed-by: Christof Schmitt <c...@samba.org> commit 92278418dc885ed411f545e73c800ce93f858090 Author: Björn Jacke <b...@sernet.de> Date: Fri Jun 17 07:26:30 2022 +0200 vfs_posix_eadb.c: prefer capabilities over become_root Signed-off-by: Bjoern Jacke <bja...@samba.org> Reviewed-by: Christof Schmitt <c...@samba.org> commit 62464bd2db2a95b1253364f4493bbb6770b73193 Author: Björn Jacke <b...@sernet.de> Date: Fri Jun 17 07:26:02 2022 +0200 vfs_default.c: prefer capabilities over become_root Signed-off-by: Bjoern Jacke <bja...@samba.org> Reviewed-by: Christof Schmitt <c...@samba.org> commit 0e3836e3961f2b7c39173ce1023d3c92addef630 Author: Björn Jacke <b...@sernet.de> Date: Fri Jun 17 07:25:37 2022 +0200 vfs_acl_xattr.c: prefer capabilities over become_root Signed-off-by: Bjoern Jacke <bja...@samba.org> Reviewed-by: Christof Schmitt <c...@samba.org> commit 12734848dc9901b932644139aaa7e3f78e55c8dc Author: Björn Jacke <b...@sernet.de> Date: Fri Jun 17 07:25:08 2022 +0200 vfs_acl_common.c: prefer capabilities over become_root Signed-off-by: Bjoern Jacke <bja...@samba.org> Reviewed-by: Christof Schmitt <c...@samba.org> commit 06e5c1e32ea7907523cc19f021225e7541e2075f Author: Björn Jacke <b...@sernet.de> Date: Fri Jun 17 07:24:28 2022 +0200 nfs4_acls.c: prefer capabilities over become_root Signed-off-by: Bjoern Jacke <bja...@samba.org> Reviewed-by: Christof Schmitt <c...@samba.org> commit 944cb51506a94084d7ab52ee044fe6f66e1aaeb9 Author: Björn Jacke <b...@sernet.de> Date: Fri Jun 17 07:22:57 2022 +0200 token_util.c: prefer capabilities over become_root Signed-off-by: Bjoern Jacke <bja...@samba.org> Reviewed-by: Christof Schmitt <c...@samba.org> commit c1e2fbb1b9a7551becf5caa0f08d434edf9ad862 Author: Björn Jacke <b...@sernet.de> Date: Fri Nov 10 09:58:43 2023 +0100 dosmode.c: prefer use of capabilities at two places over become_root Signed-off-by: Bjoern Jacke <bja...@samba.org> Reviewed-by: Christof Schmitt <c...@samba.org> commit a1738e8265dd256c5a1064482a6dfccbf9ca44f1 Author: Björn Jacke <b...@sernet.de> Date: Thu Nov 9 14:56:06 2023 +0100 system.c: fall back to become_root if CAP_DAC_OVERRIDE isn't usable BUG: https://bugzilla.samba.org/show_bug.cgi?id=15093 Signed-off-by: Bjoern Jacke <bja...@samba.org> Reviewed-by: Christof Schmitt <c...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/auth/token_util.c | 4 ++-- source3/lib/system.c | 31 +++++++++++++++++++++++++++++-- source3/modules/nfs4_acls.c | 4 ++-- source3/modules/vfs_acl_common.c | 8 ++++---- source3/modules/vfs_acl_xattr.c | 12 ++++++------ source3/modules/vfs_default.c | 4 ++-- source3/modules/vfs_posix_eadb.c | 4 ++-- source3/modules/vfs_recycle.c | 4 ++-- source3/smbd/dosmode.c | 8 ++++---- source3/smbd/open.c | 12 ++++++------ source3/smbd/posix_acls.c | 40 ++++++++++++++++++++-------------------- 11 files changed, 79 insertions(+), 52 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 023ad7cbb02..a7ff9bd6c3f 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -699,7 +699,7 @@ NTSTATUS finalize_local_nt_token(struct security_token *result, /* Add in BUILTIN sids */ - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); ok = secrets_fetch_domain_sid(lp_workgroup(), &_dom_sid); if (ok) { domain_sid = &_dom_sid; @@ -707,7 +707,7 @@ NTSTATUS finalize_local_nt_token(struct security_token *result, DEBUG(3, ("Failed to fetch domain sid for %s\n", lp_workgroup())); } - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); info = talloc_zero(talloc_tos(), struct acct_info); if (info == NULL) { diff --git a/source3/lib/system.c b/source3/lib/system.c index 132e5827b37..bdaa723fd3c 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -643,18 +643,45 @@ static bool set_process_capability(enum smbd_capability capability, Gain the oplock capability from the kernel if possible. ****************************************************************************/ +#if defined(HAVE_POSIX_CAPABILITIES) && defined(CAP_DAC_OVERRIDE) +static bool have_cap_dac_override = true; +#else +static bool have_cap_dac_override = false; +#endif + void set_effective_capability(enum smbd_capability capability) { + bool ret = false; + + if (capability != DAC_OVERRIDE_CAPABILITY || have_cap_dac_override) { #if defined(HAVE_POSIX_CAPABILITIES) - set_process_capability(capability, True); + ret = set_process_capability(capability, True); #endif /* HAVE_POSIX_CAPABILITIES */ + } + + /* + * Fallback to become_root() if CAP_DAC_OVERRIDE is not + * available. + */ + if (capability == DAC_OVERRIDE_CAPABILITY) { + if (!ret) { + have_cap_dac_override = false; + } + if (!have_cap_dac_override) { + become_root(); + } + } } void drop_effective_capability(enum smbd_capability capability) { + if (capability != DAC_OVERRIDE_CAPABILITY || have_cap_dac_override) { #if defined(HAVE_POSIX_CAPABILITIES) - set_process_capability(capability, False); + set_process_capability(capability, False); #endif /* HAVE_POSIX_CAPABILITIES */ + } else { + unbecome_root(); + } } /************************************************************************** diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 44c4718d3e4..cc9233da87d 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -1201,12 +1201,12 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, smbacl4_dump_nfs4acl(10, theacl); if (set_acl_as_root) { - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); } result = set_nfs4_native(handle, fsp, theacl); saved_errno = errno; if (set_acl_as_root) { - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); } TALLOC_FREE(frame); diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index daad612e565..692e776d10c 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -761,9 +761,9 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp, /* Ok, we failed to chown and we have SEC_STD_WRITE_OWNER access - override. */ - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); return status; } @@ -1069,7 +1069,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle, goto out; } - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); if (is_directory) { ret = SMB_VFS_NEXT_UNLINKAT(handle, dirfsp, @@ -1081,7 +1081,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle, smb_fname, 0); } - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); if (ret == -1) { saved_errno = errno; diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 1a3ab34d659..ee247a312f7 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -46,12 +46,12 @@ static ssize_t getxattr_do(vfs_handle_struct *handle, ssize_t sizeret; int saved_errno = 0; - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); sizeret = SMB_VFS_FGETXATTR(fsp, xattr_name, val, size); if (sizeret == -1) { saved_errno = errno; } - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); if (saved_errno != 0) { errno = saved_errno; @@ -132,13 +132,13 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle, DEBUG(10,("store_acl_blob_fsp: storing blob length %u on file %s\n", (unsigned int)pblob->length, fsp_str_dbg(fsp))); - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); ret = SMB_VFS_FSETXATTR(fsp, XATTR_NTACL_NAME, pblob->data, pblob->length, 0); if (ret) { saved_errno = errno; } - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); if (ret) { DEBUG(5, ("store_acl_blob_fsp: setting attr failed for file %s" "with error %s\n", @@ -175,9 +175,9 @@ static int sys_acl_set_fd_xattr(vfs_handle_struct *handle, return 0; } - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); SMB_VFS_FREMOVEXATTR(fsp, XATTR_NTACL_NAME); - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); return 0; } diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index d1a19568e4e..3c412f346e1 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -1891,14 +1891,14 @@ static void vfswrap_get_dos_attributes_getxattr_done(struct tevent_req *subreq) state->as_root = true; - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); subreq = SMB_VFS_GETXATTRAT_SEND(state, state->ev, state->dir_fsp, state->smb_fname, SAMBA_XATTR_DOS_ATTRIB, sizeof(fstring)); - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); if (tevent_req_nomem(subreq, req)) { return; } diff --git a/source3/modules/vfs_posix_eadb.c b/source3/modules/vfs_posix_eadb.c index b3e21b09b8c..34769f58a69 100644 --- a/source3/modules/vfs_posix_eadb.c +++ b/source3/modules/vfs_posix_eadb.c @@ -213,12 +213,12 @@ static bool posix_eadb_init(int snum, struct tdb_wrap **p_db) lp_ctx = loadparm_init_s3(NULL, loadparm_s3_helpers()); - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); db = tdb_wrap_open(NULL, eadb, 50000, lpcfg_tdb_flags(lp_ctx, TDB_DEFAULT), O_RDWR|O_CREAT, 0600); - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); talloc_unlink(NULL, lp_ctx); /* now we know dbname is not NULL */ diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c index b794ebc2d8c..b03db6a3b7f 100644 --- a/source3/modules/vfs_recycle.c +++ b/source3/modules/vfs_recycle.c @@ -441,10 +441,10 @@ static void recycle_do_touch(vfs_handle_struct *handle, /* mtime */ ft.mtime = touch_mtime ? ft.atime : smb_fname_tmp->st.st_ex_mtime; - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); ret = SMB_VFS_NEXT_FNTIMES(handle, smb_fname_tmp->fsp, &ft); err = errno; - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); if (ret == -1 ) { DEBUG(0, ("recycle: touching %s failed, reason = %s\n", smb_fname_str_dbg(smb_fname_tmp), strerror(err))); diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 41241fd2bfc..5dfab65984a 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -387,12 +387,12 @@ NTSTATUS fget_ea_dos_attribute(struct files_struct *fsp, run because in cases like NFS, root might have even less rights than the real user */ - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); sizeret = SMB_VFS_FGETXATTR(fsp, SAMBA_XATTR_DOS_ATTRIB, attrstr, sizeof(attrstr)); - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); } if (sizeret == -1) { DBG_INFO("Cannot get attribute " @@ -507,14 +507,14 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn, return NT_STATUS_ACCESS_DENIED; } - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); ret = SMB_VFS_FSETXATTR(smb_fname->fsp, SAMBA_XATTR_DOS_ATTRIB, blob.data, blob.length, 0); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); if (ret == 0) { status = NT_STATUS_OK; } - unbecome_root(); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index