From b3b207e9668fb3378350afef42820ffdc1dd6271 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 13 Sep 2006 16:30:40 +0000
Subject: r18483: Ensure all pdb_XXX calls are wrapped in
 become_root()/unbecome_root() pairs. Should fix bug #4097. Jeremy. (This used
 to be commit f787b9d156992e0069860cb1ab829970cb69eb81)

---
 source3/passdb/lookup_sid.c | 37 ++++++++++++++++++++++++++++++++-----
 1 file changed, 32 insertions(+), 5 deletions(-)

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index b339754c6d..e89c5a41a2 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1117,6 +1117,7 @@ void uid_to_sid(DOM_SID *psid, uid_t uid)
 {
 	uid_t low, high;
 	uint32 rid;
+	BOOL ret;
 
 	ZERO_STRUCTP(psid);
 
@@ -1131,7 +1132,11 @@ void uid_to_sid(DOM_SID *psid, uid_t uid)
 		goto done;
 	}
 
-	if (pdb_uid_to_rid(uid, &rid)) {
+	become_root();
+	ret = pdb_uid_to_rid(uid, &rid);
+	unbecome_root();
+
+	if (ret) {
 		/* This is a mapped user */
 		sid_copy(psid, get_global_sam_sid());
 		sid_append_rid(psid, rid);
@@ -1156,6 +1161,7 @@ void uid_to_sid(DOM_SID *psid, uid_t uid)
 
 void gid_to_sid(DOM_SID *psid, gid_t gid)
 {
+	BOOL ret;
 	gid_t low, high;
 
 	ZERO_STRUCTP(psid);
@@ -1171,7 +1177,11 @@ void gid_to_sid(DOM_SID *psid, gid_t gid)
 		goto done;
 	}
 
-	if (pdb_gid_to_sid(gid, psid)) {
+	become_root();
+	ret = pdb_gid_to_sid(gid, psid);
+	unbecome_root();
+
+	if (ret) {
 		/* This is a mapped group */
 		goto done;
 	}
@@ -1213,8 +1223,13 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid)
 
 	if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
 		union unid_t id;
+		BOOL ret;
 
-		if (pdb_sid_to_id(psid, &id, &type)) {
+		become_root();
+		ret = pdb_sid_to_id(psid, &id, &type);
+		unbecome_root();
+
+		if (ret) {
 			if (type != SID_NAME_USER) {
 				DEBUG(5, ("sid %s is a %s, expected a user\n",
 					  sid_string_static(psid),
@@ -1288,7 +1303,13 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid)
 
 	if ((sid_check_is_in_builtin(psid) ||
 	     sid_check_is_in_wellknown_domain(psid))) {
-		if (pdb_getgrsid(&map, *psid)) {
+		BOOL ret;
+
+		become_root();
+		ret = pdb_getgrsid(&map, *psid);
+		unbecome_root();
+
+		if (ret) {
 			*pgid = map.gid;
 			goto done;
 		}
@@ -1296,7 +1317,13 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid)
 	}
 
 	if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
-		if (pdb_sid_to_id(psid, &id, &type)) {
+		BOOL ret;
+
+		become_root();
+		ret = pdb_sid_to_id(psid, &id, &type);
+		unbecome_root();
+
+		if (ret) {
 			if ((type != SID_NAME_DOM_GRP) &&
 			    (type != SID_NAME_ALIAS)) {
 				DEBUG(5, ("sid %s is a %s, expected a group\n",
-- 
cgit