This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
/*
2002-01-30 09:08:46 +03:00
Unix SMB / CIFS implementation .
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
Password and authentication handling
2002-07-15 14:35:28 +04:00
Copyright ( C ) Andrew Bartlett 2002
Copyright ( C ) Jelmer Vernooij 2002
2005-01-26 02:33:18 +03:00
Copyright ( C ) Simo Sorce 2003
2006-02-13 20:08:25 +03:00
Copyright ( C ) Volker Lendecke 2006
2002-07-15 14:35:28 +04:00
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
2002-07-15 14:35:28 +04:00
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2002-07-15 14:35:28 +04:00
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
2002-07-15 14:35:28 +04:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_PASSDB
2006-02-12 00:27:08 +03:00
/* Cache of latest SAM lookup query */
2006-02-20 23:09:36 +03:00
static struct samu * csamuser = NULL ;
2006-02-12 00:27:08 +03:00
2003-04-15 20:01:14 +04:00
static struct pdb_init_function_entry * backends = NULL ;
static void lazy_initialize_passdb ( void )
{
static BOOL initialized = False ;
if ( initialized ) return ;
static_init_pdb ;
initialized = True ;
}
2003-04-25 00:36:41 +04:00
static struct pdb_init_function_entry * pdb_find_backend_entry ( const char * name ) ;
2006-02-04 01:19:41 +03:00
static BOOL lookup_global_sam_rid ( TALLOC_CTX * mem_ctx , uint32 rid ,
const char * * name ,
enum SID_NAME_USE * psid_name_use ,
union unid_t * unix_id ) ;
2004-01-29 23:14:50 +03:00
/*******************************************************************
Clean up uninitialised passwords . The only way to tell
that these values are not ' real ' is that they do not
have a valid last set time . Instead , the value is fixed at 0.
Therefore we use that as the key for ' is this a valid password ' .
However , it is perfectly valid to have a ' default ' last change
time , such LDAP with a missing attribute would produce .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-20 23:09:36 +03:00
static void pdb_force_pw_initialization ( struct samu * pass )
2004-01-29 23:14:50 +03:00
{
2005-03-22 18:03:17 +03:00
const uint8 * lm_pwd , * nt_pwd ;
2004-01-29 23:14:50 +03:00
/* only reset a password if the last set time has been
explicitly been set to zero . A default last set time
is ignored */
if ( ( pdb_get_init_flags ( pass , PDB_PASSLASTSET ) ! = PDB_DEFAULT )
& & ( pdb_get_pass_last_set_time ( pass ) = = 0 ) )
{
if ( pdb_get_init_flags ( pass , PDB_LMPASSWD ) ! = PDB_DEFAULT )
{
lm_pwd = pdb_get_lanman_passwd ( pass ) ;
if ( lm_pwd )
2004-02-12 20:51:23 +03:00
pdb_set_lanman_passwd ( pass , NULL , PDB_CHANGED ) ;
2004-01-29 23:14:50 +03:00
}
if ( pdb_get_init_flags ( pass , PDB_NTPASSWD ) ! = PDB_DEFAULT )
{
nt_pwd = pdb_get_nt_passwd ( pass ) ;
if ( nt_pwd )
2004-02-12 20:51:23 +03:00
pdb_set_nt_passwd ( pass , NULL , PDB_CHANGED ) ;
2004-01-29 23:14:50 +03:00
}
}
return ;
}
2003-05-01 03:06:44 +04:00
NTSTATUS smb_register_passdb ( int version , const char * name , pdb_init_function init )
2003-04-15 20:01:14 +04:00
{
struct pdb_init_function_entry * entry = backends ;
2003-04-28 21:48:48 +04:00
if ( version ! = PASSDB_INTERFACE_VERSION ) {
DEBUG ( 0 , ( " Can't register passdb backend! \n "
" You tried to register a passdb module with PASSDB_INTERFACE_VERSION %d, "
" while this version of samba uses version %d \n " ,
version , PASSDB_INTERFACE_VERSION ) ) ;
return NT_STATUS_OBJECT_TYPE_MISMATCH ;
