r21507: Fix some "cannot access LDAP when no root" bugs.

author Gerald Carter <jerry@samba.org>

Thu, 22 Feb 2007 20:52:27 +0000 (20:52 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 17:18:09 +0000 (12:18 -0500)
author Gerald Carter <jerry@samba.org>
Thu, 22 Feb 2007 20:52:27 +0000 (20:52 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 17:18:09 +0000 (12:18 -0500)
diff --git a/source/passdb/pdb_interface.c b/source/passdb/pdb_interface.c

index 36536e5feac275feb023d6ae34edc5e688cc0c3f..ce8b46eb0f3a36755d850559f9bf1df11c20478b 100644 (file)
--- a/source/passdb/pdb_interface.c
+++ b/source/passdb/pdb_interface.c
@@ -987,13 +987,25 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
  BOOL pdb_get_account_policy(int policy_index, uint32 *value)
  {
         struct pdb_methods *pdb = pdb_get_methods();
-       return NT_STATUS_IS_OK(pdb->get_account_policy(pdb, policy_index, value));
+       NTSTATUS status;
+       
+       become_root();
+       status = pdb->get_account_policy(pdb, policy_index, value);
+       unbecome_root();
+       
+       return NT_STATUS_IS_OK(status); 
  }
  
  BOOL pdb_set_account_policy(int policy_index, uint32 value)
  {
         struct pdb_methods *pdb = pdb_get_methods();
-       return NT_STATUS_IS_OK(pdb->set_account_policy(pdb, policy_index, value));
+       NTSTATUS status;
+
+       become_root();
+       status = pdb->set_account_policy(pdb, policy_index, value);
+       unbecome_root();
+
+       return NT_STATUS_IS_OK(status);
  }
  
  BOOL pdb_get_seq_num(time_t *seq_num)
diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c

index 5b276d98702f703fb83d7dccc832110b893f687c..e0f5f7f294cf1860ede2d6ce15149887b7a74b61 100644 (file)
--- a/source/rpc_parse/parse_samr.c
+++ b/source/rpc_parse/parse_samr.c
@@ -6331,8 +6331,10 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, struct samu *pw, DOM_SID *
                 return NT_STATUS_UNSUCCESSFUL;
         }
  
+       become_root();  
         group_sid = pdb_get_group_sid(pw);
-       
+       unbecome_root();
+
         if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) {
                 fstring group_sid_string;
                 fstring domain_sid_string;
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c

index 5c0f50699eb494b2cc6580cb2f2f74c887c6a0ae..d35d97f2a075a5d7ac74a28871311029404530cf 100644 (file)
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -2179,6 +2179,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
         uint32 acc_granted;
         BOOL ret;
         NTSTATUS result;
+       BOOL success = False;
  
         /*
          * from the SID in the request:
@@ -2223,9 +2224,15 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
  
         sids = NULL;
  
+       /* make both calls inside the root block */
         become_root();
         result = pdb_enum_group_memberships(p->mem_ctx, sam_pass,
                                             &sids, &unix_gids, &num_groups);
+       if ( NT_STATUS_IS_OK(result) ) {
+               success = sid_peek_check_rid(get_global_sam_sid(), 
+                                            pdb_get_group_sid(sam_pass),
+                                            &primary_group_rid);
+       }
         unbecome_root();
  
         if (!NT_STATUS_IS_OK(result)) {
@@ -2234,15 +2241,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
                 return result;
         }
  
-       gids = NULL;
-       num_gids = 0;
-
-       dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
-                       SE_GROUP_ENABLED);
-
-       if (!sid_peek_check_rid(get_global_sam_sid(),
-                               pdb_get_group_sid(sam_pass),
-                               &primary_group_rid)) {
+       if ( !success ) {
                 DEBUG(5, ("Group sid %s for user %s not in our domain\n",
                           sid_string_static(pdb_get_group_sid(sam_pass)),
                           pdb_get_username(sam_pass)));
@@ -2250,8 +2249,12 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
         }
  
-       dom_gid.g_rid = primary_group_rid;
+       gids = NULL;
+       num_gids = 0;
  
+       dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
+                       SE_GROUP_ENABLED);
+       dom_gid.g_rid = primary_group_rid;
         ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids);
  
         for (i=0; i<num_groups; i++) {
author	Gerald Carter <jerry@samba.org>
	Thu, 22 Feb 2007 20:52:27 +0000 (20:52 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 17:18:09 +0000 (12:18 -0500)
source/passdb/pdb_interface.c		patch \| blob \| history
source/rpc_parse/parse_samr.c		patch \| blob \| history
source/rpc_server/srv_samr_nt.c		patch \| blob \| history