[Samba] Questions about 3.0.12rc1
Sergey Loskutov
lsm at tts.magadan.su
Mon Mar 14 09:35:59 GMT 2005
Hello!
Before this post, i'm send 3 problems in 3.0.11
I'm compiled 3.0.12rc1 and found next:
1) Settings primary group .... problem solved, but question to developer
You append to mapping.c in smb_set_primary_group
ret = smbrun(add_script,NULL);
flush_pwnam_cache();
^^^^^^^^^^^^^^^^^^^^
But not check ret code .....if my script exit in code != 0, i'm change
primary group ... ( script "set primary group" still needed ? )
2) Next in this code is winbind, but debug message string have code
DEBUG(3,("smb_delete_group:
You use copy/paste ;)
This is affect in function: smb_add_user_group,smb_delete_user_group
smb_add_user_group have bug
if ( winbind_add_user_to_group( unix_user, unix_group ) ) {
DEBUG(3,("smb_delete_group: winbindd added user (%s) to the group
(%s)\n",
unix_user, unix_group));
return -1;
^^^^^^^^^^^^^^^^^^^^^^^^^^
needed return 0;
}
3) I'm analized problems 1
( user who not have privileges "add machine account" )
In function _samr_create_user ( srv_samr_nt.c ) you have code:
if ( can_add_account )
become_root();
And if user not have privileges(user|machine) you MAY CREATE USER (
posix account or machine account ) through SCRIPT :(((((
I'm change code to:
if ( can_add_account == False ) {
return NT_STATUS_ACCESS_DENIED;
}
it's fixed problem ....
I'm do simple test and is work correct, ... but i'm do not full test.
and I want to apologize for my english, well .. you understand ;)
Sergey Loskutov
More information about the samba
mailing list