rpc_server:srvsvc - retrieve share ACL via root context

share_info.tdb has permissions of 0o600 and so we need
to become_root() prior to retrieving the security info.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184

(cherry picked from commit 80c0b416892bfacc0d919fe032461748d7962f05)

diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 233718ff310ca469d71f1a3b43d2cb10b85626a4..fbc617c3ac1b3e3917f842e53ec1e8d70309663f 100644 (file)
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -540,6 +540,7 @@ static bool is_hidden_share(int snum)
 static bool is_enumeration_allowed(struct pipes_struct *p,
                                    int snum)
 {
+       bool allowed;
        struct dcesrv_call_state *dce_call = p->dce_call;
        struct auth_session_info *session_info =
                dcesrv_call_session_info(dce_call);
@@ -556,9 +557,19 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
                return false;
        }
 
-       return share_access_check(session_info->security_token,
-                                 lp_servicename(talloc_tos(), lp_sub, snum),
-                                 FILE_READ_DATA, NULL);
+
+       /*
+        * share_access_check() must be opened as root
+        * because it ultimately gets a R/W db handle on share_info.tdb
+        * which has 0o600 permissions
+        */
+       become_root();
+       allowed = share_access_check(session_info->security_token,
+                                    lp_servicename(talloc_tos(), lp_sub, snum),
+                                    FILE_READ_DATA, NULL);
+       unbecome_root();
+
+       return allowed;
 }
 
 /****************************************************************************