}
if ( ! name | | ! init ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2003-04-15 20:01:14 +04:00
DEBUG ( 5 , ( " Attempting to register passdb backend %s \n " , name ) ) ;
2003-04-28 21:48:48 +04:00
/* Check for duplicates */
2003-04-25 00:36:41 +04:00
if ( pdb_find_backend_entry ( name ) ) {
DEBUG ( 0 , ( " There already is a passdb backend registered with the name %s! \n " , name ) ) ;
2003-04-28 21:48:48 +04:00
return NT_STATUS_OBJECT_NAME_COLLISION ;
2003-04-15 20:01:14 +04:00
}
2004-12-07 21:25:53 +03:00
entry = SMB_XMALLOC_P ( struct pdb_init_function_entry ) ;
2003-04-15 20:01:14 +04:00
entry - > name = smb_xstrdup ( name ) ;
entry - > init = init ;
DLIST_ADD ( backends , entry ) ;
DEBUG ( 5 , ( " Successfully added passdb backend '%s' \n " , name ) ) ;
2003-04-28 21:48:48 +04:00
return NT_STATUS_OK ;
2003-04-15 20:01:14 +04:00
}
static struct pdb_init_function_entry * pdb_find_backend_entry ( const char * name )
{
struct pdb_init_function_entry * entry = backends ;
while ( entry ) {
2003-05-16 10:20:57 +04:00
if ( strcmp ( entry - > name , name ) = = 0 ) return entry ;
2003-04-15 20:01:14 +04:00
entry = entry - > next ;
}
return NULL ;
}
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
/******************************************************************
2002-07-15 14:35:28 +04:00
Make a pdb_methods from scratch
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-12 00:27:08 +03:00
NTSTATUS make_pdb_method_name ( struct pdb_methods * * methods , const char * selected )
2002-07-15 14:35:28 +04:00
{
char * module_name = smb_xstrdup ( selected ) ;
char * module_location = NULL , * p ;
2003-04-15 20:01:14 +04:00
struct pdb_init_function_entry * entry ;
2002-07-15 14:35:28 +04:00
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL ;
2003-04-15 20:01:14 +04:00
lazy_initialize_passdb ( ) ;
2002-07-15 14:35:28 +04:00
p = strchr ( module_name , ' : ' ) ;
if ( p ) {
* p = 0 ;
module_location = p + 1 ;
2003-09-05 23:59:55 +04:00
trim_char ( module_location , ' ' , ' ' ) ;
2002-07-15 14:35:28 +04:00
}
2003-09-05 23:59:55 +04:00
trim_char ( module_name , ' ' , ' ' ) ;
2002-07-15 14:35:28 +04:00
2003-04-15 20:01:14 +04:00
2002-07-15 14:35:28 +04:00
DEBUG ( 5 , ( " Attempting to find an passdb backend to match %s (%s) \n " , selected , module_name ) ) ;
2003-04-15 20:01:14 +04:00
entry = pdb_find_backend_entry ( module_name ) ;
/* Try to find a module that contains this module */
if ( ! entry ) {
DEBUG ( 2 , ( " No builtin backend found, trying to load plugin \n " ) ) ;
2003-05-10 15:49:51 +04:00
if ( NT_STATUS_IS_OK ( smb_probe_module ( " pdb " , module_name ) ) & & ! ( entry = pdb_find_backend_entry ( module_name ) ) ) {
2003-04-15 20:01:14 +04:00
DEBUG ( 0 , ( " Plugin is available, but doesn't register passdb backend %s \n " , module_name ) ) ;
2002-07-15 14:35:28 +04:00
SAFE_FREE ( module_name ) ;
2003-05-10 15:49:51 +04:00
return NT_STATUS_UNSUCCESSFUL ;
2002-07-15 14:35:28 +04:00
}
}
2003-04-15 20:01:14 +04:00
2002-07-15 14:35:28 +04:00
/* No such backend found */
2003-04-15 20:01:14 +04:00
if ( ! entry ) {
DEBUG ( 0 , ( " No builtin nor plugin backend for %s found \n " , module_name ) ) ;
SAFE_FREE ( module_name ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
2003-04-28 21:48:48 +04:00
2003-04-15 20:01:14 +04:00
DEBUG ( 5 , ( " Found pdb backend %s \n " , module_name ) ) ;
2003-06-20 21:39:53 +04:00