cb1e2adbf1e..30d0d3ab728 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1054,11 +1054,11 @@ static void change_file_owner_to_parent_fsp(struct files_struct *parent_fsp, return; } - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); ret = SMB_VFS_FCHOWN(fsp, parent_fsp->fsp_name->st.st_ex_uid, (gid_t)-1); - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); if (ret == -1) { DBG_ERR("failed to fchown " "file %s to parent directory uid %u. Error " @@ -1091,11 +1091,11 @@ static NTSTATUS change_dir_owner_to_parent_fsp(struct files_struct *parent_fsp, return NT_STATUS_OK; } - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); ret = SMB_VFS_FCHOWN(fsp, parent_fsp->fsp_name->st.st_ex_uid, (gid_t)-1); - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); if (ret == -1) { status = map_nt_error_from_unix(errno); DBG_ERR("failed to chown " @@ -5558,13 +5558,13 @@ static NTSTATUS inherit_new_acl(files_struct *dirfsp, files_struct *fsp) if (inherit_owner) { /* We need to be root to force this. */ - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); } status = SMB_VFS_FSET_NT_ACL(metadata_fsp(fsp), security_info_sent, psd); if (inherit_owner) { - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); } TALLOC_FREE(frame); return status; diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index d275bdb908b..530056175e0 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -2944,11 +2944,11 @@ static bool set_canon_ace_list(files_struct *fsp, "file [%s] primary group.\n", fsp_str_dbg(fsp)); - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); sret = SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl_type, the_acl); - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); if (sret == 0) { ret = true; } @@ -3441,12 +3441,12 @@ static NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid) if (has_take_ownership_priv || has_restore_priv) { status = NT_STATUS_OK; - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); ret = SMB_VFS_FCHOWN(fsp, uid, gid); if (ret != 0) { status = map_nt_error_from_unix(errno); } - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); return status; } } @@ -3480,13 +3480,13 @@ static NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid) } status = NT_STATUS_OK; - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); /* Keep the current file gid the same. */ ret = SMB_VFS_FCHOWN(fsp, uid, (gid_t)-1); if (ret != 0) { status = map_nt_error_from_unix(errno); } - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); return status; } @@ -3707,12 +3707,12 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct if (acl_perms && file_ace_list) { if (set_acl_as_root) { - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); } ret = set_canon_ace_list(fsp, file_ace_list, false, &fsp->fsp_name->st, &acl_set_support); if (set_acl_as_root) { - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); } if (acl_set_support && ret == false) { DEBUG(3,("set_nt_acl: failed to set file acl on file " @@ -3727,13 +3727,13 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct if (acl_perms && acl_set_support && fsp->fsp_flags.is_directory) { if (dir_ace_list) { if (set_acl_as_root) { - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); } ret = set_canon_ace_list(fsp, dir_ace_list, true, &fsp->fsp_name->st, &acl_set_support); if (set_acl_as_root) { - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); } if (ret == false) { DEBUG(3,("set_nt_acl: failed to set default " @@ -3751,11 +3751,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct */ if (set_acl_as_root) { - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); } sret = SMB_VFS_SYS_ACL_DELETE_DEF_FD(fsp); if (set_acl_as_root) { - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); } if (sret == -1) { if (acl_group_override_fsp(fsp)) { @@ -3765,10 +3765,10 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct "Override delete_def_acl\n", fsp_str_dbg(fsp))); - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); sret = SMB_VFS_SYS_ACL_DELETE_DEF_FD(fsp); - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); } if (sret == -1) { @@ -3786,14 +3786,14 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct if (acl_set_support) { if (set_acl_as_root) { - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); } store_inheritance_attributes(fsp, file_ace_list, dir_ace_list, psd->type); if (set_acl_as_root) { - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); } } @@ -3820,11 +3820,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct fsp_str_dbg(fsp), (unsigned int)posix_perms)); if (set_acl_as_root) { - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); } sret = SMB_VFS_FCHMOD(fsp, posix_perms); if (set_acl_as_root) { - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); } if(sret == -1) { if (acl_group_override_fsp(fsp)) { @@ -3834,9 +3834,9 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct "Override chmod\n", fsp_str_dbg(fsp))); - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); sret = SMB_VFS_FCHMOD(fsp, posix_perms); - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); } if (sret == -1) { -- Samba Shared Repository