Author: jra Date: 2005-10-31 23:47:57 +0000 (Mon, 31 Oct 2005) New Revision: 11433
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11433 Log: Fix for bug #3223 - ensure we're root before doing any potential lib/smbldap.c calls. Jeremy. Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c =================================================================== --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-10-31 23:45:47 UTC (rev 11432) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-10-31 23:47:57 UTC (rev 11433) @@ -1805,8 +1805,9 @@ uint32 num_users=0, num_groups=0, num_aliases=0; - if ((ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_CTR)) == NULL) + if ((ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_CTR)) == NULL) { return NT_STATUS_NO_MEMORY; + } ZERO_STRUCTP(ctr); @@ -1815,12 +1816,17 @@ DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__)); /* find the policy handle. open a policy on it. */ - if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info)) + if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info)) { return NT_STATUS_INVALID_HANDLE; + } switch (q_u->switch_value) { case 0x01: + become_root(); + + /* AS ROOT !!! */ + pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp); min_pass_len = account_policy_temp; @@ -1835,7 +1841,11 @@ pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp); u_min_age = account_policy_temp; + + /* !AS ROOT */ + unbecome_root(); + unix_to_nt_time_abs(&nt_expire, u_expire); unix_to_nt_time_abs(&nt_min_age, u_min_age); @@ -1843,11 +1853,14 @@ flag, nt_expire, nt_min_age); break; case 0x02: + become_root(); + + /* AS ROOT !!! */ + num_users=count_sam_users(&info->disp_info, ACB_NORMAL); num_groups=count_sam_groups(&info->disp_info); - unbecome_root(); pdb_get_account_policy(AP_TIME_TO_LOGOUT, &account_policy_temp); u_logout = account_policy_temp; @@ -1857,6 +1870,10 @@ if (!pdb_get_seq_num(&seq_num)) seq_num = time(NULL); + /* !AS ROOT */ + + unbecome_root(); + server_role = ROLE_DOMAIN_PDC; if (lp_server_role() == ROLE_DOMAIN_BDC) server_role = ROLE_DOMAIN_BDC; @@ -1865,7 +1882,17 @@ num_users, num_groups, num_aliases, nt_logout, server_role); break; case 0x03: + + become_root(); + + /* AS ROOT !!! */ + pdb_get_account_policy(AP_TIME_TO_LOGOUT, (unsigned int *)&u_logout); + + /* !AS ROOT */ + + unbecome_root(); + unix_to_nt_time_abs(&nt_logout, u_logout); init_unk_info3(&ctr->info.inf3, nt_logout); @@ -1884,16 +1911,32 @@ init_unk_info7(&ctr->info.inf7, server_role); break; case 0x08: - if (!pdb_get_seq_num(&seq_num)) + + become_root(); + + /* AS ROOT !!! */ + + if (!pdb_get_seq_num(&seq_num)) { seq_num = time(NULL); + } + /* !AS ROOT */ + + unbecome_root(); + init_unk_info8(&ctr->info.inf8, (uint32) seq_num); break; case 0x0c: + + become_root(); + + /* AS ROOT !!! */ + pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp); u_lock_duration = account_policy_temp; - if (u_lock_duration != -1) + if (u_lock_duration != -1) { u_lock_duration *= 60; + } pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp); u_reset_time = account_policy_temp * 60; @@ -1901,6 +1944,10 @@ pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp); lockout = account_policy_temp; + /* !AS ROOT */ + + unbecome_root(); + unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration); unix_to_nt_time_abs(&nt_reset_time, u_reset_time); @@ -1910,6 +1957,7 @@ return NT_STATUS_INVALID_INFO_CLASS; } + init_samr_r_query_dom_info(r_u, q_u->switch_value, ctr, NT_STATUS_OK); DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