2006-02-12 00:27:08 +03:00
if ( ! NT_STATUS_IS_OK ( nt_status = entry - > init ( methods , module_location ) ) ) {
DEBUG ( 0 , ( " pdb backend %s did not correctly init (error was %s) \n " ,
selected , nt_errstr ( nt_status ) ) ) ;
2006-02-13 19:48:24 +03:00
SAFE_FREE ( module_name ) ;
2003-06-30 18:55:45 +04:00
return nt_status ;
}
2006-02-13 19:48:24 +03:00
SAFE_FREE ( module_name ) ;
2006-02-12 00:27:08 +03:00
DEBUG ( 5 , ( " pdb backend %s has a valid init \n " , selected ) ) ;
2002-04-04 07:53:43 +04:00
2006-02-12 00:27:08 +03:00
return nt_status ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
}
/******************************************************************
2006-02-12 00:27:08 +03:00
Return an already initialised pdn_methods structure
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-12 00:27:08 +03:00
static struct pdb_methods * pdb_get_methods ( BOOL reload )
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
{
2006-02-12 00:27:08 +03:00
static struct pdb_methods * pdb = NULL ;
2002-07-15 14:35:28 +04:00
2006-02-12 00:27:08 +03:00
if ( pdb & & reload ) {
pdb - > free_private_data ( & ( pdb - > private_data ) ) ;
if ( ! NT_STATUS_IS_OK ( make_pdb_method_name ( & pdb , lp_passdb_backend ( ) ) ) ) {
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
return NULL ;
}
}
2002-07-15 14:35:28 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
if ( ! NT_STATUS_IS_OK ( make_pdb_method_name ( & pdb , lp_passdb_backend ( ) ) ) ) {
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
return NULL ;
}
}
2002-07-15 14:35:28 +04:00
2006-02-12 00:27:08 +03:00
return pdb ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
}
/******************************************************************
2002-04-04 07:53:43 +04:00
Backward compatibility functions for the original passdb interface
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-01-19 19:13:26 +03:00
BOOL pdb_setsampwent ( BOOL update , uint16 acb_mask )
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
return False ;
}
2006-02-12 00:27:08 +03:00
return NT_STATUS_IS_OK ( pdb - > setsampwent ( pdb , update , acb_mask ) ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
}
void pdb_endsampwent ( void )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
return ;
}
2006-02-12 00:27:08 +03:00
pdb - > endsampwent ( pdb ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
}
2006-02-20 23:09:36 +03:00
BOOL pdb_getsampwent ( struct samu * user )
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
return False ;
}
2006-02-12 00:27:08 +03:00
if ( ! NT_STATUS_IS_OK ( pdb - > getsampwent ( pdb , user ) ) ) {
return False ;
}
pdb_force_pw_initialization ( user ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-12 00:27:08 +03:00
return True ;
}
2004-11-12 18:30:51 +03:00
2006-02-20 23:09:36 +03:00
BOOL pdb_getsampwnam ( struct samu * sam_acct , const char * username )
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
return False ;
}
2006-02-12 00:27:08 +03:00
if ( ! NT_STATUS_IS_OK ( pdb - > getsampwnam ( pdb , sam_acct , username ) ) ) {
2004-11-12 18:30:51 +03:00
return False ;
2006-02-12 00:27:08 +03:00
}
2004-11-12 18:30:51 +03:00
2006-02-12 00:27:08 +03:00
if ( csamuser ! = NULL ) {
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( csamuser ) ;
2006-02-12 00:27:08 +03:00
csamuser = NULL ;
2004-11-12 18:30:51 +03:00
}
2006-02-12 00:27:08 +03:00
