ldap-getpwnam and become_root
Ignacio Coupeau
icoupeau at unav.es
Sat Jul 10 10:24:10 GMT 1999
Sorry is a bit long...
1)
I found with the 07/07/99 HEAD code these logs:
> logs.old- getpwnam(icoupeau)
> logs.old-[1999/07/09 15:31:59, 5] lib/username.c:hashed_getpwnam(251)
> logs.old: Found: icoupeau:I3hBPVumPQPVA:100:0:Ignacio Coupeau:/home/icoupeau:/bin/bash
> --
I think -perhaps- this is a little odd because if the PDC are using
LDAP, what are doing the getpwnam looking at /etc/passswd?
2) About the next log:
a. If the group [Domain Admins] exists, whts is the reason for test a
"(&(ntuid=Domain Admins)(objectclass=sambaAccount))"?
b. must I define a sambaAcconunt for each sambaGroup?
> Searching in [o=SMB-Universidad de Navarra, c=ES] for [(&(member=icoupeau)(objectclass=sambaGroup))]
> [1999/07/09 12:23:02, 2] passdb/ldap.c:ldap_search_for(103)
> 1 matching entries found
...
> [1999/07/09 12:23:02, 2] groupdb/groupldap.c:ldapgroup_getgrp(62)
> Retrieving group [Domain Admins]
> [1999/07/09 12:23:02, 3] passdb/ldap.c:ldap_get_attribute(141)
> get: [rid] = [200]
...
> [1999/07/09 12:23:02, 4] rpc_server/srv_lookup.c:make_dom_gids(67)
> make_dom_gids: 1
> [1999/07/09 12:23:02, 0] smbd/uid.c:become_root(370)
> ERROR: become root depth is non zero
> [1999/07/09 12:23:02, 2] passdb/ldap.c:ldap_connect(61)
> Connected to LDAP server
> [1999/07/09 12:23:02, 2] passdb/ldap.c:ldap_search_for(93)
> Searching in [o=SMB-Universidad de Navarra, c=ES] for [(&(ntuid=Domain Admins)(objectclass=sambaAccount))]
> [1999/07/09 12:23:02, 2] passdb/ldap.c:ldap_search_for(103)
> 0 matching entries found
> [1999/07/09 12:23:02, 2] passdb/ldap.c:ldap_disconnect(81)
> Connection closed
> [1999/07/09 12:23:02, 0] smbd/uid.c:unbecome_root(391)
> ERROR: unbecome root depth is 0
3)
With the following change "set to ONE"
> void become_root(BOOL save_dir)
> {
> ....
> become_root_depth = 1;
> DEBUG(0,("become root depth is set to ONE\n"));
> ...
..the log of a "Administrator" (mapped to root) is:
> logs-[1999/07/10 11:14:53, 0] smbd/uid.c:become_root(387)
> logs: become root depth is set to ONE
> logs-[1999/07/10 11:14:53, 2] passdb/ldap.c:ldap_connect(61)
> logs- Connected to LDAP server
> logs-[1999/07/10 11:14:53, 2] passdb/ldap.c:ldap_search_for(93)
> logs- Searching in [o=SMB-Universidad de Navarra, c=ES] for [(&(ntuid=administrator)(objectclass=sambaAccount))]
> logs-[1999/07/10 11:14:53, 2] passdb/ldap.c:ldap_search_for(103)
> logs- 1 matching entries found
> logs-[1999/07/10 11:14:53, 2] passdb/ldap.c:ldap_getpw(167)
> logs- Retrieving account [root]
> logs-[1999/07/10 11:14:53, 2] passdb/ldap.c:ldap_disconnect(81)
> logs- Connection closed
> logs-[1999/07/10 11:14:54, 2] passdb/ldap.c:ldap_connect(61)
> logs- Connected to LDAP server
> logs-[1999/07/10 11:14:54, 2] passdb/ldap.c:ldap_search_for(93)
> logs- Searching in [o=SMB-Universidad de Navarra, c=ES] for [(&(member=administrator)(objectclass=sambaGroup))]
> logs-[1999/07/10 11:14:54, 2] passdb/ldap.c:ldap_search_for(103)
> logs- 1 matching entries found
> logs-[1999/07/10 11:14:54, 2] groupdb/groupldap.c:ldapgroup_getgrp(62)
> logs- Retrieving group [Domain Admins]
> logs-[1999/07/10 11:14:54, 2] passdb/ldap.c:ldap_disconnect(81)
> logs- Connection closed
> logs-[1999/07/10 11:14:54, 0] smbd/uid.c:become_root(387)
> logs: become root depth is set to ONE
> logs-[1999/07/10 11:14:54, 0] smbd/uid.c:become_root(379)
> logs- ERROR: become root depth is non zero
> logs-[1999/07/10 11:14:54, 0] smbd/uid.c:become_root(387)
> logs: become root depth is set to ONE
I think [root]/[administrator] is found, but in the next search
"(member=administrator)" retrieving group [Domain Admins], the
become_root_depth is set to 1... and then, the subsequent become_root
fails.
Ignacio
____________________________________________________
Ignacio Coupeau, Ph.D. e-mail: icoupeau at unav.es
CTI, Director fax: 948 425619
University of Navarra voice: 948 425600
Pamplona, SPAIN http://www.unav.es/cti/
More information about the samba-technical
mailing list