svn commit: samba r21507 - in branches: SAMBA_3_0/source/passdb
SAMBA_3_0/source/rpc_parse SAMBA_3_0/source/rpc_server
SAMBA_3_0_25/source/passdb SAMBA_3_0_25/source/rpc_parse
SAMBA_3_0_25/source/rpc_server
jerry at samba.org
jerry at samba.org
Thu Feb 22 20:52:29 GMT 2007
Author: jerry
Date: 2007-02-22 20:52:27 +0000 (Thu, 22 Feb 2007)
New Revision: 21507
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21507
Log:
Fix some "cannot access LDAP when no root" bugs.
The two culprits were
* pdb_get_account_policy()
* pdb_get_group_sid()
Modified:
branches/SAMBA_3_0/source/passdb/pdb_interface.c
branches/SAMBA_3_0/source/rpc_parse/parse_samr.c
branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
branches/SAMBA_3_0_25/source/passdb/pdb_interface.c
branches/SAMBA_3_0_25/source/rpc_parse/parse_samr.c
branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/passdb/pdb_interface.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/pdb_interface.c 2007-02-22 17:52:23 UTC (rev 21506)
+++ branches/SAMBA_3_0/source/passdb/pdb_interface.c 2007-02-22 20:52:27 UTC (rev 21507)
@@ -987,13 +987,25 @@
BOOL pdb_get_account_policy(int policy_index, uint32 *value)
{
struct pdb_methods *pdb = pdb_get_methods();
- return NT_STATUS_IS_OK(pdb->get_account_policy(pdb, policy_index, value));
+ NTSTATUS status;
+
+ become_root();
+ status = pdb->get_account_policy(pdb, policy_index, value);
+ unbecome_root();
+
+ return NT_STATUS_IS_OK(status);
}
BOOL pdb_set_account_policy(int policy_index, uint32 value)
{
struct pdb_methods *pdb = pdb_get_methods();
- return NT_STATUS_IS_OK(pdb->set_account_policy(pdb, policy_index, value));
+ NTSTATUS status;
+
+ become_root();
+ status = pdb->set_account_policy(pdb, policy_index, value);
+ unbecome_root();
+
+ return NT_STATUS_IS_OK(status);
}
BOOL pdb_get_seq_num(time_t *seq_num)
Modified: branches/SAMBA_3_0/source/rpc_parse/parse_samr.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_parse/parse_samr.c 2007-02-22 17:52:23 UTC (rev 21506)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_samr.c 2007-02-22 20:52:27 UTC (rev 21507)
@@ -6331,8 +6331,10 @@
return NT_STATUS_UNSUCCESSFUL;
}
+ become_root();
group_sid = pdb_get_group_sid(pw);
-
+ unbecome_root();
+
if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) {
fstring group_sid_string;
fstring domain_sid_string;
Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2007-02-22 17:52:23 UTC (rev 21506)
+++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2007-02-22 20:52:27 UTC (rev 21507)
@@ -2179,6 +2179,7 @@
uint32 acc_granted;
BOOL ret;
NTSTATUS result;
+ BOOL success = False;
/*
* from the SID in the request:
@@ -2223,9 +2224,15 @@
sids = NULL;
+ /* make both calls inside the root block */
become_root();
result = pdb_enum_group_memberships(p->mem_ctx, sam_pass,
&sids, &unix_gids, &num_groups);
+ if ( NT_STATUS_IS_OK(result) ) {
+ success = sid_peek_check_rid(get_global_sam_sid(),
+ pdb_get_group_sid(sam_pass),
+ &primary_group_rid);
+ }
unbecome_root();
if (!NT_STATUS_IS_OK(result)) {
@@ -2234,15 +2241,7 @@
return result;
}
- gids = NULL;
- num_gids = 0;
-
- dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
- SE_GROUP_ENABLED);
-
- if (!sid_peek_check_rid(get_global_sam_sid(),
- pdb_get_group_sid(sam_pass),
- &primary_group_rid)) {
+ if ( !success ) {
DEBUG(5, ("Group sid %s for user %s not in our domain\n",
sid_string_static(pdb_get_group_sid(sam_pass)),
pdb_get_username(sam_pass)));
@@ -2250,8 +2249,12 @@
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
