summaryrefslogtreecommitdiff
path: root/source3/passdb/passdb.c
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-11-24 17:33:15 +0000
committerGerald Carter <jerry@samba.org>2003-11-24 17:33:15 +0000
commitf5ee9c7b02d6acf02d8e516c6e258965a029dd79 (patch)
treee3f4ada6b37ff42b987e8d41d7ebbafb6cda082d /source3/passdb/passdb.c
parent8ade0cf1b6eba966fdb3f2544a83c979195cef75 (diff)
downloadsamba-f5ee9c7b02d6acf02d8e516c6e258965a029dd79.tar.gz
samba-f5ee9c7b02d6acf02d8e516c6e258965a029dd79.tar.bz2
samba-f5ee9c7b02d6acf02d8e516c6e258965a029dd79.zip
more access fixes for group enumeration in LDAP; bug 281
(This used to be commit c4ce92e80688fe7fd4b2fde2c31e94baf3e4dca0)
Diffstat (limited to 'source3/passdb/passdb.c')
-rw-r--r--source3/passdb/passdb.c17
1 files changed, 14 insertions, 3 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 7ac8d12198..82b1f9a0eb 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -416,6 +416,7 @@ NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd *pwd)
{
const char *guest_account = lp_guestaccount();
GROUP_MAP map;
+ BOOL ret;
if (!account_data || !pwd) {
return NT_STATUS_INVALID_PARAMETER;
@@ -445,7 +446,11 @@ NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd *pwd)
}
/* call the mapping code here */
- if(pdb_getgrgid(&map, pwd->pw_gid)) {
+ become_root();
+ ret = pdb_getgrgid(&map, pwd->pw_gid);
+ unbecome_root();
+
+ if( ret ) {
if (!pdb_set_group_sid(account_data, &map.sid, PDB_SET)){
DEBUG(0,("Can't set Group SID!\n"));
return NT_STATUS_INVALID_PARAMETER;
@@ -850,6 +855,8 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
return False;
}
+ /* BEGIN ROOT BLOCK */
+
become_root();
if (pdb_getsampwnam(sam_account, user)) {
unbecome_root();
@@ -859,7 +866,6 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
pdb_free_sam(&sam_account);
return True;
}
- unbecome_root();
pdb_free_sam(&sam_account);
@@ -875,8 +881,10 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
} else {
/* it's not a mapped group */
grp = getgrnam(user);
- if(!grp)
+ if(!grp) {
+ unbecome_root(); /* ---> exit form block */
return False;
+ }
/*
*check if it's mapped, if it is reply it doesn't exist
@@ -891,12 +899,15 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
*/
if (pdb_getgrgid(&map, grp->gr_gid)){
+ unbecome_root(); /* ---> exit form block */
return False;
}
sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid));
*psid_name_use = SID_NAME_ALIAS;
}
+ unbecome_root();
+ /* END ROOT BLOCK */
sid_copy( psid, &local_sid);