Patches to head (become_root and some RPC stuff)

[Luke Kenneth Casson Leighton]

connections to \PIPE\NETLOGON are done anonymously.  yes, this is a
security risk in samba, and yes: it's also a security risk in Windows NT.

luke

> > -rw-------   1 root     root          584 Aug 23 13:28
> /etc/smbpasswd
> 
> I need to ask if you applied a patch to rpc_server/srv_pipe.c. If so
> that could explain your problem (it was withdrawn in my last message).
> 
> > so, samba can't read it, because it's not root .. what is somehow
> > logical.
> > (needless to say, if i change smbpasswd to 644 everything works
> fine)
> > But how to go around this ? Write a password checking daemon as
> > abstraction class to the varios backends (ldap, nis, smbpasswd) that
> > runs at root ?
> 
> No, the become_root call is legitimate in srv_pipe.c and when smbd is
> root there is no need .
> 
> > Also, the profiles seem to be reseted, and the srvmgr does not work
> > anymore ("unable to browse domain" or so, get "access denied" when
> > choosing the domain. quick look in the logs did reveal noting ..
> ( )
> > This is however only a domain browse problem. When I swich samba
> version
> > while running srvmgr everything works fine.
> 
> This may (or may not) be connected with the above problem. It is noted
> that the patches require the user of svrmgr and usrmgr to have read
> access to both the group / user maps and smbpasswd. The later is bad
> since the password hashes are there, but that should be solved through
> splitting them out rather than messing about become_roots.

do people agree that this is a good idea?  [splitting passwords out into
private/DOMAINNAME.user1.mac private/DOMAINNAME.user2.mac]

does someone want to write a private/sampasswd module, as this would be a
good opportunity to do this.

luke