summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_pipe.c10
-rw-r--r--source3/rpc_server/srv_samr_nt.c30
-rw-r--r--source3/rpc_server/srv_util.c9
3 files changed, 17 insertions, 32 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 5b9d39ddc7..6a9e591f64 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -472,16 +472,10 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
* Store the UNIX credential data (uid/gid pair) in the pipe structure.
*/
- if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
- DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n"));
- free_server_info(&server_info);
- return False;
- }
-
memcpy(p->session_key, server_info->session_key, sizeof(p->session_key));
- p->pipe_user.uid = pdb_get_uid(server_info->sam_account);
- p->pipe_user.gid = pdb_get_gid(server_info->sam_account);
+ p->pipe_user.uid = server_info->uid;
+ p->pipe_user.gid = server_info->gid;
p->pipe_user.ngroups = server_info->n_groups;
if (p->pipe_user.ngroups) {
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 970756d47c..8c9e22966a 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -6,7 +6,7 @@
* Copyright (C) Paul Ashton 1997,
* Copyright (C) Marc Jacobsen 1999,
* Copyright (C) Jeremy Allison 2001-2002,
- * Copyright (C) Jean François Micouleau 1998-2001,
+ * Copyright (C) Jean François Micouleau 1998-2001,
* Copyright (C) Anthony Liguori 2002,
* Copyright (C) Jim McDonough 2002.
*
@@ -920,7 +920,7 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM
struct sys_grent *grp;
struct passwd *pw;
gid_t winbind_gid_low, winbind_gid_high;
- BOOL winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
+ BOOL winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high);
/* local aliases */
/* we return the UNIX groups here. This seems to be the right */
@@ -2811,8 +2811,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid)
copy_id23_to_sam_passwd(pwd, id23);
/* if it's a trust account, don't update /etc/passwd */
- if ( (!IS_SAM_UNIX_USER(pwd)) ||
- ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
+ if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) ||
( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) {
DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n"));
@@ -2873,8 +2872,7 @@ static BOOL set_user_info_pw(char *pass, DOM_SID *sid)
}
/* if it's a trust account, don't update /etc/passwd */
- if ( (!IS_SAM_UNIX_USER(pwd)) ||
- ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
+ if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) ||
( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) {
DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n"));
@@ -3389,9 +3387,9 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD
pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
}
-
- uid = pdb_get_uid(sam_user);
- if (uid == -1) {
+
+ /* check a real user exist before we run the script to add a user to a group */
+ if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) {
pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
}
@@ -3401,7 +3399,7 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD
if ((pwd=getpwuid_alloc(uid)) == NULL) {
return NT_STATUS_NO_SUCH_USER;
}
-
+
if ((grp=getgrgid(map.gid)) == NULL) {
passwd_free(&pwd);
return NT_STATUS_NO_SUCH_ALIAS;
@@ -3550,18 +3548,6 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
return NT_STATUS_NO_SUCH_USER;
}
- uid = pdb_get_uid(sam_user);
- if (uid == -1) {
- pdb_free_sam(&sam_user);
- return NT_STATUS_NO_SUCH_USER;
- }
-
- pdb_free_sam(&sam_user);
-
- if ((pwd=getpwuid_alloc(uid)) == NULL) {
- return NT_STATUS_NO_SUCH_USER;
- }
-
if ((grp=getgrgid(map.gid)) == NULL) {
passwd_free(&pwd);
return NT_STATUS_NO_SUCH_GROUP;
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 4eba9c7d1f..f96ccaef67 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -112,7 +112,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
*prids=NULL;
*numgroups=0;
- winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
+ winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high);
DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n",
@@ -129,7 +129,12 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
fstrcpy(user_name, pdb_get_username(sam_pass));
grid=pdb_get_group_rid(sam_pass);
- gid=pdb_get_gid(sam_pass);
+ if (NT_STATUS_IS_ERR(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) {
+ /* this should never happen */
+ DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n"));
+ pdb_free_sam(&sam_pass);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
become_root();
/* on some systems this must run as root */
generated by cgit (git 2.34.1) at 2024-10-02 10:19:48 +0000