diff options
author | Gerald Carter <jerry@samba.org> | 2003-11-07 23:04:52 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-11-07 23:04:52 +0000 |
commit | f9230c937b1304e6864aa020a4e102749ca6f8ae (patch) | |
tree | fb28683d2cdbe91ccb213c8f7494412e9a0edee9 | |
parent | a3aa2c9ed44f5967986d340456efd5828bd5f2ff (diff) | |
download | samba-f9230c937b1304e6864aa020a4e102749ca6f8ae.tar.gz samba-f9230c937b1304e6864aa020a4e102749ca6f8ae.tar.bz2 samba-f9230c937b1304e6864aa020a4e102749ca6f8ae.zip |
* only install swat html files once
* revert the change that prevent the guest
account from being added to a passdb backend
since it broke the build farm.
* apply patch from Alex Deiter to fix the
"smbldap_open: cannot access when not root
error" messages when looking up group
information (bug 281)
(This used to be commit 20bd309239199d85accb2b7aac6d4dd73e414f85)
-rw-r--r-- | source3/passdb/pdb_guest.c | 5 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 20 | ||||
-rwxr-xr-x | source3/script/installswat.sh | 26 |
3 files changed, 34 insertions, 17 deletions
diff --git a/source3/passdb/pdb_guest.c b/source3/passdb/pdb_guest.c index 7e9c2a9e1b..8c1d4c7b0f 100644 --- a/source3/passdb/pdb_guest.c +++ b/source3/passdb/pdb_guest.c @@ -110,7 +110,10 @@ static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT static NTSTATUS guestsam_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd) { -#if 0 /* JERRY */ +#if 1 /* JERRY */ + + /* apparently thr build farm relies upon this heavior :-( */ + return methods->parent->pdb_add_sam_account(methods->parent, newpwd); #else /* I don't think we should allow any modification of diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 446eff9045..b3e6478c88 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -894,7 +894,9 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM /* well-known aliases */ if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) { + become_root(); pdb_enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED); + unbecome_root(); if (num_entries != 0) { *d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP)); @@ -914,6 +916,7 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM struct sys_grent *grp; gid_t winbind_gid_low, winbind_gid_high; BOOL winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high); + BOOL ret; /* local aliases */ /* we return the UNIX groups here. This seems to be the right */ @@ -930,7 +933,10 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM for (; (num_entries < max_entries) && (grp != NULL); grp = grp->next) { uint32 trid; - if(!pdb_getgrgid(&smap, grp->gr_gid)) + become_root(); + ret = pdb_getgrgid(&smap, grp->gr_gid); + unbecome_root(); + if( !ret ) continue; if (smap.sid_name_use!=SID_NAME_ALIAS) { @@ -4111,6 +4117,7 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM int num_uids=0; GROUP_INFO_CTR *ctr; uint32 acc_granted; + BOOL ret; if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; @@ -4119,7 +4126,10 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM return r_u->status; } - if (!get_domain_group_from_sid(group_sid, &map)) + become_root(); + ret = get_domain_group_from_sid(group_sid, &map); + unbecome_root(); + if (!ret) return NT_STATUS_INVALID_HANDLE; ctr=(GROUP_INFO_CTR *)talloc_zero(p->mem_ctx, sizeof(GROUP_INFO_CTR)); @@ -4271,6 +4281,7 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G size_t sd_size; NTSTATUS status; fstring sid_string; + BOOL ret; if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; @@ -4305,7 +4316,10 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G DEBUG(10, ("_samr_open_group:Opening SID: %s\n", sid_string)); /* check if that group really exists */ - if (!get_domain_group_from_sid(info->sid, &map)) + become_root(); + ret = get_domain_group_from_sid(info->sid, &map); + unbecome_root(); + if (!ret) return NT_STATUS_NO_SUCH_GROUP; /* get a (unique) handle. open a policy on it. */ diff --git a/source3/script/installswat.sh b/source3/script/installswat.sh index 7841a2a7b5..be0cdf3eef 100755 --- a/source3/script/installswat.sh +++ b/source3/script/installswat.sh @@ -28,16 +28,16 @@ done # Install images for ln in $LANGS; do -for f in $SRCDIR../swat/$ln/images/*.gif; do + for f in $SRCDIR../swat/$ln/images/*.gif; do FNAME=$SWATDIR/$ln/images/`basename $f` echo $FNAME cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges? chmod 0644 $FNAME -done + done -# Install html help + # Install html help -for f in $SRCDIR../swat/$ln/help/*.html; do + for f in $SRCDIR../swat/$ln/help/*.html; do FNAME=$SWATDIR/$ln/help/`basename $f` echo $FNAME if [ "x$BOOKDIR" = "x" ]; then @@ -49,28 +49,28 @@ for f in $SRCDIR../swat/$ln/help/*.html; do cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges? rm -f $f chmod 0644 $FNAME -done + done -# Install html documentation + # Install "server-side" includes -for f in $SRCDIR../docs/htmldocs/*.html; do - FNAME=$SWATDIR/help/`basename $f` + for f in $SRCDIR../swat/$ln/include/*.html; do + FNAME=$SWATDIR/$ln/include/`basename $f` echo $FNAME cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges? chmod 0644 $FNAME + done + done -# Install "server-side" includes +# Install html documentation -for f in $SRCDIR../swat/$ln/include/*.html; do - FNAME=$SWATDIR/$ln/include/`basename $f` +for f in $SRCDIR../docs/htmldocs/*.html; do + FNAME=$SWATDIR/help/`basename $f` echo $FNAME cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges? chmod 0644 $FNAME done -done - # Install Using Samba book (but only if it is there) if [ "x$BOOKDIR" != "x" -a -f $SRCDIR../docs/htmldocs/using_samba/toc.html ]; then |