summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_util.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server/srv_util.c')
-rw-r--r--source3/rpc_server/srv_util.c27
1 files changed, 21 insertions, 6 deletions
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index f96ccaef67..03e53118a8 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -129,7 +129,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
fstrcpy(user_name, pdb_get_username(sam_pass));
grid=pdb_get_group_rid(sam_pass);
- if (NT_STATUS_IS_ERR(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) {
+ if (!NT_STATUS_IS_OK(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) {
/* this should never happen */
DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n"));
pdb_free_sam(&sam_pass);
@@ -147,14 +147,17 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
return NT_STATUS_UNSUCCESSFUL;
}
+ become_root();
+
for (i=0;i<num_groups;i++) {
- if(!get_group_from_gid(groups[i], &map, MAPPING_WITHOUT_PRIV)) {
+
+ if (!get_group_from_gid(groups[i], &map)) {
DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i]));
continue;
}
/* if it's not an alias, continue */
- if (map.sid_name_use!=SID_NAME_ALIAS) {
+ if (map.sid_name_use != SID_NAME_ALIAS) {
DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
continue;
}
@@ -194,7 +197,9 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
break;
}
- free(groups);
+ unbecome_root();
+
+ if(num_groups) free(groups);
/* now check for the user's gid (the primary group rid) */
for (i=0; i<cur_rid && grid!=rids[i]; i++)
@@ -208,11 +213,15 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
- if(!get_group_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
+ become_root();
+
+ if(!get_group_from_gid(gid, &map)) {
DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
goto done;
}
+ unbecome_root();
+
/* the primary group isn't an alias */
if (map.sid_name_use!=SID_NAME_ALIAS) {
DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
@@ -280,11 +289,17 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
+ /* we must wrap this is become/unbecome root for ldap backends */
+ become_root();
+
/* first get the list of the domain groups */
- if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+ if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED))
return False;
DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
+ unbecome_root();
+ /* end wrapper for group enumeration */
+
/*
* alloc memory. In the worse case, we alloc memory for nothing.
* but I prefer to alloc for nothing