summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2007-02-22 20:52:27 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:18:09 -0500
commit2b52e35770270959d5029fa84932d436652c7193 (patch)
tree08d6d87798509ce14c5da93c9b9c357f00f2897f
parent1945571e3b899bee8a33122bece723ce87b7daed (diff)
downloadsamba-2b52e35770270959d5029fa84932d436652c7193.tar.gz
samba-2b52e35770270959d5029fa84932d436652c7193.tar.bz2
samba-2b52e35770270959d5029fa84932d436652c7193.zip
r21507: Fix some "cannot access LDAP when no root" bugs.
The two culprits were * pdb_get_account_policy() * pdb_get_group_sid() (This used to be commit 6a69caf6907fad01b13aa4358ce5c62506f98495)
-rw-r--r--source3/passdb/pdb_interface.c16
-rw-r--r--source3/rpc_parse/parse_samr.c4
-rw-r--r--source3/rpc_server/srv_samr_nt.c23
3 files changed, 30 insertions, 13 deletions
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 36536e5fea..ce8b46eb0f 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -987,13 +987,25 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
BOOL pdb_get_account_policy(int policy_index, uint32 *value)
{
struct pdb_methods *pdb = pdb_get_methods();
- return NT_STATUS_IS_OK(pdb->get_account_policy(pdb, policy_index, value));
+ NTSTATUS status;
+
+ become_root();
+ status = pdb->get_account_policy(pdb, policy_index, value);
+ unbecome_root();
+
+ return NT_STATUS_IS_OK(status);
}
BOOL pdb_set_account_policy(int policy_index, uint32 value)
{
struct pdb_methods *pdb = pdb_get_methods();
- return NT_STATUS_IS_OK(pdb->set_account_policy(pdb, policy_index, value));
+ NTSTATUS status;
+
+ become_root();
+ status = pdb->set_account_policy(pdb, policy_index, value);
+ unbecome_root();
+
+ return NT_STATUS_IS_OK(status);
}
BOOL pdb_get_seq_num(time_t *seq_num)
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 5b276d9870..e0f5f7f294 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -6331,8 +6331,10 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, struct samu *pw, DOM_SID *
return NT_STATUS_UNSUCCESSFUL;
}
+ become_root();
group_sid = pdb_get_group_sid(pw);
-
+ unbecome_root();
+
if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) {
fstring group_sid_string;
fstring domain_sid_string;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 5c0f50699e..d35d97f2a0 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2179,6 +2179,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
uint32 acc_granted;
BOOL ret;
NTSTATUS result;
+ BOOL success = False;
/*
* from the SID in the request:
@@ -2223,9 +2224,15 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
sids = NULL;
+ /* make both calls inside the root block */
become_root();
result = pdb_enum_group_memberships(p->mem_ctx, sam_pass,
&sids, &unix_gids, &num_groups);
+ if ( NT_STATUS_IS_OK(result) ) {
+ success = sid_peek_check_rid(get_global_sam_sid(),
+ pdb_get_group_sid(sam_pass),
+ &primary_group_rid);
+ }
unbecome_root();
if (!NT_STATUS_IS_OK(result)) {
@@ -2234,15 +2241,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
return result;
}
- gids = NULL;
- num_gids = 0;
-
- dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
- SE_GROUP_ENABLED);
-
- if (!sid_peek_check_rid(get_global_sam_sid(),
- pdb_get_group_sid(sam_pass),
- &primary_group_rid)) {
+ if ( !success ) {
DEBUG(5, ("Group sid %s for user %s not in our domain\n",
sid_string_static(pdb_get_group_sid(sam_pass)),
pdb_get_username(sam_pass)));
@@ -2250,8 +2249,12 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- dom_gid.g_rid = primary_group_rid;
+ gids = NULL;
+ num_gids = 0;
+ dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
+ SE_GROUP_ENABLED);
+ dom_gid.g_rid = primary_group_rid;
ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids);
for (i=0; i<num_groups; i++) {