pdb_force_pw_initialization ( sam_acct ) ;
2006-02-25 00:36:40 +03:00
if ( ( csamuser = samu_new ( NULL ) ) ! = NULL )
pdb_copy_sam_account ( csamuser , sam_acct ) ;
2006-02-12 00:27:08 +03:00
2004-11-12 18:30:51 +03:00
return True ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
}
2006-02-12 00:27:08 +03:00
/**********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-20 23:09:36 +03:00
BOOL guest_user_info ( struct samu * user )
2006-02-12 00:27:08 +03:00
{
struct passwd * pwd ;
2006-02-21 17:34:11 +03:00
NTSTATUS result ;
2006-02-12 00:27:08 +03:00
const char * guestname = lp_guestaccount ( ) ;
if ( ! ( pwd = getpwnam_alloc ( NULL , guestname ) ) ) {
DEBUG ( 0 , ( " guest_user_info: Unable to locate guest account [%s]! \n " ,
guestname ) ) ;
return False ;
}
2006-02-25 00:36:40 +03:00
result = samu_set_unix ( user , pwd ) ;
2006-02-21 17:34:11 +03:00
TALLOC_FREE ( pwd ) ;
return NT_STATUS_IS_OK ( result ) ;
2006-02-12 00:27:08 +03:00
}
/**********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-20 23:09:36 +03:00
BOOL pdb_getsampwsid ( struct samu * sam_acct , const DOM_SID * sid )
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb ;
uint32 rid ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-12 00:27:08 +03:00
if ( ! ( pdb = pdb_get_methods ( False ) ) ) {
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
return False ;
}
2006-02-12 00:27:08 +03:00
/* hard code the Guest RID of 501 */
if ( ! sid_peek_check_rid ( get_global_sam_sid ( ) , sid , & rid ) )
return False ;
if ( rid = = DOMAIN_USER_RID_GUEST ) {
DEBUG ( 6 , ( " pdb_getsampwsid: Building guest account \n " ) ) ;
return guest_user_info ( sam_acct ) ;
}
/* check the cache first */
if ( csamuser & & sid_equal ( sid , pdb_get_user_sid ( csamuser ) ) )
2006-02-25 00:36:40 +03:00
return pdb_copy_sam_account ( sam_acct , csamuser ) ;
2004-11-12 18:30:51 +03:00
2006-02-12 00:27:08 +03:00
return NT_STATUS_IS_OK ( pdb - > getsampwsid ( pdb , sam_acct , sid ) ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
}
2006-02-13 20:08:25 +03:00
static NTSTATUS pdb_default_create_user ( struct pdb_methods * methods ,
TALLOC_CTX * tmp_ctx , const char * name ,
uint32 acb_info , uint32 * rid )
{
2006-02-20 23:09:36 +03:00
struct samu * sam_pass = NULL ;
2006-02-13 20:08:25 +03:00
NTSTATUS status ;
2006-02-25 00:36:40 +03:00
struct passwd * pwd ;
2006-02-13 20:08:25 +03:00
2006-02-25 00:36:40 +03:00
if ( ! ( pwd = Get_Pwnam_alloc ( tmp_ctx , name ) ) ) {
2006-02-13 20:08:25 +03:00
pstring add_script ;
int add_ret ;
if ( ( acb_info & ACB_NORMAL ) & & name [ strlen ( name ) - 1 ] ! = ' $ ' ) {
pstrcpy ( add_script , lp_adduser_script ( ) ) ;
} else {
pstrcpy ( add_script , lp_addmachine_script ( ) ) ;
}
if ( add_script [ 0 ] = = ' \0 ' ) {
DEBUG ( 3 , ( " Could not find user %s and no add script "
" defined \n " , name ) ) ;
return NT_STATUS_NO_SUCH_USER ;
}
all_string_sub ( add_script , " %u " , name , sizeof ( add_script ) ) ;
add_ret = smbrun ( add_script , NULL ) ;
2006-02-25 00:36:40 +03:00
DEBUG ( add_ret ? 0 : 3 , ( " _samr_create_user: Running the command `%s' gave %d \n " ,
2006-02-13 20:08:25 +03:00
add_script , add_ret ) ) ;
2006-02-25 00:36:40 +03:00
flush_pwnam_cache ( ) ;
pwd = Get_Pwnam_alloc ( tmp_ctx , name ) ;
2006-02-13 20:08:25 +03:00
}
2006-02-25 00:36:40 +03:00
/* we have a valid SID coming out of this call */
status = samu_alloc_rid_unix ( sam_pass , pwd ) ;
2006-02-13 20:08:25 +03:00
