Ok, this patch removes the privilege stuff we had in, unused, for some time.

The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
author: Simo Sorce <idra@samba.org> 2003-06-18 15:24:10 +0000
committer: Simo Sorce <idra@samba.org> 2003-06-18 15:24:10 +0000
commit: 75a5c0b307a79536316b651273d3f6983323f5ce (patch)
tree: d396c52528e0984770461ba27d529a50f7ceda2f /source3/rpc_server
parent: e900f4ed106163e836613e83247d750aa6cb32d9 (diff)
download: samba-75a5c0b307a79536316b651273d3f6983323f5ce.tar.gz
samba-75a5c0b307a79536316b651273d3f6983323f5ce.tar.bz2
samba-75a5c0b307a79536316b651273d3f6983323f5ce.zip
3 files changed, 64 insertions, 59 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 2a24d7faa5..93e97a7492 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -403,8 +403,16 @@ NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL
 	/* get the generic lsa policy SD until we store it */
 	lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size);
 
-	if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status))
-		return status;
+	if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) {
+		if (geteuid() != 0) {
+			return status;
+		}
+		DEBUG(4,("ACCESS should be DENIED (granted: %#010x;  required: %#010x)\n",
+			 acc_granted, des_access));
+		DEBUGADD(4,("but overwritten by euid == 0\n"));
+		acc_granted = des_access;
+	}
+
 
 	/* associate the domain SID with the (unique) handle. */
 	if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL)
@@ -441,8 +449,15 @@ NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL *
 	/* get the generic lsa policy SD until we store it */
 	lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size);
 
-	if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status))
-		return status;
+	if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) {
+		if (geteuid() != 0) {
+			return status;
+		}
+		DEBUG(4,("ACCESS should be DENIED (granted: %#010x;  required: %#010x)\n",
+			 acc_granted, des_access));
+		DEBUGADD(4,("but overwritten by euid == 0\n"));
+		acc_granted = des_access;
+	}
 
 	/* associate the domain SID with the (unique) handle. */
 	if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL)
@@ -844,7 +859,7 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU
 		return NT_STATUS_ACCESS_DENIED;
 
 	/* get the list of mapped groups (domain, local, builtin) */
-	if(!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+	if(!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED))
 		return NT_STATUS_OK;
 
 	if (q_u->enum_context >= num_entries)
@@ -949,8 +964,6 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LS
 {
 	struct lsa_info *info=NULL;
 	GROUP_MAP map;
-	int i=0;
-
 	LUID_ATTR *set=NULL;
 
 	r_u->status = NT_STATUS_OK;
@@ -959,9 +972,10 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LS
 	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
-	if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
+	if (!pdb_getgrsid(&map, info->sid))
 		return NT_STATUS_NO_SUCH_GROUP;
 
+#if 0 /* privileges currently not implemented! */
 	DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", map.priv_set.count));
 	if (map.priv_set.count!=0) {
 	
@@ -982,6 +996,9 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LS
 
 	init_lsa_r_enum_privsaccount(r_u, set, map.priv_set.count, 0);	
 	free_privilege(&map.priv_set);	
+#endif
+
+	init_lsa_r_enum_privsaccount(r_u, set, 0, 0);
 
 	return r_u->status;
 }
@@ -1000,7 +1017,7 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA
 	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
-	if (!pdb_getgrsid(&map, info->sid, MAPPING_WITHOUT_PRIV))
+	if (!pdb_getgrsid(&map, info->sid))
 		return NT_STATUS_NO_SUCH_GROUP;
 
 	/*
@@ -1012,7 +1029,7 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA
 	  they can be ORed together
 	*/
 
-	r_u->access=map.systemaccount;
+	r_u->access = PR_LOG_ON_LOCALLY | PR_ACCESS_FROM_NETWORK;
 
 	return r_u->status;
 }
@@ -1031,16 +1048,12 @@ NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA
 	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
-	if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
+	if (!pdb_getgrsid(&map, info->sid))
 		return NT_STATUS_NO_SUCH_GROUP;
 
-	map.systemaccount=q_u->access;
-
 	if(!pdb_update_group_mapping_entry(&map))
 		return NT_STATUS_NO_SUCH_GROUP;
 
