diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/groupdb/mapping.c | 28 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 22 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 7 | ||||
-rw-r--r-- | source3/rpc_server/srv_util.c | 14 |
4 files changed, 49 insertions, 22 deletions
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index b1c260581e..08ac6a25a5 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -504,7 +504,8 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) { struct group *grp; - + BOOL ret; + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); return(False); @@ -513,7 +514,12 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) DEBUG(10, ("get_domain_group_from_sid\n")); /* if the group is NOT in the database, it CAN NOT be a domain group */ - if(!pdb_getgrsid(map, sid)) + + become_root(); + ret = pdb_getgrsid(map, sid); + unbecome_root(); + + if ( !ret ) return False; DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n")); @@ -547,14 +553,19 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) { + BOOL ret; + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); return(False); } /* The group is in the mapping table */ + become_root(); + ret = pdb_getgrsid(map, sid); + unbecome_root(); - if( !pdb_getgrsid(map, sid) ) + if ( !ret ) return False; if ( (map->sid_name_use != SID_NAME_ALIAS) @@ -564,7 +575,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) return False; } -#if 0 /* JERRY */ +#if 1 /* JERRY */ /* local groups only exist in the group mapping DB so this is not necessary */ @@ -572,6 +583,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) /* the group isn't in the mapping table. * make one based on the unix information */ uint32 alias_rid; + struct group *grp; sid_peek_rid(&sid, &alias_rid); map->gid=pdb_group_rid_to_gid(alias_rid); @@ -599,13 +611,19 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map) { struct group *grp; + BOOL ret; + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); return(False); } - if(!pdb_getgrsid(map, sid)) + become_root(); + ret = pdb_getgrsid(map, sid); + unbecome_root(); + + if ( !ret ) return False; if (map->sid_name_use!=SID_NAME_WKN_GRP) { diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 82b1f9a0eb..b0c2430c09 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -707,6 +707,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use uint32 rid; SAM_ACCOUNT *sam_account = NULL; GROUP_MAP map; + BOOL ret; if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){ DEBUG(0,("local_lookup_sid: sid_peek_check_rid return False! SID: %s\n", @@ -736,9 +737,10 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use /* see if the passdb can help us with the name of the user */ + /* BEING ROOT BLLOCK */ become_root(); if (pdb_getsampwsid(sam_account, sid)) { - unbecome_root(); + unbecome_root(); /* -----> EXIT BECOME_ROOT() */ fstrcpy(name, pdb_get_username(sam_account)); *psid_name_use = SID_NAME_USER; @@ -746,10 +748,13 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use return True; } - unbecome_root(); pdb_free_sam(&sam_account); - - if (pdb_getgrsid(&map, *sid)) { + + ret = pdb_getgrsid(&map, *sid); + unbecome_root(); + /* END BECOME_ROOT BLOCK */ + + if ( ret ) { if (map.gid!=(gid_t)-1) { DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid)); } else { @@ -1233,6 +1238,7 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_ { uint32 rid; GROUP_MAP group; + BOOL ret; *name_type = SID_NAME_UNKNOWN; @@ -1241,8 +1247,12 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_ /* we don't need to disable winbindd since the gid is stored in the GROUP_MAP object */ - - if ( !pdb_getgrsid(&group, *psid) ) { + + become_root(); + pdb_getgrsid(&group, *psid); + unbecome_root(); + + if ( !ret ) { /* fallback to rid mapping if enabled */ diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 7f57a9fc9d..c84e288a4b 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1246,6 +1246,7 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM DOM_SID sid; GROUP_MAP map; uint32 acc_granted; + BOOL ret; r_u->status = NT_STATUS_OK; @@ -1262,7 +1263,11 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM !sid_check_is_in_builtin(&sid)) return NT_STATUS_OBJECT_TYPE_MISMATCH; - if (!pdb_getgrsid(&map, sid)) + become_root(); + ret = pdb_getgrsid(&map, sid); + unbecome_root(); + + if ( !ret ) return NT_STATUS_NO_SUCH_ALIAS; switch (q_u->switch_level) { diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index c2395e6fae..504e6a83c0 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -147,8 +147,6 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui return NT_STATUS_UNSUCCESSFUL; } - become_root(); - for (i=0;i<num_groups;i++) { if (!get_group_from_gid(groups[i], &map)) { @@ -197,9 +195,8 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui break; } - unbecome_root(); - - if(num_groups) free(groups); + if(num_groups) + free(groups); /* now check for the user's gid (the primary group rid) */ for (i=0; i<cur_rid && grid!=rids[i]; i++) @@ -213,15 +210,12 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name)); - become_root(); - if(!get_group_from_gid(gid, &map)) { - DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name)); + DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your " + "/etc/passwd and /etc/group files\n", user_name)); goto done; } - unbecome_root(); - /* the primary group isn't an alias */ if (map.sid_name_use!=SID_NAME_ALIAS) { DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name)); |