Simple sync between smbpasswd and passwd

Tavis Barr tavis at mahler.econ.columbia.edu
Thu Jun 11 18:30:24 GMT 1998 

I guess what I'm wondering is if there shouldn't be a replacement for 
passwd (in addition to yppasswd and NIS+) as part of the official Samba 
code.  If so, then it would require a Makefile for different systems and 
testing by different people under different environments.

I'm not an experienced enough programmer to take this on, but would be 
happy to do the debugging for SunOS (including the problems below).  The 
setuid problem will need some thinking out (is there a way for a setuid 
program to call another one as non-setuid?  If not, then there would have 
to be two separate sub-programs, one run non-setuid that asks for the 
password and runs checks on it and sends it to smbpasswd, and a setuid 
program that takes an original password and an acceptable password as an 
agrument, verifies the original password, and changes it.  I'm not sure 
if that wold create security problems).  The other problems seem easily 
fixable, though I suspect more such problems will come up as people use 
it on different systems.

My question for people on the Samba team: Is this the appropriate list to 
discuss such a project?  How does one officially start it?

Thanks,
Tavis



On Thu, 11 Jun 1998, David Bannon wrote:

> 
> This thread needed a new name.
> 
> At 16:08 09/06/1998 +1000, you wrote:
> >
> >On Tue, 9 Jun 1998, David Bannon wrote:
> >
> > ... my very basic programme to replace the unix passwd programme...
> > http://bioserve.latrobe.edu.au/about/passwd.c.txt
> 
> Unfortuantly I only have access to DEC and linux at present. My DEC is a
> bit old (hey, if its not broken, why fix it ?) and my linux is being
> rebuilt for another 'development'. I may be able to call on some
> friendships to get limited Sun access, not very satisfactory... (you know,
> 'can I write to your passwd file please ?').
> 
> >
> >I tested this code out on SunOs 4.1.3, and found a number of things that 
> >didn't work right:
> >
> >(1) There is no header file "mode.h" in my system, 
> 
> Seems to go back to early OSF stuff, has some defines for stat.
> Unnecessary on my system, although a couple of man pages for
> function like to mention it. Leave it out. 
> 
> 
> >
> >(2) SunOS does not use the passwd.dir and passwd.pag files; hence it does 
> >not have /sbin/mkpasswd.  This command failed and reported an error, but 
> >/etc/passwd and ~/smbpasswd were still updated correctly.
> 
> I can easy set up a define to include (or not) such things.
> 
> >(3) Upon successful completion, it changed the permissions on /etc/passwd 
> >to make it readable only by root.  (!!!!!!!!!!!!!!!!!!!!)
> 
> Now, that would be a real beauty ! Someone else had the same problem. In
> the function FilterFile() there is a call to fchmod(.. 0x644). Can it be
> that that function is not implemented on other systems ????
> 
> 
> >(4) It only worked correctly for non-privileged users when run setuid 
> >root, but smbpasswd only works correctly when _not_ setuid root.
> 
> Hmm... I am using a month or so old version of Samba NTDom, I have not been
> upgrading very often as what I had works for me at present. I did read
> somewhere a comment about smbpasswd changing its way of doing things there.
> I will be running up a linux box with samba in the next couple of days,
> I'll get the current copy and compare.
> 
> 
> >Anyway, it's a nifty little program and I don't know if you ever intended 
> >to make it operable beyond your own system, but if you do perhaps we can 
> >work on fixing the above.
> 
> 
> I don't think it is worth the effort of setting up pre compile config
> files, as long as the problems are solveable and documented then any
> programmmer should be able to fiddle the header to get something working.
> I'll have a go at problen #4 in particular in the next couple of weeks if
> possible. (I'm going camping in Central Australia for 2 weeks soon, so it
> may be a bit longer). 
> 
> Any comments, suggestions etc are welcome. 
> 
> David
> 
> 
> ------------------------------------------------------------
> David Bannon                      D.Bannon at latrobe.edu.au
> School of Biochemistry            Phone 61 03 9479 2197
> La Trobe University, Plenty Rd,   Fax   61 03 9479 2467
> Bundoora, Vic, Australia, 3083    http://bioserve.latrobe.edu.au
> ------------------------------------------------------------
> ..... Humpty Dumpty was pushed !
>

More information about the samba-ntdom mailing list