diff options
author | Gerald Carter <jerry@samba.org> | 2003-11-24 17:33:15 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-11-24 17:33:15 +0000 |
commit | f5ee9c7b02d6acf02d8e516c6e258965a029dd79 (patch) | |
tree | e3f4ada6b37ff42b987e8d41d7ebbafb6cda082d /source3/passdb/passdb.c | |
parent | 8ade0cf1b6eba966fdb3f2544a83c979195cef75 (diff) | |
download | samba-f5ee9c7b02d6acf02d8e516c6e258965a029dd79.tar.gz samba-f5ee9c7b02d6acf02d8e516c6e258965a029dd79.tar.bz2 samba-f5ee9c7b02d6acf02d8e516c6e258965a029dd79.zip |
more access fixes for group enumeration in LDAP; bug 281
(This used to be commit c4ce92e80688fe7fd4b2fde2c31e94baf3e4dca0)
Diffstat (limited to 'source3/passdb/passdb.c')
-rw-r--r-- | source3/passdb/passdb.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 7ac8d12198..82b1f9a0eb 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -416,6 +416,7 @@ NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd *pwd) { const char *guest_account = lp_guestaccount(); GROUP_MAP map; + BOOL ret; if (!account_data || !pwd) { return NT_STATUS_INVALID_PARAMETER; @@ -445,7 +446,11 @@ NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd *pwd) } /* call the mapping code here */ - if(pdb_getgrgid(&map, pwd->pw_gid)) { + become_root(); + ret = pdb_getgrgid(&map, pwd->pw_gid); + unbecome_root(); + + if( ret ) { if (!pdb_set_group_sid(account_data, &map.sid, PDB_SET)){ DEBUG(0,("Can't set Group SID!\n")); return NT_STATUS_INVALID_PARAMETER; @@ -850,6 +855,8 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi return False; } + /* BEGIN ROOT BLOCK */ + become_root(); if (pdb_getsampwnam(sam_account, user)) { unbecome_root(); @@ -859,7 +866,6 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi pdb_free_sam(&sam_account); return True; } - unbecome_root(); pdb_free_sam(&sam_account); @@ -875,8 +881,10 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi } else { /* it's not a mapped group */ grp = getgrnam(user); - if(!grp) + if(!grp) { + unbecome_root(); /* ---> exit form block */ return False; + } /* *check if it's mapped, if it is reply it doesn't exist @@ -891,12 +899,15 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi */ if (pdb_getgrgid(&map, grp->gr_gid)){ + unbecome_root(); /* ---> exit form block */ return False; } sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid)); *psid_name_use = SID_NAME_ALIAS; } + unbecome_root(); + /* END ROOT BLOCK */ sid_copy( psid, &local_sid); |