From 87fddf6a988dfcdb3f1d3a715df585b6c6efa9d7 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Wed, 10 Dec 2003 16:40:17 +0000
Subject: more group lookup access fixes on the neverending bug 281 (This used
 to be commit 9359a6ea80d1228e87ea825a100a2d289c37162d)

---
 source3/rpc_server/srv_samr_nt.c |  7 ++++++-
 source3/rpc_server/srv_util.c    | 14 ++++----------
 2 files changed, 10 insertions(+), 11 deletions(-)

(limited to 'source3/rpc_server')

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 7f57a9fc9d..c84e288a4b 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1246,6 +1246,7 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM
 	DOM_SID   sid;
 	GROUP_MAP map;
 	uint32    acc_granted;
+	BOOL ret;
 
 	r_u->status = NT_STATUS_OK;
 
@@ -1262,7 +1263,11 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM
 	    !sid_check_is_in_builtin(&sid))
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
 
-	if (!pdb_getgrsid(&map, sid))
+	become_root();
+	ret = pdb_getgrsid(&map, sid);
+	unbecome_root();
+	
+	if ( !ret )
 		return NT_STATUS_NO_SUCH_ALIAS;
 
 	switch (q_u->switch_level) {
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index c2395e6fae..504e6a83c0 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -147,8 +147,6 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	become_root();
-	
 	for (i=0;i<num_groups;i++) {
 
 		if (!get_group_from_gid(groups[i], &map)) {
@@ -197,9 +195,8 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		break;
 	}
 
-	unbecome_root();
-	
-	if(num_groups) free(groups);
+	if(num_groups) 
+		free(groups);
 
 	/* now check for the user's gid (the primary group rid) */
 	for (i=0; i<cur_rid && grid!=rids[i]; i++)
@@ -213,15 +210,12 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 
 	DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
 
-	become_root();
-
 	if(!get_group_from_gid(gid, &map)) {
-		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
+		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your "
+		"/etc/passwd and /etc/group files\n", user_name));
 		goto done;
 	}	
 
-	unbecome_root();
-
 	/* the primary group isn't an alias */
 	if (map.sid_name_use!=SID_NAME_ALIAS) {
 		DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
-- 
cgit