-	free_privilege(&map.priv_set);
-
 	return r_u->status;
 }
 
@@ -1050,20 +1063,22 @@ NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA
 
 NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u)
 {
+#if 0
 	struct lsa_info *info=NULL;
 	GROUP_MAP map;
 	int i=0;
-
 	LUID_ATTR *luid_attr=NULL;
 	PRIVILEGE_SET *set=NULL;
+#endif
 
 	r_u->status = NT_STATUS_OK;
 
+#if 0 /* privileges are not implemented */
 	/* find the connection policy handle. */
 	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
-	if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
+	if (!pdb_getgrsid(&map, info->sid))
 		return NT_STATUS_NO_SUCH_GROUP;
 
 	set=&q_u->set;
@@ -1085,6 +1100,7 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
 	
 	free_privilege(&map.priv_set);	
 
+#endif
 	return r_u->status;
 }
 
@@ -1094,20 +1110,22 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
 
 NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEPRIVS *r_u)
 {
+#if 0
 	struct lsa_info *info=NULL;
 	GROUP_MAP map;
 	int i=0;
-
 	LUID_ATTR *luid_attr=NULL;
 	PRIVILEGE_SET *set=NULL;
+#endif
 
 	r_u->status = NT_STATUS_OK;
 
+#if 0 /* privileges are not implemented */
 	/* find the connection policy handle. */
 	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
-	if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
+	if (!pdb_getgrsid(&map, info->sid))
 		return NT_STATUS_NO_SUCH_GROUP;
 
 	if (q_u->allrights!=0) {
@@ -1141,7 +1159,7 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP
 		return NT_STATUS_NO_SUCH_GROUP;
 	
 	free_privilege(&map.priv_set);	
-
+#endif
 	return r_u->status;
 }
 
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 40f6579e27..6039cac96c 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -304,7 +304,7 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid)
 
 	become_root();
 
-	if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) {
+	if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED)) {
 		DEBUG(1, ("load_group_domain_entries: pdb_enum_group_mapping() failed!\n"));
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -900,7 +900,7 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM
 	/* well-known aliases */
 	if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) {
 		
-		pdb_enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
+		pdb_enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED);
 		
 		if (num_entries != 0) {		
 			*d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP));
@@ -937,7 +937,7 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM
 		for (; (num_entries < max_entries) && (grp != NULL); grp = grp->next) {
 			uint32 trid;
 			
-			if(!pdb_getgrgid(&smap, grp->gr_gid, MAPPING_WITHOUT_PRIV))
+			if(!pdb_getgrgid(&smap, grp->gr_gid))
 				continue;
 			
 			if (smap.sid_name_use!=SID_NAME_ALIAS) {
@@ -1018,7 +1018,7 @@ static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DO
 
 	*p_num_entries = 0;
 
-	pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
+	pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED);
 
 	num_entries=group_entries-start_idx;
 
@@ -1346,7 +1346,7 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM
 	    !sid_check_is_in_builtin(&sid))
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
 
-	if (!pdb_getgrsid(&map, sid, MAPPING_WITHOUT_PRIV))
+	if (!pdb_getgrsid(&map, sid))
 		return NT_STATUS_NO_SUCH_ALIAS;
 
 	switch (q_u->switch_level) {
@@ -3215,12 +3215,12 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_
 
 	if (sid_equal(&alias_sid, &global_sid_Builtin)) {
 		DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n"));
-		if(!get_builtin_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
+		if(!get_builtin_group_from_sid(als_sid, &map))
 			return NT_STATUS_NO_SUCH_ALIAS;
 	} else {
 		if (sid_equal(&alias_sid, get_global_sam_sid())) {
 			DEBUG(10, ("lookup on Server SID\n"));
-			if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
+			if(!get_local_group_from_sid(als_sid, &map))
 				return NT_STATUS_NO_SUCH_ALIAS;
 		}
 	}
@@ -3321,7 +3321,7 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_
 	sid_append_rid(&group_sid, group_rid);
 	DEBUG(10, ("lookup on Domain SID\n"));
 
