Author: jerry Date: 2007-02-22 20:52:27 +0000 (Thu, 22 Feb 2007) New Revision: 21507
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21507 Log: Fix some "cannot access LDAP when no root" bugs. The two culprits were * pdb_get_account_policy() * pdb_get_group_sid() Modified: branches/SAMBA_3_0/source/passdb/pdb_interface.c branches/SAMBA_3_0/source/rpc_parse/parse_samr.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0_25/source/passdb/pdb_interface.c branches/SAMBA_3_0_25/source/rpc_parse/parse_samr.c branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/pdb_interface.c =================================================================== --- branches/SAMBA_3_0/source/passdb/pdb_interface.c 2007-02-22 17:52:23 UTC (rev 21506) +++ branches/SAMBA_3_0/source/passdb/pdb_interface.c 2007-02-22 20:52:27 UTC (rev 21507) @@ -987,13 +987,25 @@ BOOL pdb_get_account_policy(int policy_index, uint32 *value) { struct pdb_methods *pdb = pdb_get_methods(); - return NT_STATUS_IS_OK(pdb->get_account_policy(pdb, policy_index, value)); + NTSTATUS status; + + become_root(); + status = pdb->get_account_policy(pdb, policy_index, value); + unbecome_root(); + + return NT_STATUS_IS_OK(status); } BOOL pdb_set_account_policy(int policy_index, uint32 value) { struct pdb_methods *pdb = pdb_get_methods(); - return NT_STATUS_IS_OK(pdb->set_account_policy(pdb, policy_index, value)); + NTSTATUS status; + + become_root(); + status = pdb->set_account_policy(pdb, policy_index, value); + unbecome_root(); + + return NT_STATUS_IS_OK(status); } BOOL pdb_get_seq_num(time_t *seq_num) Modified: branches/SAMBA_3_0/source/rpc_parse/parse_samr.c =================================================================== --- branches/SAMBA_3_0/source/rpc_parse/parse_samr.c 2007-02-22 17:52:23 UTC (rev 21506) +++ branches/SAMBA_3_0/source/rpc_parse/parse_samr.c 2007-02-22 20:52:27 UTC (rev 21507) @@ -6331,8 +6331,10 @@ return NT_STATUS_UNSUCCESSFUL; } + become_root(); group_sid = pdb_get_group_sid(pw); - + unbecome_root(); + if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) { fstring group_sid_string; fstring domain_sid_string; Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c =================================================================== --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2007-02-22 17:52:23 UTC (rev 21506) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2007-02-22 20:52:27 UTC (rev 21507) @@ -2179,6 +2179,7 @@ uint32 acc_granted; BOOL ret; NTSTATUS result; + BOOL success = False; /* * from the SID in the request: @@ -2223,9 +2224,15 @@ sids = NULL; + /* make both calls inside the root block */ become_root(); result = pdb_enum_group_memberships(p->mem_ctx, sam_pass, &sids, &unix_gids, &num_groups); + if ( NT_STATUS_IS_OK(result) ) { + success = sid_peek_check_rid(get_global_sam_sid(), + pdb_get_group_sid(sam_pass), + &primary_group_rid); + } unbecome_root(); if (!NT_STATUS_IS_OK(result)) { @@ -2234,15 +2241,7 @@ return result; } - gids = NULL; - num_gids = 0; - - dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT| - SE_GROUP_ENABLED); - - if (!sid_peek_check_rid(get_global_sam_sid(), - pdb_get_group_sid(sam_pass), - &primary_group_rid)) { + if ( !success ) { DEBUG(5, ("Group sid %s for user %s not in our domain\n", sid_string_static(pdb_get_group_sid(sam_pass)), pdb_get_username(sam_pass))); @@ -2250,8 +2249,12 @@ return NT_STATUS_INTERNAL_DB_CORRUPTION; } + gids = NULL; + num_gids = 0; + + dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT| + SE_GROUP_ENABLED); dom_gid.g_rid = primary_group_rid; - ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids); for (i=0; i<num_groups; i++) { Modified: branches/SAMBA_3_0_25/source/passdb/pdb_interface.c =================================================================== --- branches/SAMBA_3_0_25/source/passdb/pdb_interface.c 2007-02-22 17:52:23 UTC (rev 21506) +++ branches/SAMBA_3_0_25/source/passdb/pdb_interface.c 2007-02-22 20:52:27 UTC (rev 21507) @@ -987,13 +987,25 @@ BOOL pdb_get_account_policy(int policy_index, uint32 *value) { struct pdb_methods *pdb = pdb_get_methods(); - return NT_STATUS_IS_OK(pdb->get_account_policy(pdb, policy_index, value)); + NTSTATUS status; + + become_root(); + status = pdb->get_account_policy(pdb, policy_index, value); + unbecome_root(); + + return NT_STATUS_IS_OK(status); } BOOL pdb_set_account_policy(int policy_index, uint32 value) { struct pdb_methods *pdb = pdb_get_methods(); - return NT_STATUS_IS_OK(pdb->set_account_policy(pdb, policy_index, value)); + NTSTATUS status; + + become_root(); + status = pdb->set_account_policy(pdb, policy_index, value); + unbecome_root(); + + return NT_STATUS_IS_OK(status); } BOOL pdb_get_seq_num(time_t *seq_num) Modified: branches/SAMBA_3_0_25/source/rpc_parse/parse_samr.c =================================================================== --- branches/SAMBA_3_0_25/source/rpc_parse/parse_samr.c 2007-02-22 17:52:23 UTC (rev 21506) +++ branches/SAMBA_3_0_25/source/rpc_parse/parse_samr.c 2007-02-22 20:52:27 UTC (rev 21507) @@ -6261,8 +6261,10 @@ return NT_STATUS_UNSUCCESSFUL; } + become_root(); group_sid = pdb_get_group_sid(pw); - + unbecome_root(); + if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) { fstring group_sid_string; fstring domain_sid_string; Modified: branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c =================================================================== --- branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c 2007-02-22 17:52:23 UTC (rev 21506) +++ branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c 2007-02-22 20:52:27 UTC (rev 21507) @@ -2179,6 +2179,7 @@ uint32 acc_granted; BOOL ret; NTSTATUS result; + BOOL success = False; /* * from the SID in the request: @@ -2223,9 +2224,15 @@ sids = NULL; + /* make both calls inside the root block */ become_root(); result = pdb_enum_group_memberships(p->mem_ctx, sam_pass, &sids, &unix_gids, &num_groups); + if ( NT_STATUS_IS_OK(result) ) { + success = sid_peek_check_rid(get_global_sam_sid(), + pdb_get_group_sid(sam_pass), + &primary_group_rid); + } unbecome_root(); if (!NT_STATUS_IS_OK(result)) { @@ -2234,15 +2241,7 @@ return result; } - gids = NULL; - num_gids = 0; - - dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT| - SE_GROUP_ENABLED); - - if (!sid_peek_check_rid(get_global_sam_sid(), - pdb_get_group_sid(sam_pass), - &primary_group_rid)) { + if ( !success ) { DEBUG(5, ("Group sid %s for user %s not in our domain\n", sid_string_static(pdb_get_group_sid(sam_pass)), pdb_get_username(sam_pass))); @@ -2250,8 +2249,12 @@ return NT_STATUS_INTERNAL_DB_CORRUPTION; } + gids = NULL; + num_gids = 0; + + dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT| + SE_GROUP_ENABLED); dom_gid.g_rid = primary_group_rid; - ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids); for (i=0; i<num_groups; i++) {