sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-07 20:23:50 +03:00
Code Activity

r11433: Fix for bug #3223 - ensure we're root before doing

Browse Source 
any potential lib/smbldap.c calls.
Jeremy.
This commit is contained in:
Jeremy Allison
2005-10-31 23:47:57 +00:00
committed by Gerald (Jerry) Carter
parent 7edb26e765
commit 915cfb48f0
1 changed files with 53 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
source/rpc_server/srv_samr_nt.c
View File

@@ -1805,8 +1805,9 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
uint32 num_users=0, num_groups=0, num_aliases=0;
if ((ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_CTR)) == NULL)
if ((ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_CTR)) == NULL) {
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(ctr);
@@ -1815,12 +1816,17 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
/* find the policy handle. open a policy on it. */
if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info))
if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info)) {
return NT_STATUS_INVALID_HANDLE;
}
switch (q_u->switch_value) {
case 0x01:
become_root();
/* AS ROOT !!! */
pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp);
min_pass_len = account_policy_temp;
@@ -1835,7 +1841,11 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp);
u_min_age = account_policy_temp;
/* !AS ROOT */
unbecome_root();
unix_to_nt_time_abs(&nt_expire, u_expire);
unix_to_nt_time_abs(&nt_min_age, u_min_age);
@@ -1843,11 +1853,14 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
flag, nt_expire, nt_min_age);
break;
case 0x02:
become_root();
/* AS ROOT !!! */
num_users=count_sam_users(&info->disp_info,
ACB_NORMAL);
num_groups=count_sam_groups(&info->disp_info);
unbecome_root();
pdb_get_account_policy(AP_TIME_TO_LOGOUT, &account_policy_temp);
u_logout = account_policy_temp;
@@ -1857,6 +1870,10 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
if (!pdb_get_seq_num(&seq_num))
seq_num = time(NULL);
/* !AS ROOT */
unbecome_root();
server_role = ROLE_DOMAIN_PDC;
if (lp_server_role() == ROLE_DOMAIN_BDC)
server_role = ROLE_DOMAIN_BDC;
@@ -1865,7 +1882,17 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
num_users, num_groups, num_aliases, nt_logout, server_role);
break;
case 0x03:
become_root();
/* AS ROOT !!! */
pdb_get_account_policy(AP_TIME_TO_LOGOUT, (unsigned int *)&u_logout);
/* !AS ROOT */
unbecome_root();
unix_to_nt_time_abs(&nt_logout, u_logout);
init_unk_info3(&ctr->info.inf3, nt_logout);
@@ -1884,16 +1911,32 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
init_unk_info7(&ctr->info.inf7, server_role);
break;
case 0x08:
if (!pdb_get_seq_num(&seq_num))
become_root();
/* AS ROOT !!! */
if (!pdb_get_seq_num(&seq_num)) {
seq_num = time(NULL);
}
/* !AS ROOT */
unbecome_root();
init_unk_info8(&ctr->info.inf8, (uint32) seq_num);
break;
case 0x0c:
become_root();
/* AS ROOT !!! */
pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
u_lock_duration = account_policy_temp;
if (u_lock_duration != -1)
if (u_lock_duration != -1) {
u_lock_duration *= 60;
}
pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp);
u_reset_time = account_policy_temp * 60;
@@ -1901,6 +1944,10 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
lockout = account_policy_temp;
/* !AS ROOT */
unbecome_root();
unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
unix_to_nt_time_abs(&nt_reset_time, u_reset_time);
@@ -1910,6 +1957,7 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
return NT_STATUS_INVALID_INFO_CLASS;
}
init_samr_r_query_dom_info(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));