-	if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+	if(!get_domain_group_from_sid(group_sid, &map))
 		return NT_STATUS_NO_SUCH_GROUP;
 
 	if(!get_uid_list_of_group(map.gid, &uid, &num_uids))
@@ -3405,13 +3405,13 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD
 
 	if (sid_compare(&alias_sid, get_global_sam_sid())>0) {
 		DEBUG(10, ("adding member on Server SID\n"));
-		if(!get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV))
+		if(!get_local_group_from_sid(alias_sid, &map))
 			return NT_STATUS_NO_SUCH_ALIAS;
 	
 	} else {
 		if (sid_compare(&alias_sid, &global_sid_Builtin)>0) {
 			DEBUG(10, ("adding member on BUILTIN SID\n"));
-			if( !get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV))
+			if( !get_local_group_from_sid(alias_sid, &map))
 				return NT_STATUS_NO_SUCH_ALIAS;
 
 		} else
@@ -3502,7 +3502,7 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE
 		return NT_STATUS_NO_SUCH_ALIAS;
 	}
 
-	if( !get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV))
+	if( !get_local_group_from_sid(alias_sid, &map))
 		return NT_STATUS_NO_SUCH_ALIAS;
 
 	if ((grp=getgrgid(map.gid)) == NULL)
@@ -3572,7 +3572,7 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
 
 	DEBUG(10, ("lookup on Domain SID\n"));
 
-	if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+	if(!get_domain_group_from_sid(group_sid, &map))
 		return NT_STATUS_NO_SUCH_GROUP;
 
 	sid_copy(&user_sid, get_global_sam_sid());
@@ -3667,7 +3667,7 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE
 	sid_copy(&user_sid, get_global_sam_sid());
 	sid_append_rid(&user_sid, q_u->rid);
 
-	if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+	if (!get_domain_group_from_sid(group_sid, &map))
 		return NT_STATUS_NO_SUCH_GROUP;
 
 	if ((grp=getgrgid(map.gid)) == NULL)
@@ -3812,7 +3812,7 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S
 
 	DEBUG(10, ("lookup on Domain SID\n"));
 
-	if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+	if(!get_domain_group_from_sid(group_sid, &map))
 		return NT_STATUS_NO_SUCH_GROUP;
 
 	gid=map.gid;
@@ -3874,7 +3874,7 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S
 
 	DEBUG(10, ("lookup on Local SID\n"));
 
-	if(!get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV))
+	if(!get_local_group_from_sid(alias_sid, &map))
 		return NT_STATUS_NO_SUCH_ALIAS;
 
 	gid=map.gid;
@@ -3911,12 +3911,9 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
 	fstring sid_string;
 	struct group *grp;
 	struct samr_info *info;
-	PRIVILEGE_SET priv_set;
 	uint32 acc_granted;
 	gid_t gid;
 
-	init_privilege(&priv_set);
-
 	/* Find the policy handle. Open a policy on it. */
 	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid, &acc_granted)) 
 		return NT_STATUS_INVALID_HANDLE;
@@ -3951,7 +3948,7 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
 	sid_append_rid(&info_sid, r_u->rid);
 	sid_to_string(sid_string, &info_sid);
 
-	if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_DOM_GRP, name, NULL, priv_set, PR_ACCESS_FROM_NETWORK))
+	if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_DOM_GRP, name, NULL))
 		return NT_STATUS_ACCESS_DENIED;
 
 	if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
@@ -3976,12 +3973,9 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
 	fstring sid_string;
 	struct group *grp;
 	struct samr_info *info;
-	PRIVILEGE_SET priv_set;
 	uint32 acc_granted;
 	gid_t gid;
 
-	init_privilege(&priv_set);
-
 	/* Find the policy handle. Open a policy on it. */
 	if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted)) 
 		return NT_STATUS_INVALID_HANDLE;
@@ -4016,7 +4010,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
 	sid_to_string(sid_string, &info_sid);
 
 	/* add the group to the mapping table */
-	if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_ALIAS, name, NULL, priv_set, PR_ACCESS_FROM_NETWORK))
+	if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_ALIAS, name, NULL))
 		return NT_STATUS_ACCESS_DENIED;
 
 	if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
@@ -4052,7 +4046,7 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM
 		return r_u->status;
 	}
 		
