Patches to head (become_root and some RPC stuff)

Mon Aug 23 11:43:20 GMT 1999

HMichael Stockman wrote:
> 
> Hello,
> 
> Here are the weekend's patches:
> 
> smbd/uid.c <the survive nested become_roots patch>
> 
> include/proto.h <no comment needed, connected only with util_status.c>
> 
> lib/util_status.c <fixed a bug, added pid_to_uid(pid_t, uid_t *)>
> 
> lib/util_file.c and passdb/smbpass.c
>     <removed permission changing on groupdb files and smbpasswd - this
> is
>     necessary to allow permission to be set so that others than owner
>     (root) can use usrmgr (when become_root is removed)>
> 
> rpc_parse/parse_srv.c <fixed a bug>
> 
> rpc_server/srv_lookup.c <the become_root removal again>
> 
> rpc_server/srv_netlog.c <the become_root removal again>
> 
> Michael Glauche, could you please verify that the two following
> patches don't interfere with your work. If they do, please take what
> you can use from them (if anything).
> 
> rpc_server/srv_samr.c <the become_root removal again,
> this time grouped with improvements to RPC replies making
> * usrmgr report Access denied if user lack read to smbpasswd or group
> maps>
> 
> rpc_server/srv_srvsvc.c <the become_root removal again,
> this time grouped with improvements to RPC replies making
> * srvmgr report in server properties
>   * connected time for users in user tab
>   * locked files in files tab (should actually be open files - but I
> don't
>     think that is saved shared currently and the first open to a file
>     usually locks it anyway), open pipes are not reported
> requires the patch to util_status.c>
> 
> ---
> 
> The previously submitted patch to rpc_server/srv_pipe.c is withdrawn
> since become_root appears to be used correctly for a password check
> there (one instance).
> 
> ---
> 
> Luke, when/if Michael Glauche say that the two last patches are ok,
> could we try to put it in the CVS and see what pops up? Everything
> seems to work on my smbpasswd based system and Dougs LDAP system
> (except the extra share).

It seems to breake plain file smbpasswd authentication :

[1999/08/23 13:33:06, 3] smbd/ipc.c:reply_trans(3601)
  trans <\PIPE\> data=96 params=0 setup=2
[1999/08/23 13:33:06, 3] smbd/ipc.c:named_pipe(3456)
  named pipe command on <> name
[1999/08/23 13:33:06, 3] smbd/ipc.c:api_fd_reply(3243)
  Got API command 0x26 on pipe "NETLOGON" (pnum 7013)Doing
\PIPE\NETLOGON
[1999/08/23 13:33:06, 3] rpc_server/srv_pipe.c:api_rpc_command(739)
  api_rpc_command: NET_REQCHAL
[1999/08/23 13:33:06, 0] lib/util_file.c:startfileent(131)
  startfileent: unable to open file /etc/smbpasswd
[1999/08/23 13:33:06, 0] passdb/passdb.c:iterate_getsmbpwnam(137)
  unable to open smb password database.
[1999/08/23 13:33:06, 0] rpc_server/srv_netlog.c:get_md4pw(307)
  get_md4pw: Workstation TESTLAB$: no account in domain
[1999/08/23 13:33:06, 3] smbd/process.c:process_smb(569)
  Transaction 22 of length 46
[1999/08/23 13:33:06, 3] smbd/process.c:switch_message(402)
  switch message SMBclose (pid 1889)
[1999/08/23 13:33:16, 3] lib/doscalls.c:dos_ChDir(329)
  dos_ChDir to /var/log/samba

ll /etc/smbpasswd
-rw-------   1 root     root          584 Aug 23 13:28 /etc/smbpasswd

so, samba can't read it, because it's not root .. what is somehow
logical.
(needless to say, if i change smbpasswd to 644 everything works fine)
But how to go around this ? Write a password checking daemon as
abstraction class to the varios backends (ldap, nis, smbpasswd) that
runs at root ?
Also, the profiles seem to be reseted, and the srvmgr does not work
anymore ("unable to browse domain" or so, get "access denied" when
choosing the domain. quick look in the logs did reveal noting .. :( )
This is however only a domain browse problem. When I swich samba version
while running srvmgr everything works fine.

regards,
   Michael