Patches to head (become_root and some RPC stuff)

[Doug VanLeuven]

Michael Stockman wrote:

> The two problems that I'm aware of, though currently cannot do
> anything about due to lack of information, are:
> * A guest something account shows up on NT

Sorry for the delay.  Nobody home share (Guest account) shows up in HEAD
branch but not 2.0.5a with same basic config.  I just never noticed it before
checking your patches.

>
> * NETLOGON stopped working for NT (this might have been due to an old
> patch, don't know where it ended up)

Tell me the symptom & I'll try to reproduce it.  My code is a fresh CVS with only
your patches.

>
> > > One question in regards to the password api: If samba (acting on
> > > behalf of the user) can access only some parts of the answer to a
> > > query (say to a LDAP db), should the api fail completely or is it
> ok
> > > to answer as much as it can (leaving other fields blank)?
> >
> > It should anwser as much as it can, the other fields being
> initalised with
> > default values.
>

Please check my response to Jean-Francois same thread today.  Increasingly
I think non "Domain Admins" users should be denied modifying any values,
perhaps even their own except for things explicitly allowed.
To illustrate: could they change their description in unix?
Standard NT fails the requests from common users with "The user does not
have access to the requested information" and for my 2 cents it is
a basic assumption in NT's security model.

I apologize if I'm ranting.  I wouldn't write like this if it didn't seem truly important.

> >
> > > The last question, where is the RPC_AUTH_VERIFIER type defined?
> I'm
> > > getting compile errors from time to time.
> >
> > don't now. grep RPC_AUTH_VERIFIER includes/*.h ?
>
> Have tried, no luck, and thus compiler errors (undefined type) :-(

Can't find it on Redhat 5.2, glibc-2.0.7-29

-- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax)
Chief Engineer, USMM roamdad at ibm.net
Programmer/Analyst, SCWA doug at scwa.ca.gov