Removing geteuid() != 0 check in smbldap_open()
jra at samba.org
Sat Oct 18 05:54:53 GMT 2008
On Sat, Oct 18, 2008 at 01:59:32PM +1100, Andrew Bartlett wrote:
> If we are not root for these operations against smbpasswd or tdbsam, how
> do we open the on-disk files?
We already cope with this - those codepaths already
contain the become_root()/unbecome_root() pairs (although
if I add these calls directly to the pdb_XXX interface
I'll be able to remove most of them).
> > This is the wrong thing to do. To be honest, we should just
> > add become_root()/unbecome_root() wrappers on all the passdb
> > operations so they'll never fail due to privilage errors and
> > always check at the incoming RPC/remote layer for the correct
> > privilage before starting the operation.
> > This is much closer to the way Windows operates.
> That seems entirely reasonable.
Thanks, I've added in the changes to rpc_lsa_nt.c
and I'm just finishing auditing rpc_samr_nt.c (that
one was more complicated), so should be able to
commit this early next week.
More information about the samba-technical