ldap-getpwnam and become_root

Sat Jul 10 10:24:10 GMT 1999

Sorry is a bit long...

1)
I found with the 07/07/99 HEAD code these logs:

> logs.old-  getpwnam(icoupeau)
> logs.old-[1999/07/09 15:31:59, 5] lib/username.c:hashed_getpwnam(251)
> logs.old:  Found: icoupeau:I3hBPVumPQPVA:100:0:Ignacio Coupeau:/home/icoupeau:/bin/bash
> --

I think -perhaps- this is a little odd because if the PDC are using
LDAP, what are doing the getpwnam looking at /etc/passswd?

2) About the next log:
a. If the group [Domain Admins] exists, whts is the reason for test a
"(&(ntuid=Domain Admins)(objectclass=sambaAccount))"? 
b. must I define a sambaAcconunt for each sambaGroup?

>   Searching in [o=SMB-Universidad de Navarra, c=ES] for [(&(member=icoupeau)(objectclass=sambaGroup))]
> [1999/07/09 12:23:02, 2] passdb/ldap.c:ldap_search_for(103)
>   1 matching entries found
...
> [1999/07/09 12:23:02, 2] groupdb/groupldap.c:ldapgroup_getgrp(62)
>   Retrieving group [Domain Admins]
> [1999/07/09 12:23:02, 3] passdb/ldap.c:ldap_get_attribute(141)
>   get: [rid] = [200]
...
> [1999/07/09 12:23:02, 4] rpc_server/srv_lookup.c:make_dom_gids(67)
>   make_dom_gids: 1
> [1999/07/09 12:23:02, 0] smbd/uid.c:become_root(370)
>   ERROR: become root depth is non zero
> [1999/07/09 12:23:02, 2] passdb/ldap.c:ldap_connect(61)
>   Connected to LDAP server
> [1999/07/09 12:23:02, 2] passdb/ldap.c:ldap_search_for(93)
>   Searching in [o=SMB-Universidad de Navarra, c=ES] for [(&(ntuid=Domain Admins)(objectclass=sambaAccount))]
> [1999/07/09 12:23:02, 2] passdb/ldap.c:ldap_search_for(103)
>   0 matching entries found
> [1999/07/09 12:23:02, 2] passdb/ldap.c:ldap_disconnect(81)
>   Connection closed
> [1999/07/09 12:23:02, 0] smbd/uid.c:unbecome_root(391)
>   ERROR: unbecome root depth is 0

3)
With the following change "set to ONE"
> void become_root(BOOL save_dir)
> {
> ....
>         become_root_depth = 1;
>         DEBUG(0,("become root depth is set to ONE\n"));
> ...

..the log of a "Administrator" (mapped to root) is:

> logs-[1999/07/10 11:14:53, 0] smbd/uid.c:become_root(387)
> logs:  become root depth is set to ONE
> logs-[1999/07/10 11:14:53, 2] passdb/ldap.c:ldap_connect(61)
> logs-  Connected to LDAP server
> logs-[1999/07/10 11:14:53, 2] passdb/ldap.c:ldap_search_for(93)
> logs-  Searching in [o=SMB-Universidad de Navarra, c=ES] for [(&(ntuid=administrator)(objectclass=sambaAccount))]
> logs-[1999/07/10 11:14:53, 2] passdb/ldap.c:ldap_search_for(103)
> logs-  1 matching entries found
> logs-[1999/07/10 11:14:53, 2] passdb/ldap.c:ldap_getpw(167)
> logs-  Retrieving account [root]
> logs-[1999/07/10 11:14:53, 2] passdb/ldap.c:ldap_disconnect(81)
> logs-  Connection closed
> logs-[1999/07/10 11:14:54, 2] passdb/ldap.c:ldap_connect(61)
> logs-  Connected to LDAP server
> logs-[1999/07/10 11:14:54, 2] passdb/ldap.c:ldap_search_for(93)
> logs-  Searching in [o=SMB-Universidad de Navarra, c=ES] for [(&(member=administrator)(objectclass=sambaGroup))]
> logs-[1999/07/10 11:14:54, 2] passdb/ldap.c:ldap_search_for(103)
> logs-  1 matching entries found
> logs-[1999/07/10 11:14:54, 2] groupdb/groupldap.c:ldapgroup_getgrp(62)
> logs-  Retrieving group [Domain Admins]
> logs-[1999/07/10 11:14:54, 2] passdb/ldap.c:ldap_disconnect(81)
> logs-  Connection closed
> logs-[1999/07/10 11:14:54, 0] smbd/uid.c:become_root(387)
> logs:  become root depth is set to ONE
> logs-[1999/07/10 11:14:54, 0] smbd/uid.c:become_root(379)
> logs-  ERROR: become root depth is non zero
> logs-[1999/07/10 11:14:54, 0] smbd/uid.c:become_root(387)
> logs:  become root depth is set to ONE

I think [root]/[administrator] is found, but in the next search
"(member=administrator)" retrieving group [Domain Admins], the
become_root_depth is set to 1... and then, the subsequent become_root
fails.

Ignacio

____________________________________________________
Ignacio Coupeau, Ph.D.     e-mail: icoupeau at unav.es
CTI, Director              fax:    948 425619
University of Navarra      voice:  948 425600
Pamplona, SPAIN            http://www.unav.es/cti/