return NT_STATUS_UNSUCCESSFUL;
}
+ become_root();
+
for (i=0;i<num_groups;i++) {
if (!get_group_from_gid(groups[i], &map)) {
break;
}
+ unbecome_root();
+
if(num_groups) free(groups);
/* now check for the user's gid (the primary group rid) */
DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
+ become_root();
+
if(!get_group_from_gid(gid, &map)) {
DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
goto done;
}
+ unbecome_root();
+
/* the primary group isn't an alias */
if (map.sid_name_use!=SID_NAME_ALIAS) {
DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
+ /* we must wrap this is become/unbecome root for ldap backends */
+ become_root();
+
/* first get the list of the domain groups */
if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED))
return False;
DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
+ unbecome_root();
+ /* end wrapper for group enumeration */
+
/*
* alloc memory. In the worse case, we alloc memory for nothing.
* but I prefer to alloc for nothing