summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_pipe.c10
-rw-r--r--source3/rpc_server/srv_samr_nt.c26
-rw-r--r--source3/rpc_server/srv_util.c7
3 files changed, 14 insertions, 29 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 5b9d39ddc7..6a9e591f64 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -472,16 +472,10 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
* Store the UNIX credential data (uid/gid pair) in the pipe structure.
*/
- if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
- DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n"));
- free_server_info(&server_info);
- return False;
- }
-
memcpy(p->session_key, server_info->session_key, sizeof(p->session_key));
- p->pipe_user.uid = pdb_get_uid(server_info->sam_account);
- p->pipe_user.gid = pdb_get_gid(server_info->sam_account);
+ p->pipe_user.uid = server_info->uid;
+ p->pipe_user.gid = server_info->gid;
p->pipe_user.ngroups = server_info->n_groups;
if (p->pipe_user.ngroups) {
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 5ab0e80351..d2e4ff2614 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2818,8 +2818,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid)
copy_id23_to_sam_passwd(pwd, id23);
/* if it's a trust account, don't update /etc/passwd */
- if ( (!IS_SAM_UNIX_USER(pwd)) ||
- ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
+ if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) ||
( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) {
DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n"));
@@ -2880,8 +2879,7 @@ static BOOL set_user_info_pw(char *pass, DOM_SID *sid)
}
/* if it's a trust account, don't update /etc/passwd */
- if ( (!IS_SAM_UNIX_USER(pwd)) ||
- ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
+ if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) ||
( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) {
DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n"));
@@ -3396,9 +3394,9 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD
pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
}
-
- uid = pdb_get_uid(sam_user);
- if (uid == -1) {
+
+ /* check a real user exist before we run the script to add a user to a group */
+ if (!sid_to_uid(pdb_get_user_sid(sam_user), &uid)) {
pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
}
@@ -3408,7 +3406,7 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD
if ((pwd=getpwuid_alloc(uid)) == NULL) {
return NT_STATUS_NO_SUCH_USER;
}
-
+
if ((grp=getgrgid(map.gid)) == NULL) {
passwd_free(&pwd);
return NT_STATUS_NO_SUCH_ALIAS;
@@ -3557,18 +3555,6 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
return NT_STATUS_NO_SUCH_USER;
}
- uid = pdb_get_uid(sam_user);
- if (uid == -1) {
- pdb_free_sam(&sam_user);
- return NT_STATUS_NO_SUCH_USER;
- }
-
- pdb_free_sam(&sam_user);
-
- if ((pwd=getpwuid_alloc(uid)) == NULL) {
- return NT_STATUS_NO_SUCH_USER;
- }
-
if ((grp=getgrgid(map.gid)) == NULL) {
passwd_free(&pwd);
return NT_STATUS_NO_SUCH_GROUP;
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 4656efb6fa..f948088737 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -129,7 +129,12 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
fstrcpy(user_name, pdb_get_username(sam_pass));
grid=pdb_get_group_rid(sam_pass);
- gid=pdb_get_gid(sam_pass);
+ if (!sid_to_gid(pdb_get_group_sid(sam_pass), &gid)) {
+ /* this should never happen */
+ DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n"));
+ pdb_free_sam(&sam_pass);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
become_root();
/* on some systems this must run as root */