From c416ff851b4ecc7a44aee9d00d07dd481d8ae2a7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2001 20:15:12 +0000 Subject: Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD. Ensure make_conection() can only be called as root. Jeremy. (This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba) --- source3/rpc_server/srv_netlog_nt.c | 2 +- source3/rpc_server/srv_pipe.c | 7 ++----- source3/rpc_server/srv_srvsvc_nt.c | 6 +++++- 3 files changed, 8 insertions(+), 7 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 678c48ff71..7a7ff09d71 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -708,7 +708,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * usr_info->ptr_user_info = 0; /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ + /* possibly a better way would be to do a change_to_user() call */ sam_logon_in_ssb = True; pstrcpy(samlogon_user, nt_username); diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 2957d7cc95..7079cc2ca1 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -1135,7 +1135,6 @@ BOOL api_pipe_request(pipes_struct *p) { int i = 0; BOOL ret = False; - BOOL changed_user_id = False; if (p->ntlmssp_auth_validated) { @@ -1143,8 +1142,6 @@ BOOL api_pipe_request(pipes_struct *p) prs_mem_free(&p->out_data.rdata); return False; } - - changed_user_id = True; } for (i = 0; api_fd_commands[i].pipe_clnt_name; i++) { @@ -1157,8 +1154,8 @@ BOOL api_pipe_request(pipes_struct *p) } } - if(changed_user_id) - unbecome_authenticated_pipe_user(p); + if(p->ntlmssp_auth_validated) + unbecome_authenticated_pipe_user(); return ret; } diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 2ae4a73874..44e44cfa3a 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -1598,7 +1598,9 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE get_current_user(&user, p); + become_root(); conn = make_connection(qualname, null_pw, 0, "A:", user.vuid, &nt_status); + unbecome_root(); if (conn == NULL) { DEBUG(3,("_srv_net_file_query_secdesc: Unable to connect to %s\n", qualname)); @@ -1649,7 +1651,7 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE psd->dacl->revision = (uint16) NT4_ACL_REVISION; close_file(fsp, True); - + unbecome_user(); close_cnum(conn, user.vuid); return r_u->status; @@ -1700,7 +1702,9 @@ NTSTATUS _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC * get_current_user(&user, p); + become_root(); conn = make_connection(qualname, null_pw, 0, "A:", user.vuid, &nt_status); + unbecome_root(); if (conn == NULL) { DEBUG(3,("_srv_net_file_set_secdesc: Unable to connect to %s\n", qualname)); -- cgit