samba - Feb 2023 - Can't change directory owner

Hello Rowland,

If  has_restore_priv is true it runs  SMB_VFS_FCHOWN as root:

===  if (has_take_ownership_priv || has_restore_priv) {
status = NT_STATUS_OK;
become_root();
ret = SMB_VFS_FCHOWN(fsp, uid, gid);
if (ret != 0) {
status = map_nt_error_from_unix(errno);
}
unbecome_root();
return status;
===
It' Solaris Unix.

Regards
Andrea


On Tue, Feb 7, 2023 at 4:26 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
>
>
> On 07/02/2023 14:51, Andrea Cucciarre wrote:
> > Hello Rowland,
> >
> > It seems to me that it proceeds in the code you pasted
>
> If you follow the code in try_chown, if you have the restore privilege
> it doesn't seem to do anything (Case 2):
>
>         /* Case (2) / (3) */
>         if (lp_enable_privileges()) {
>                 bool has_take_ownership_priv >
security_token_has_privilege(
>
> get_current_nttok(fsp->conn),
>                                                 SEC_PRIV_TAKE_OWNERSHIP);
>                 bool has_restore_priv = security_token_has_privilege(
>
> get_current_nttok(fsp->conn),
>                                                 SEC_PRIV_RESTORE);
>
>                 if (has_restore_priv) {
>                         ; /* Case (2) */
>                 } else if (has_take_ownership_priv) {
>                         /* Case (3) */
>                         if (uid == get_current_uid(fsp->conn)) {
>                                 gid = (gid_t)-1;
>                         } else {
>                                 has_take_ownership_priv = false;
>                         }
>                 }
>
>
> (since dos
> > filemode = Yes) cause in the following previous piece of code it
> > establishes that the user doesn't have the SEC_PRIV_RESTORE, which
is
> > what I don't understand cause that user has the
SeRestorePrivilege:
>
> But from my reading, having that privilege doesn't do anything.
> It gets nearly all the way through that block of code and fails at the
> block I posted earlier and returns with 'NT_STATUS_INVALID_OWNER'
>
> >
> > ==========> >   if (lp_enable_privileges()) {
> > bool has_take_ownership_priv = security_token_has_privilege(
> > get_current_nttok(fsp->conn),
> > SEC_PRIV_TAKE_OWNERSHIP);
> > bool has_restore_priv = security_token_has_privilege(
> > get_current_nttok(fsp->conn),
> > SEC_PRIV_RESTORE);
> >
> > if (has_restore_priv) {
> > ; /* Case (2) */
> > } else if (has_take_ownership_priv) {
> > /* Case (3) */
> > if (uid == get_current_uid(fsp->conn)) {
> > gid = (gid_t)-1;
> > } else {
> > has_take_ownership_priv = false;
> > }
> > }
> >
> > if (has_take_ownership_priv || has_restore_priv) {
> > status = NT_STATUS_OK;
> > become_root();
> > ret = SMB_VFS_FCHOWN(fsp, uid, gid);
> > if (ret != 0) {
> > status = map_nt_error_from_unix(errno);
> > }
> > unbecome_root();
> > return status;
> > =======> >
> > Please note that  windows Administrator user can successfully change
the
> > owner.
> > Below the output you requested [note that the user 'andrea'
(id 11142)
> > wants to set the owner of the directory to user 'betty' (id
11150)]:
> >
> > # testparm -s
> > Load smb config files from /opt/samba/etc/smb.conf
> > lpcfg_do_global_parameter: WARNING: The "enable privileges"
option is
> > deprecated
> > Loaded services file OK.
> > Weak crypto is allowed
> > Server role: ROLE_DOMAIN_MEMBER
> >
> > # Global parameters
> > [global]
> >          client ldap sasl wrapping = plain
> >          dedicated keytab file = /etc/krb5.keytab
> >          disable spoolss = Yes
> >          host msdfs = No
> >          kerberos method = secrets and keytab
> >          load printers = No
> >          local master = No
> >          log file = /opt/samba/log/%I-%M-%m.log
> >          map to guest = Bad User
> >          max log size = 100000
> >          preferred master = No
> >          printcap name = /dev/null
> >          realm = HF3.LOCAL
> >          security = ADS
> >          server string = Data %h
> >          winbind enum groups = Yes
> >          winbind enum users = Yes
> >          winbind expand groups = 4
> >          winbind nss info = rfc2307
> >          winbind refresh tickets = Yes
> >          workgroup = HYPERFILE3
> >          idmap config hyperfile3 : schema_mode = rfc2307
> >          idmap config hyperfile3 : range = 10000-20000000
> >          idmap config hyperfile3 : backend = rid
> >          idmap config * : schema_mode = rfc2307
> >          idmap config * : range = 3000-4000
> >          idmap config * : backend = tdb
> >          map acl inherit = Yes
> >          vfs objects = zfsacl
>
> What distro is this ? Freebsd ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
Andrea Cucciarre'
Global Technical Support Manager
Cloudian Inc.

On 07/02/2023 15:35, Andrea Cucciarre wrote:
> Hello Rowland,
> 
> If has_restore_priv is true it runs SMB_VFS_FCHOWN as root:
Yes you are correct, I do not write 'C' and read it just a bit more :-D
> 
> ===>  ? if (has_take_ownership_priv || has_restore_priv) {
> status = NT_STATUS_OK;
> become_root();
> ret = SMB_VFS_FCHOWN(fsp, uid, gid);
> if (ret != 0) {
> status = map_nt_error_from_unix(errno);
> }
> unbecome_root();
> return status;
> ===
The problem is that it should (by my reading) return either 
'NT_STATUS_OK' or what 'map_nt_error_from_unix(errno)' would
return and
as far as I can see, that cannot return 'NT_STATUS_INVALID_OWNER'

To me, this looks like,for some reason, the users restore privilege is 
being ignored, that block of code is being ignored and it is dropping 
down to the block of code where the user supplied is checked against the 
actually user that is connected and if they do not match, then you get 
the message 'NT_STATUS_INVALID_OWNER'.
> 
> It' Solaris Unix.
> 
>
What version of Samba is this ?

Rowland