sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code

r21507: Fix some "cannot access LDAP when no root" bugs.

Browse Source 
The two culprits were

* pdb_get_account_policy()
* pdb_get_group_sid()
This commit is contained in:
Gerald Carter 2007-02-22 20:52:27 +00:00 committed by Gerald (Jerry) Carter
parent 5cd9a2e258
commit 6a69caf690
3 changed files with 30 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
source/passdb/pdb_interface.c
View File

@ -987,13 +987,25 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
BOOL pdb_get_account_policy(int policy_index, uint32 *value) BOOL pdb_get_account_policy(int policy_index, uint32 *value)
{ {
struct pdb_methods *pdb = pdb_get_methods(); struct pdb_methods *pdb = pdb_get_methods();
return NT_STATUS_IS_OK(pdb->get_account_policy(pdb, policy_index, value)); NTSTATUS status;
become_root();
status = pdb->get_account_policy(pdb, policy_index, value);
unbecome_root();
return NT_STATUS_IS_OK(status);
} }
BOOL pdb_set_account_policy(int policy_index, uint32 value) BOOL pdb_set_account_policy(int policy_index, uint32 value)
{ {
struct pdb_methods *pdb = pdb_get_methods(); struct pdb_methods *pdb = pdb_get_methods();
return NT_STATUS_IS_OK(pdb->set_account_policy(pdb, policy_index, value)); NTSTATUS status;
become_root();
status = pdb->set_account_policy(pdb, policy_index, value);
unbecome_root();
return NT_STATUS_IS_OK(status);
} }
BOOL pdb_get_seq_num(time_t *seq_num) BOOL pdb_get_seq_num(time_t *seq_num)

4
source/rpc_parse/parse_samr.c
View File

@ -6331,8 +6331,10 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, struct samu *pw, DOM_SID *
return NT_STATUS_UNSUCCESSFUL; return NT_STATUS_UNSUCCESSFUL;
} }
become_root();
group_sid = pdb_get_group_sid(pw); group_sid = pdb_get_group_sid(pw);
unbecome_root();
if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) { if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) {
fstring group_sid_string; fstring group_sid_string;
fstring domain_sid_string; fstring domain_sid_string;

23
source/rpc_server/srv_samr_nt.c
View File

@ -2179,6 +2179,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
uint32 acc_granted; uint32 acc_granted;
BOOL ret; BOOL ret;
NTSTATUS result; NTSTATUS result;
BOOL success = False;
/* /*
* from the SID in the request: * from the SID in the request:
@ -2223,9 +2224,15 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
sids = NULL; sids = NULL;
/* make both calls inside the root block */
become_root(); become_root();
result = pdb_enum_group_memberships(p->mem_ctx, sam_pass, result = pdb_enum_group_memberships(p->mem_ctx, sam_pass,
&sids, &unix_gids, &num_groups); &sids, &unix_gids, &num_groups);
if ( NT_STATUS_IS_OK(result) ) {
success = sid_peek_check_rid(get_global_sam_sid(),
pdb_get_group_sid(sam_pass),
&primary_group_rid);
}
unbecome_root(); unbecome_root();
if (!NT_STATUS_IS_OK(result)) { if (!NT_STATUS_IS_OK(result)) {
@ -2234,15 +2241,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
return result; return result;
} }
gids = NULL; if ( !success ) {
num_gids = 0;
dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
SE_GROUP_ENABLED);
if (!sid_peek_check_rid(get_global_sam_sid(),
pdb_get_group_sid(sam_pass),
&primary_group_rid)) {
DEBUG(5, ("Group sid %s for user %s not in our domain\n", DEBUG(5, ("Group sid %s for user %s not in our domain\n",
sid_string_static(pdb_get_group_sid(sam_pass)), sid_string_static(pdb_get_group_sid(sam_pass)),
pdb_get_username(sam_pass))); pdb_get_username(sam_pass)));
@ -2250,8 +2249,12 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
return NT_STATUS_INTERNAL_DB_CORRUPTION; return NT_STATUS_INTERNAL_DB_CORRUPTION;
} }
dom_gid.g_rid = primary_group_rid; gids = NULL;
num_gids = 0;
dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
SE_GROUP_ENABLED);
dom_gid.g_rid = primary_group_rid;
ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids); ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids);
for (i=0; i<num_groups; i++) { for (i=0; i<num_groups; i++) {