2006-02-25 00:36:40 +03:00
TALLOC_FREE ( pwd ) ;
2006-02-13 20:08:25 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2006-02-25 00:36:40 +03:00
DEBUG ( 3 , ( " pdb_default_create_user: failed to create a new user structure: %s \n " , nt_errstr ( status ) ) ) ;
2006-02-13 20:08:25 +03:00
return status ;
}
if ( ! sid_peek_check_rid ( get_global_sam_sid ( ) ,
pdb_get_user_sid ( sam_pass ) , rid ) ) {
DEBUG ( 0 , ( " Could not get RID of fresh user \n " ) ) ;
return NT_STATUS_INTERNAL_ERROR ;
}
2006-02-25 00:36:40 +03:00
/* Disable the account on creation, it does not have a reasonable password yet. */
2006-02-13 20:08:25 +03:00
acb_info | = ACB_DISABLED ;
pdb_set_acct_ctrl ( sam_pass , acb_info , PDB_CHANGED ) ;
status = pdb_add_sam_account ( sam_pass ) ;
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( sam_pass ) ;
2006-02-13 20:08:25 +03:00
return status ;
}
NTSTATUS pdb_create_user ( TALLOC_CTX * mem_ctx , const char * name , uint32 flags ,
uint32 * rid )
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-13 20:08:25 +03:00
return NT_STATUS_UNSUCCESSFUL ;
}
return pdb - > create_user ( pdb , mem_ctx , name , flags , rid ) ;
}
/****************************************************************************
Delete a UNIX user on demand .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int smb_delete_user ( const char * unix_user )
{
pstring del_script ;
int ret ;
pstrcpy ( del_script , lp_deluser_script ( ) ) ;
if ( ! * del_script )
return - 1 ;
all_string_sub ( del_script , " %u " , unix_user , sizeof ( del_script ) ) ;
ret = smbrun ( del_script , NULL ) ;
flush_pwnam_cache ( ) ;
DEBUG ( ret ? 0 : 3 , ( " smb_delete_user: Running the command `%s' gave %d \n " , del_script , ret ) ) ;
return ret ;
}
static NTSTATUS pdb_default_delete_user ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx ,
2006-02-20 23:09:36 +03:00
struct samu * sam_acct )
2006-02-13 20:08:25 +03:00
{
NTSTATUS status ;
status = pdb_delete_sam_account ( sam_acct ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
/*
* Now delete the unix side . . . .
* note : we don ' t check if the delete really happened as the script is
* not necessary present and maybe the sysadmin doesn ' t want to delete
* the unix side
*/
smb_delete_user ( pdb_get_username ( sam_acct ) ) ;
return status ;
}
2006-02-20 23:09:36 +03:00
NTSTATUS pdb_delete_user ( TALLOC_CTX * mem_ctx , struct samu * sam_acct )
2006-02-13 20:08:25 +03:00
{
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
if ( ! pdb ) {
return NT_STATUS_UNSUCCESSFUL ;
}
return pdb - > delete_user ( pdb , mem_ctx , sam_acct ) ;
}
2006-02-20 23:09:36 +03:00
NTSTATUS pdb_add_sam_account ( struct samu * sam_acct )
2006-02-13 20:08:25 +03:00
{
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
if ( ! pdb ) {
return NT_STATUS_UNSUCCESSFUL ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
}
2004-01-30 17:59:40 +03:00
2006-02-13 20:08:25 +03:00
return pdb - > add_sam_account ( pdb , sam_acct ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
}
2006-02-20 23:09:36 +03:00
NTSTATUS pdb_update_sam_account ( struct samu * sam_acct )
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-04 01:19:41 +03:00
return NT_STATUS_UNSUCCESSFUL ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
}
2006-02-12 00:27:08 +03:00
if ( csamuser ! = NULL ) {
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( csamuser ) ;
