Just to let you know that I can reproduce the same issue also on Samba that
comes with Ubuntu 22.04 (Version 4.15.13-Ubuntu).
The debug logs shows that in the security token for user "andrea" the
Privileges are missing
[2023/02/08 10:06:05.624154, 5]
../../libcli/security/security_token.c:57(security_token_debug)
Security token SIDs (13):
<SNIP>
Privileges (0x 0):
Rights (0x 0):
If I use the "Administrator" user the Privileges are present in the
security token:
[2023/02/08 10:49:21.253173, 5]
../../libcli/security/security_token.c:57(security_token_debug)
Security token SIDs (25):
<SNIP>
Privileges (0x 1FFFFFF0):
Privilege[ 0]: SeMachineAccountPrivilege
Privilege[ 1]: SeTakeOwnershipPrivilege
Privilege[ 2]: SeBackupPrivilege
Privilege[ 3]: SeRestorePrivilege
Privilege[ 4]: SeRemoteShutdownPrivilege
Privilege[ 5]: SePrintOperatorPrivilege
Privilege[ 6]: SeAddUsersPrivilege
Privilege[ 7]: SeDiskOperatorPrivilege
Privilege[ 8]: SeSecurityPrivilege
Privilege[ 9]: SeSystemtimePrivilege
Privilege[ 10]: SeShutdownPrivilege
Privilege[ 11]: SeDebugPrivilege
Privilege[ 12]: SeSystemEnvironmentPrivilege
Privilege[ 13]: SeSystemProfilePrivilege
Privilege[ 14]: SeProfileSingleProcessPrivilege
Privilege[ 15]: SeIncreaseBasePriorityPrivilege
Privilege[ 16]: SeLoadDriverPrivilege
Privilege[ 17]: SeCreatePagefilePrivilege
Privilege[ 18]: SeIncreaseQuotaPrivilege
Privilege[ 19]: SeChangeNotifyPrivilege
Privilege[ 20]: SeUndockPrivilege
Since the following Samba command shows the privileges for user
"andrea"
are present:
# net rpc rights list 'HYPERFILE3\andrea' -S 10.50.50.85 -U
administrator
SeBackupPrivilege
SeRestorePrivilege
then it seems a bug on how Samba fills the security token.
Regards
Andrea
On Wed, Feb 8, 2023 at 9:04 AM Andrea Cucciarre <acucciarre at
cloudian.com>
wrote:
> Hello Rowland,
>
> Yes, that is also my understanding.
> However, since we have a Samba command that recognize the SEC_PRIV_RESTORE
> for that user (command "net rpc rights..."), then why does the
try_chown()
> believe there's no such privilege?
> My guess is that for some reason (bug?) it's not in the security token.
>
> Regards
> Andrea
>
>
> On Tue, Feb 7, 2023 at 6:08 PM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>>
>>
>> On 07/02/2023 15:35, Andrea Cucciarre wrote:
>> > Hello Rowland,
>> >
>> > If has_restore_priv is true it runs SMB_VFS_FCHOWN as root:
>>
>> Yes you are correct, I do not write 'C' and read it just a bit
more :-D
>>
>> >
>> > ===>> > if (has_take_ownership_priv ||
has_restore_priv) {
>> > status = NT_STATUS_OK;
>> > become_root();
>> > ret = SMB_VFS_FCHOWN(fsp, uid, gid);
>> > if (ret != 0) {
>> > status = map_nt_error_from_unix(errno);
>> > }
>> > unbecome_root();
>> > return status;
>> > ===>>
>> The problem is that it should (by my reading) return either
>> 'NT_STATUS_OK' or what 'map_nt_error_from_unix(errno)'
would return and
>> as far as I can see, that cannot return
'NT_STATUS_INVALID_OWNER'
>>
>> To me, this looks like,for some reason, the users restore privilege is
>> being ignored, that block of code is being ignored and it is dropping
>> down to the block of code where the user supplied is checked against
the
>> actually user that is connected and if they do not match, then you get
>> the message 'NT_STATUS_INVALID_OWNER'.
>>
>> >
>> > It' Solaris Unix.
>> >
>> >
>> What version of Samba is this ?
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
> --
> Andrea Cucciarre'
> Global Technical Support Manager
> Cloudian Inc.
>
--
Andrea Cucciarre'
Global Technical Support Manager
Cloudian Inc.