summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/rpc_server/srv_samr_nt.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index d079403455..bd75eceb6b 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1189,6 +1189,8 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
}
DEBUG(5,("_samr_lookup_names: looking name on SID %s\n", sid_to_string(sid_str, &pol_sid)));
+
+ become_root(); /* local_lookup_name can require root privs */
for (i = 0; i < num_rids; i++) {
fstring name;
@@ -1212,7 +1214,7 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
* a cleaner code is to add the sid of the domain we're looking in
* to the local_lookup_name function.
*/
- if(local_lookup_name(global_myname, name, &sid, &local_type)) {
+ if(local_lookup_name(name, &sid, &local_type)) {
sid_split_rid(&sid, &local_rid);
if (sid_equal(&sid, &pol_sid)) {
@@ -1223,6 +1225,8 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
}
}
+ unbecome_root();
+
init_samr_r_lookup_names(p->mem_ctx, r_u, num_rids, rid, (uint32 *)type, r_u->status);
DEBUG(5,("_samr_lookup_names: %d\n", __LINE__));
@@ -1342,6 +1346,8 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK
r_u->status = NT_STATUS_NONE_MAPPED;
+ become_root(); /* lookup_sid can require root privs */
+
for (i = 0; i < num_rids; i++) {
fstring tmpname;
fstring domname;
@@ -1364,6 +1370,8 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK
}
}
+ unbecome_root();
+
if(!make_samr_lookup_rids(p->mem_ctx, num_rids, group_names, &hdr_name, &uni_name))
return NT_STATUS_NO_MEMORY;