2006-02-12 00:27:08 +03:00
csamuser = NULL ;
2004-11-12 18:30:51 +03:00
}
2006-02-12 00:27:08 +03:00
return pdb - > update_sam_account ( pdb , sam_acct ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
}
2006-02-20 23:09:36 +03:00
NTSTATUS pdb_delete_sam_account ( struct samu * sam_acct )
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2002-07-15 14:35:28 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-13 20:08:25 +03:00
return NT_STATUS_UNSUCCESSFUL ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
}
2002-07-15 14:35:28 +04:00
2006-02-12 00:27:08 +03:00
if ( csamuser ! = NULL ) {
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( csamuser ) ;
2006-02-12 00:27:08 +03:00
csamuser = NULL ;
2004-11-12 18:30:51 +03:00
}
2006-02-13 20:08:25 +03:00
return pdb - > delete_sam_account ( pdb , sam_acct ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
}
2006-02-20 23:09:36 +03:00
NTSTATUS pdb_rename_sam_account ( struct samu * oldname , const char * newname )
2005-10-12 00:14:04 +04:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2005-10-12 00:14:04 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2005-10-12 00:14:04 +04:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2006-02-12 00:27:08 +03:00
if ( csamuser ! = NULL ) {
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( csamuser ) ;
2006-02-12 00:27:08 +03:00
csamuser = NULL ;
2005-10-12 00:14:04 +04:00
}
2006-02-12 00:27:08 +03:00
return pdb - > rename_sam_account ( pdb , oldname , newname ) ;
2005-10-12 00:14:04 +04:00
}
2006-02-20 23:09:36 +03:00
NTSTATUS pdb_update_login_attempts ( struct samu * sam_acct , BOOL success )
2005-03-05 04:22:53 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2005-03-05 04:22:53 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2005-03-05 04:22:53 +03:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2006-02-12 00:27:08 +03:00
return pdb - > update_login_attempts ( pdb , sam_acct , success ) ;
2005-03-05 04:22:53 +03:00
}
2003-06-18 19:24:10 +04:00
BOOL pdb_getgrsid ( GROUP_MAP * map , DOM_SID sid )
2002-11-02 06:47:48 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2002-11-02 06:47:48 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2002-11-02 06:47:48 +03:00
return False ;
}
2006-02-12 00:27:08 +03:00
return NT_STATUS_IS_OK ( pdb - > getgrsid ( pdb , map , sid ) ) ;
2002-11-02 06:47:48 +03:00
}
2003-06-18 19:24:10 +04:00
BOOL pdb_getgrgid ( GROUP_MAP * map , gid_t gid )
2002-11-02 06:47:48 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2002-11-02 06:47:48 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2002-11-02 06:47:48 +03:00
return False ;
}
2006-02-12 00:27:08 +03:00
return NT_STATUS_IS_OK ( pdb - > getgrgid ( pdb , map , gid ) ) ;
2002-11-02 06:47:48 +03:00
}
2004-02-26 14:07:06 +03:00
BOOL pdb_getgrnam ( GROUP_MAP * map , const char * name )
2002-11-02 06:47:48 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2002-11-02 06:47:48 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2002-11-02 06:47:48 +03:00
return False ;
}
2006-02-12 00:27:08 +03:00
return NT_STATUS_IS_OK ( pdb - > getgrnam ( pdb , map , name ) ) ;
2002-11-02 06:47:48 +03:00
}
2006-02-13 20:08:25 +03:00
static NTSTATUS pdb_default_create_dom_group ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx ,
const char * name ,
uint32 * rid )
{
DOM_SID group_sid ;
struct group * grp ;
grp = getgrnam ( name ) ;