-	if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+	if (!get_domain_group_from_sid(group_sid, &map))
 		return NT_STATUS_INVALID_HANDLE;
 
 	ctr=(GROUP_INFO_CTR *)talloc_zero(p->mem_ctx, sizeof(GROUP_INFO_CTR));
@@ -4104,7 +4098,7 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_
 		return r_u->status;
 	}
 		
-	if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITH_PRIV))
+	if (!get_domain_group_from_sid(group_sid, &map))
 		return NT_STATUS_NO_SUCH_GROUP;
 	
 	ctr=q_u->ctr;
@@ -4117,17 +4111,13 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_
 			unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment)-1);
 			break;
 		default:
-			free_privilege(&map.priv_set);
 			return NT_STATUS_INVALID_INFO_CLASS;
 	}
 
 	if(!pdb_update_group_mapping_entry(&map)) {
-		free_privilege(&map.priv_set);
 		return NT_STATUS_NO_SUCH_GROUP;
 	}
 
-	free_privilege(&map.priv_set);
-
 	return NT_STATUS_OK;
 }
 
@@ -4151,7 +4141,7 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
 		return r_u->status;
 	}
 		
-	if (!get_local_group_from_sid(group_sid, &map, MAPPING_WITH_PRIV))
+	if (!get_local_group_from_sid(group_sid, &map))
 		return NT_STATUS_NO_SUCH_GROUP;
 	
 	ctr=&q_u->ctr;
@@ -4161,17 +4151,13 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
 			unistr2_to_ascii(map.comment, &(ctr->alias.info3.uni_acct_desc), sizeof(map.comment)-1);
 			break;
 		default:
-			free_privilege(&map.priv_set);
 			return NT_STATUS_INVALID_INFO_CLASS;
 	}
 
 	if(!pdb_update_group_mapping_entry(&map)) {
-		free_privilege(&map.priv_set);
 		return NT_STATUS_NO_SUCH_GROUP;
 	}
 
-	free_privilege(&map.priv_set);
-
 	return NT_STATUS_OK;
 }
 
@@ -4246,7 +4232,7 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G
 	DEBUG(10, ("_samr_open_group:Opening SID: %s\n", sid_string));
 
 	/* check if that group really exists */
-	if (!get_domain_group_from_sid(info->sid, &map, MAPPING_WITHOUT_PRIV))
+	if (!get_domain_group_from_sid(info->sid, &map))
 		return NT_STATUS_NO_SUCH_GROUP;
 
 	/* get a (unique) handle.  open a policy on it. */
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index c43eb22375..a97864dbda 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -148,13 +148,14 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 	}
 
 	for (i=0;i<num_groups;i++) {
-		if(!get_group_from_gid(groups[i], &map, MAPPING_WITHOUT_PRIV)) {
+
+		if (!get_group_from_gid(groups[i], &map)) {
 			DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i]));
 			continue;
 		}
 		
 		/* if it's not an alias, continue */
-		if (map.sid_name_use!=SID_NAME_ALIAS) {
+		if (map.sid_name_use != SID_NAME_ALIAS) {
 			DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
 			continue;
 		}
@@ -208,7 +209,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 
 	DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
 
-	if(!get_group_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
+	if(!get_group_from_gid(gid, &map)) {
 		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
 		goto done;
 	}	
@@ -281,7 +282,7 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
 	DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
 
 	/* first get the list of the domain groups */
-	if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+	if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED))
 		return False;
 	DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
author	Simo Sorce <idra@samba.org>	2003-06-18 15:24:10 +0000
committer	Simo Sorce <idra@samba.org>	2003-06-18 15:24:10 +0000
commit	75a5c0b307a79536316b651273d3f6983323f5ce (patch)
tree	d396c52528e0984770461ba27d529a50f7ceda2f /source3/rpc_server
parent	e900f4ed106163e836613e83247d750aa6cb32d9 (diff)
download	samba-75a5c0b307a79536316b651273d3f6983323f5ce.tar.gz samba-75a5c0b307a79536316b651273d3f6983323f5ce.tar.bz2 samba-75a5c0b307a79536316b651273d3f6983323f5ce.zip