+ gids = NULL;
+ num_gids = 0;
+
+ dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
+ SE_GROUP_ENABLED);
dom_gid.g_rid = primary_group_rid;
-
ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids);
for (i=0; i<num_groups; i++) {
Modified: branches/SAMBA_3_0_25/source/passdb/pdb_interface.c
===================================================================
--- branches/SAMBA_3_0_25/source/passdb/pdb_interface.c 2007-02-22 17:52:23 UTC (rev 21506)
+++ branches/SAMBA_3_0_25/source/passdb/pdb_interface.c 2007-02-22 20:52:27 UTC (rev 21507)
@@ -987,13 +987,25 @@
BOOL pdb_get_account_policy(int policy_index, uint32 *value)
{
struct pdb_methods *pdb = pdb_get_methods();
- return NT_STATUS_IS_OK(pdb->get_account_policy(pdb, policy_index, value));
+ NTSTATUS status;
+
+ become_root();
+ status = pdb->get_account_policy(pdb, policy_index, value);
+ unbecome_root();
+
+ return NT_STATUS_IS_OK(status);
}
BOOL pdb_set_account_policy(int policy_index, uint32 value)
{
struct pdb_methods *pdb = pdb_get_methods();
- return NT_STATUS_IS_OK(pdb->set_account_policy(pdb, policy_index, value));
+ NTSTATUS status;
+
+ become_root();
+ status = pdb->set_account_policy(pdb, policy_index, value);
+ unbecome_root();
+
+ return NT_STATUS_IS_OK(status);
}
BOOL pdb_get_seq_num(time_t *seq_num)
Modified: branches/SAMBA_3_0_25/source/rpc_parse/parse_samr.c
===================================================================
--- branches/SAMBA_3_0_25/source/rpc_parse/parse_samr.c 2007-02-22 17:52:23 UTC (rev 21506)
+++ branches/SAMBA_3_0_25/source/rpc_parse/parse_samr.c 2007-02-22 20:52:27 UTC (rev 21507)
@@ -6261,8 +6261,10 @@
return NT_STATUS_UNSUCCESSFUL;
}
+ become_root();
group_sid = pdb_get_group_sid(pw);
-
+ unbecome_root();
+
if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) {
fstring group_sid_string;
fstring domain_sid_string;
Modified: branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c
===================================================================
--- branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c 2007-02-22 17:52:23 UTC (rev 21506)
+++ branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c 2007-02-22 20:52:27 UTC (rev 21507)
@@ -2179,6 +2179,7 @@
uint32 acc_granted;
BOOL ret;
NTSTATUS result;
+ BOOL success = False;
/*
* from the SID in the request:
@@ -2223,9 +2224,15 @@
sids = NULL;
+ /* make both calls inside the root block */
become_root();
result = pdb_enum_group_memberships(p->mem_ctx, sam_pass,
&sids, &unix_gids, &num_groups);
+ if ( NT_STATUS_IS_OK(result) ) {
+ success = sid_peek_check_rid(get_global_sam_sid(),
+ pdb_get_group_sid(sam_pass),
+ &primary_group_rid);
+ }
unbecome_root();
if (!NT_STATUS_IS_OK(result)) {
@@ -2234,15 +2241,7 @@
return result;
}
- gids = NULL;
- num_gids = 0;
-
- dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
- SE_GROUP_ENABLED);
-
- if (!sid_peek_check_rid(get_global_sam_sid(),
- pdb_get_group_sid(sam_pass),
- &primary_group_rid)) {
+ if ( !success ) {
DEBUG(5, ("Group sid %s for user %s not in our domain\n",
sid_string_static(pdb_get_group_sid(sam_pass)),
pdb_get_username(sam_pass)));
@@ -2250,8 +2249,12 @@
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
+ gids = NULL;
+ num_gids = 0;
+
+ dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
+ SE_GROUP_ENABLED);
dom_gid.g_rid = primary_group_rid;
-
ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids);
for (i=0; i<num_groups; i++) {
More information about the samba-cvs
mailing list