diff options
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 10 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 26 | ||||
-rw-r--r-- | source3/rpc_server/srv_util.c | 7 |
3 files changed, 14 insertions, 29 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 5b9d39ddc7..6a9e591f64 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -472,16 +472,10 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); * Store the UNIX credential data (uid/gid pair) in the pipe structure. */ - if (!IS_SAM_UNIX_USER(server_info->sam_account)) { - DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n")); - free_server_info(&server_info); - return False; - } - memcpy(p->session_key, server_info->session_key, sizeof(p->session_key)); - p->pipe_user.uid = pdb_get_uid(server_info->sam_account); - p->pipe_user.gid = pdb_get_gid(server_info->sam_account); + p->pipe_user.uid = server_info->uid; + p->pipe_user.gid = server_info->gid; p->pipe_user.ngroups = server_info->n_groups; if (p->pipe_user.ngroups) { diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 5ab0e80351..d2e4ff2614 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2818,8 +2818,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid) copy_id23_to_sam_passwd(pwd, id23); /* if it's a trust account, don't update /etc/passwd */ - if ( (!IS_SAM_UNIX_USER(pwd)) || - ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || + if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || ( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || ( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n")); @@ -2880,8 +2879,7 @@ static BOOL set_user_info_pw(char *pass, DOM_SID *sid) } /* if it's a trust account, don't update /etc/passwd */ - if ( (!IS_SAM_UNIX_USER(pwd)) || - ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || + if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || ( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || ( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n")); @@ -3396,9 +3394,9 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD pdb_free_sam(&sam_user); return NT_STATUS_NO_SUCH_USER; } - - uid = pdb_get_uid(sam_user); - if (uid == -1) { + + /* check a real user exist before we run the script to add a user to a group */ + if (!sid_to_uid(pdb_get_user_sid(sam_user), &uid)) { pdb_free_sam(&sam_user); return NT_STATUS_NO_SUCH_USER; } @@ -3408,7 +3406,7 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD if ((pwd=getpwuid_alloc(uid)) == NULL) { return NT_STATUS_NO_SUCH_USER; } - + if ((grp=getgrgid(map.gid)) == NULL) { passwd_free(&pwd); return NT_STATUS_NO_SUCH_ALIAS; @@ -3557,18 +3555,6 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD return NT_STATUS_NO_SUCH_USER; } - uid = pdb_get_uid(sam_user); - if (uid == -1) { - pdb_free_sam(&sam_user); - return NT_STATUS_NO_SUCH_USER; - } - - pdb_free_sam(&sam_user); - - if ((pwd=getpwuid_alloc(uid)) == NULL) { - return NT_STATUS_NO_SUCH_USER; - } - if ((grp=getgrgid(map.gid)) == NULL) { passwd_free(&pwd); return NT_STATUS_NO_SUCH_GROUP; diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 4656efb6fa..f948088737 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -129,7 +129,12 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui fstrcpy(user_name, pdb_get_username(sam_pass)); grid=pdb_get_group_rid(sam_pass); - gid=pdb_get_gid(sam_pass); + if (!sid_to_gid(pdb_get_group_sid(sam_pass), &gid)) { + /* this should never happen */ + DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n")); + pdb_free_sam(&sam_pass); + return NT_STATUS_UNSUCCESSFUL; + } become_root(); /* on some systems this must run as root */ |