Revert "rpc_server:srvsvc - retrieve share ACL via root context"

This reverts commit 80c0b41. With the previous patch it is no longer required. We open share_info.tdb as root when starting up rpcd_classic and keep it open. Commit 80c0b41 only fixed the problem in one place, but we had it in a lot more places... Bug: https://bugzilla.samba.org/show_bug.cgi?id=15265 Signed-off-by: Volker Lendecke <[email protected]> Reviewed-by: Stefan Metzmacher <[email protected]> Autobuild-User(master): Stefan Metzmacher <[email protected]> Autobuild-Date(master): Wed Dec 20 11:20:51 UTC 2023 on atb-devel-224
Orval1 · Dec 20, 2023 · 8cfc6ea · 8cfc6ea
1 parent ff3b500
commit 8cfc6ea
Showing 1 changed file with 3 additions and 14 deletions.
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -542,7 +542,6 @@ static bool is_hidden_share(int snum)
 static bool is_enumeration_allowed(struct pipes_struct *p,
                                    int snum)
 {
-	bool allowed;
 	struct dcesrv_call_state *dce_call = p->dce_call;
 	struct auth_session_info *session_info =
 		dcesrv_call_session_info(dce_call);
@@ -559,19 +558,9 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
 		return false;
 	}
 
-
-	/*
-	 * share_access_check() must be opened as root
-	 * because it ultimately gets a R/W db handle on share_info.tdb
-	 * which has 0o600 permissions
-	 */
-	become_root();
-	allowed = share_access_check(session_info->security_token,
-				     lp_servicename(talloc_tos(), lp_sub, snum),
-				     FILE_READ_DATA, NULL);
-	unbecome_root();
-
-	return allowed;
+	return share_access_check(session_info->security_token,
+				  lp_servicename(talloc_tos(), lp_sub, snum),
+				  FILE_READ_DATA, NULL);
 }
 
 /****************************************************************************