Patches to head (become_root and some RPC stuff)

Michael Stockman pgmtekn-micke at algonet.se
Mon Aug 23 18:19:48 GMT 1999 

Hello,

First a correction to my last message: Doug Vanleuven have (to my
knowledge) only tested the patches that removed only the become_root
(not the last submitted ones). This was unclear in my last message and
I apologize for that.

> It seems to breake plain file smbpasswd authentication :
>
> [1999/08/23 13:33:06, 3] smbd/ipc.c:reply_trans(3601)
>   trans <\PIPE\> data=96 params=0 setup=2
> [1999/08/23 13:33:06, 3] smbd/ipc.c:named_pipe(3456)
>   named pipe command on <> name
> [1999/08/23 13:33:06, 3] smbd/ipc.c:api_fd_reply(3243)
>   Got API command 0x26 on pipe "NETLOGON" (pnum 7013)Doing
> \PIPE\NETLOGON
> [1999/08/23 13:33:06, 3] rpc_server/srv_pipe.c:api_rpc_command(739)
>   api_rpc_command: NET_REQCHAL
> [1999/08/23 13:33:06, 0] lib/util_file.c:startfileent(131)
>   startfileent: unable to open file /etc/smbpasswd
> [1999/08/23 13:33:06, 0] passdb/passdb.c:iterate_getsmbpwnam(137)
>   unable to open smb password database.
> [1999/08/23 13:33:06, 0] rpc_server/srv_netlog.c:get_md4pw(307)
>   get_md4pw: Workstation TESTLAB$: no account in domain
> [1999/08/23 13:33:06, 3] smbd/process.c:process_smb(569)
>   Transaction 22 of length 46
> [1999/08/23 13:33:06, 3] smbd/process.c:switch_message(402)
>   switch message SMBclose (pid 1889)
> [1999/08/23 13:33:16, 3] lib/doscalls.c:dos_ChDir(329)
>   dos_ChDir to /var/log/samba
>
> ll /etc/smbpasswd
> -rw-------   1 root     root          584 Aug 23 13:28
/etc/smbpasswd

I need to ask if you applied a patch to rpc_server/srv_pipe.c. If so
that could explain your problem (it was withdrawn in my last message).

> so, samba can't read it, because it's not root .. what is somehow
> logical.
> (needless to say, if i change smbpasswd to 644 everything works
fine)
> But how to go around this ? Write a password checking daemon as
> abstraction class to the varios backends (ldap, nis, smbpasswd) that
> runs at root ?

No, the become_root call is legitimate in srv_pipe.c and when smbd is
root there is no need .

> Also, the profiles seem to be reseted, and the srvmgr does not work
> anymore ("unable to browse domain" or so, get "access denied" when
> choosing the domain. quick look in the logs did reveal noting ..
( )
> This is however only a domain browse problem. When I swich samba
version
> while running srvmgr everything works fine.

This may (or may not) be connected with the above problem. It is noted
that the patches require the user of svrmgr and usrmgr to have read
access to both the group / user maps and smbpasswd. The later is bad
since the password hashes are there, but that should be solved through
splitting them out rather than messing about become_roots.

Best regards
  Michael Stockman
  pgmtekn-micke at algonet.se

More information about the samba-technical mailing list