trying to get HEAD building again. If you want the code

[metze/samba/wip.git] / source3 / rpc_server / srv_util.c

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index f96ccaef672fac3dd9eadaefc5719e5b4e4ec187..03e53118a89afe18bc4c912caf0f84dabb26e8c2 100644 (file)
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -129,7 +129,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 
        fstrcpy(user_name, pdb_get_username(sam_pass));
        grid=pdb_get_group_rid(sam_pass);
-       if (NT_STATUS_IS_ERR(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) {
+       if (!NT_STATUS_IS_OK(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) {
                /* this should never happen */
                DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n"));
                pdb_free_sam(&sam_pass);
@@ -147,14 +147,17 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
                return NT_STATUS_UNSUCCESSFUL;
        }
 
+       become_root();
+       
        for (i=0;i<num_groups;i++) {
-               if(!get_group_from_gid(groups[i], &map, MAPPING_WITHOUT_PRIV)) {
+
+               if (!get_group_from_gid(groups[i], &map)) {
                        DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i]));
                        continue;
                }
                
                /* if it's not an alias, continue */
-               if (map.sid_name_use!=SID_NAME_ALIAS) {
+               if (map.sid_name_use != SID_NAME_ALIAS) {
                        DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
                        continue;
                }
@@ -194,7 +197,9 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
                break;
        }
 
-       free(groups);
+       unbecome_root();
+       
+       if(num_groups) free(groups);
 
        /* now check for the user's gid (the primary group rid) */
        for (i=0; i<cur_rid && grid!=rids[i]; i++)
@@ -208,11 +213,15 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 
        DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
 
-       if(!get_group_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
+       become_root();
+
+       if(!get_group_from_gid(gid, &map)) {
                DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
                goto done;
        }       
 
+       unbecome_root();
+
        /* the primary group isn't an alias */
        if (map.sid_name_use!=SID_NAME_ALIAS) {
                DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
@@ -280,11 +289,17 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
 
        DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
 
+       /* we must wrap this is become/unbecome root for ldap backends */
+       become_root();
+
        /* first get the list of the domain groups */
-       if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+       if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED))
                return False;
        DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
 
+       unbecome_root();
+       /* end wrapper for group enumeration */
+
        /* 
         * alloc memory. In the worse case, we alloc memory for nothing.
         * but I prefer to alloc for nothing