Attachment #118137 for bug #177029

Lines 286-313 Link Here

(-)samba-3.0.24.orig/source/lib/util_sec.c (-22 lines)
286	}	286	}
287		287
288	/****************************************************************************	288	/****************************************************************************
289	Lightweight become root - no group change.
290	****************************************************************************/
291
292	void become_root_uid_only(void)
293	{
294	save_re_uid();
295	set_effective_uid(0);
296	}
297
298	/****************************************************************************
299	Lightweight unbecome root - no group change. Expects we are root already,
300	saves errno across call boundary.
301	****************************************************************************/
302
303	void unbecome_root_uid_only(void)
304	{
305	int saved_errno = errno;
306	restore_re_uid_fromroot();
307	errno = saved_errno;
308	}
309
310	/****************************************************************************
311	save the real and effective gid for later restoration. Used by the	289	save the real and effective gid for later restoration. Used by the
312	getgroups code	290	getgroups code
313	****************************************************************************/	291	****************************************************************************/




			return False;
		}

		become_root();
		result = pdb_lookup_rids(domain_sid, num_rids, rids,
					 *names, *types);
		unbecome_root();

		return (NT_STATUS_IS_OK(result) ||
			NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) ||

		goto done;
	}

	become_root();
	ret = pdb_uid_to_rid(uid, &rid);
	unbecome_root();

	if (ret) {
		/* This is a mapped user */

		goto done;
	}

	become_root();
	ret = pdb_gid_to_sid(gid, psid);
	unbecome_root();

	if (ret) {
		/* This is a mapped group */

		union unid_t id;
		BOOL ret;

		become_root();
		ret = pdb_sid_to_id(psid, &id, &type);
		unbecome_root();

		if (ret) {
			if (type != SID_NAME_USER) {

	     sid_check_is_in_wellknown_domain(psid))) {
		BOOL ret;

		become_root();
		ret = pdb_getgrsid(&map, *psid);
		unbecome_root();

		if (ret) {
			*pgid = map.gid;

	if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
		BOOL ret;

		become_root();
		ret = pdb_sid_to_id(psid, &id, &type);
		unbecome_root();

		if (ret) {
			if ((type != SID_NAME_DOM_GRP) &&

Return to bug 177029

Lines 421-430 Link Here

(-)samba-3.0.24.orig/source/passdb/lookup_sid.c (-12 / +12 lines)
421	return False;	421	return False;
422	}	422	}
423		423
424	become_root_uid_only();	424	become_root();
425	result = pdb_lookup_rids(domain_sid, num_rids, rids,	425	result = pdb_lookup_rids(domain_sid, num_rids, rids,
426	names, types);	426	names, types);
427	unbecome_root_uid_only();	427	unbecome_root();
428		428
429	return (NT_STATUS_IS_OK(result) \|\|	429	return (NT_STATUS_IS_OK(result) \|\|
430	NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) \|\|	430	NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) \|\|
Lines 1085-1093 Link Here
1085	goto done;	1085	goto done;
1086	}	1086	}
1087		1087
1088	become_root_uid_only();	1088	become_root();
1089	ret = pdb_uid_to_rid(uid, &rid);	1089	ret = pdb_uid_to_rid(uid, &rid);
1090	unbecome_root_uid_only();	1090	unbecome_root();
1091		1091
1092	if (ret) {	1092	if (ret) {
1093	/* This is a mapped user */	1093	/* This is a mapped user */
Lines 1131-1139 Link Here
1131	goto done;	1131	goto done;
1132	}	1132	}
1133		1133
1134	become_root_uid_only();	1134	become_root();
1135	ret = pdb_gid_to_sid(gid, psid);	1135	ret = pdb_gid_to_sid(gid, psid);
1136	unbecome_root_uid_only();	1136	unbecome_root();
1137		1137
1138	if (ret) {	1138	if (ret) {
1139	/* This is a mapped group */	1139	/* This is a mapped group */
Lines 1179-1187 Link Here
1179	union unid_t id;	1179	union unid_t id;
1180	BOOL ret;	1180	BOOL ret;
1181		1181
1182	become_root_uid_only();	1182	become_root();
1183	ret = pdb_sid_to_id(psid, &id, &type);	1183	ret = pdb_sid_to_id(psid, &id, &type);
1184	unbecome_root_uid_only();	1184	unbecome_root();
1185		1185
1186	if (ret) {	1186	if (ret) {
1187	if (type != SID_NAME_USER) {	1187	if (type != SID_NAME_USER) {
Lines 1259-1267 Link Here
1259	sid_check_is_in_wellknown_domain(psid))) {	1259	sid_check_is_in_wellknown_domain(psid))) {
1260	BOOL ret;	1260	BOOL ret;
1261		1261
1262	become_root_uid_only();	1262	become_root();
1263	ret = pdb_getgrsid(&map, *psid);	1263	ret = pdb_getgrsid(&map, *psid);
1264	unbecome_root_uid_only();	1264	unbecome_root();
1265		1265
1266	if (ret) {	1266	if (ret) {
1267	*pgid = map.gid;	1267	*pgid = map.gid;
Lines 1273-1281 Link Here
1273	if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {	1273	if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
1274	BOOL ret;	1274	BOOL ret;
1275		1275
1276	become_root_uid_only();	1276	become_root();
1277	ret = pdb_sid_to_id(psid, &id, &type);	1277	ret = pdb_sid_to_id(psid, &id, &type);
1278	unbecome_root_uid_only();	1278	unbecome_root();
1279		1279
1280	if (ret) {	1280	if (ret) {
1281	if ((type != SID_NAME_DOM_GRP) &&	1281	if ((type != SID_NAME_DOM_GRP) &&