Become_root depth is nonzero

Doug VanLeuven ldx at
Sun Aug 8 22:42:44 GMT 1999

Michael Stockman wrote:

> Hello,
> After starting to use usrmgr yesterday I noticed a problem with
> nonzero root depth. This occurs in rpc_server/srv_lookup.c and I
> believe it is caused by a call to lookup_name in make_dom_gids being
> wrapped in become_root. Since all privileged calls from lookup_name
> and it's descendants also are wrapped, the error occurs when we get to
> them.

I researched & posted on this a while back.  On my system
Redhat 5.2, kernel 2.0.36, gcc,
samba CVS as of 7-28-99  with LDAP
the above mentioned call was the one responsible for all my reported errors.

> The patch I'm proposing removes the seemingly unneeded become_root /
> unbecome_root pair around that call. I have not been able to detect
> any new problems from this, and it seems to me that the pair was
> anyway on the wrong level in the architecture.

Because the second unbecome_root incorrectly restored root privliges, I felt it
was a security issue & rewrote the become/unbecome root pair to push & pop
user & directory info to a depth of 2, no errors since.

I reverted smbd/uid.c & applied your patch.
1. boot an NT standalone server joined to samba PDC domain
2. run user manager for domains
3. user/properties
4. edit groups
5. Add a group that user is not member of
6. Informed "Access denied error"
7. Logs indicate become/unbecome root error
8. Closing & re-opening groups shows user now in additional groups and
    is reflected in LDAP DB.

so I'm still getting the error in this circumstance.

-- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax)
Chief Engineer, USMM roamdad at
Programmer/Analyst, SCWA doug at

More information about the samba-technical mailing list