How the heck can it work?

Ron Alexander rcalex at home.com
Mon Jul 24 23:47:46 GMT 2000 

Unfortunatly, you have to pass the check at line 365 in order to get to the
code starting at 379. Since the Get_Pwnam function is POSIX.1 compliant on
our system, the password is NOT returned, and therefore always fails.

Thanks,
Ron

-----Original Message-----
From: gcarter at mx7-w.mail.home.com [mailto:gcarter at mx7-w.mail.home.com]On
Behalf Of Gerald Carter
Sent: July 24, 2000 4:58 PM
To: Ron Alexander
Cc: Samba-Technical
Subject: Re: How the heck can it work?


Ron Alexander wrote:
>
> What do you mean by It? Can you kindly be a little
> more specific as I see it the following are involved.

'It' is SWAT.

> 1. The inetd daemon. What perms, SUID etc should it have.

root.  The user specified in smb.conf

> 2. The inetd.conf. It specifies root as one of the
> parameters. Why?

In order to bind to the privildged port 901 (as a
general rule).

> 3. The swat program. If I make it SUID it works
> differently.

I have never tried this.  It should not be necessary.
Of course I could quit speculating and actually dig
into the code.  :-)

OK...look at the web/cgi.c in lines 379 - 395

if((ret = pass_check(user, user_pass,
                     strlen(user_pass), NULL, NULL)) == True)
{

	/*
         * Password was ok.
         */

	if(pass->pw_uid != 0) {
		/*
	         * We have not authenticated as root,
	         * become the user *permanently*.
	         */
	         become_user_permanently(pass->pw_uid, pass->pw_gid);
         }

	/* Save the users name */
        C_user = strdup(user);
}

become_user_permanently() is defined in lib/util_sec.c

Therefore,

  * swat starts as root
  * user logs in
  * upon successful logon, SWAT changes its effective
    uid to that of the authenticated user

Make sense?

> 4. The perms on the smb.conf file.

Access to modify smb.conf should be controlled by
the UNIX uid of the suer you logged onto the SWAT
session as.  That is the way it has always worked
for me.  (see above explanation).

> I know VOS is not Unix. Do you mind helping someone port
> samba to a new platform? (notwithstanding the non
> POSIX port of 1.9... by Erik)

I don't mind answering questions at all.  Time wise I half
a really full plate at the moement.  :-)





jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com  VA Linux Systems    gcarter at valinux.com
       http://www.samba.org       SAMBA Team           jerry at samba.org
       http://www.eng.auburn.edu/~cartegw

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list