if ( grp = = NULL ) {
gid_t gid ;
if ( smb_create_group ( name , & gid ) ! = 0 ) {
return NT_STATUS_ACCESS_DENIED ;
}
grp = getgrgid ( gid ) ;
}
if ( grp = = NULL ) {
return NT_STATUS_ACCESS_DENIED ;
}
if ( pdb_rid_algorithm ( ) ) {
* rid = pdb_gid_to_group_rid ( grp - > gr_gid ) ;
} else {
if ( ! pdb_new_rid ( rid ) ) {
return NT_STATUS_ACCESS_DENIED ;
}
}
sid_compose ( & group_sid , get_global_sam_sid ( ) , * rid ) ;
return add_initial_entry ( grp - > gr_gid , sid_string_static ( & group_sid ) ,
SID_NAME_DOM_GRP , name , NULL ) ;
}
NTSTATUS pdb_create_dom_group ( TALLOC_CTX * mem_ctx , const char * name ,
uint32 * rid )
{
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
if ( ! pdb ) {
return NT_STATUS_UNSUCCESSFUL ;
}
return pdb - > create_dom_group ( pdb , mem_ctx , name , rid ) ;
}
static NTSTATUS pdb_default_delete_dom_group ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx ,
uint32 rid )
{
DOM_SID group_sid ;
GROUP_MAP map ;
NTSTATUS status ;
struct group * grp ;
const char * grp_name ;
sid_compose ( & group_sid , get_global_sam_sid ( ) , rid ) ;
if ( ! get_domain_group_from_sid ( group_sid , & map ) ) {
DEBUG ( 10 , ( " Could not find group for rid %d \n " , rid ) ) ;
return NT_STATUS_NO_SUCH_GROUP ;
}
/* We need the group name for the smb_delete_group later on */
if ( map . gid = = ( gid_t ) - 1 ) {
return NT_STATUS_NO_SUCH_GROUP ;
}
grp = getgrgid ( map . gid ) ;
if ( grp = = NULL ) {
return NT_STATUS_NO_SUCH_GROUP ;
}
/* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
grp_name = talloc_strdup ( mem_ctx , grp - > gr_name ) ;
if ( grp_name = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
status = pdb_delete_group_mapping_entry ( group_sid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
/* Don't check the result of smb_delete_group */
smb_delete_group ( grp_name ) ;
return NT_STATUS_OK ;
}
NTSTATUS pdb_delete_dom_group ( TALLOC_CTX * mem_ctx , uint32 rid )
{
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
if ( ! pdb ) {
return NT_STATUS_UNSUCCESSFUL ;
}
return pdb - > delete_dom_group ( pdb , mem_ctx , rid ) ;
}
2006-02-04 01:19:41 +03:00
NTSTATUS pdb_add_group_mapping_entry ( GROUP_MAP * map )
2002-11-02 06:47:48 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2002-11-02 06:47:48 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-04 01:19:41 +03:00
return NT_STATUS_UNSUCCESSFUL ;
2002-11-02 06:47:48 +03:00
}
2006-02-12 00:27:08 +03:00
return pdb - > add_group_mapping_entry ( pdb , map ) ;
2002-11-02 06:47:48 +03:00
}
2006-02-04 01:19:41 +03:00
NTSTATUS pdb_update_group_mapping_entry ( GROUP_MAP * map )
2002-11-02 06:47:48 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2002-11-02 06:47:48 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-04 01:19:41 +03:00
return NT_STATUS_UNSUCCESSFUL ;
2002-11-02 06:47:48 +03:00
}
2006-02-12 00:27:08 +03:00
return pdb - > update_group_mapping_entry ( pdb , map ) ;
2002-11-02 06:47:48 +03:00
}
2006-02-13 20:08:25 +03:00
NTSTATUS pdb_delete_group_mapping_entry ( DOM_SID sid )
2002-11-02 06:47:48 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2002-11-02 06:47:48 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-13 20:08:25 +03:00
return NT_STATUS_UNSUCCESSFUL ;
2002-11-02 06:47:48 +03:00
}
2006-02-13 20:08:25 +03:00
return pdb - > delete_group_mapping_entry ( pdb , sid ) ;
2002-11-02 06:47:48 +03:00
}
2005-10-18 07:24:00 +04:00
BOOL pdb_enum_group_mapping ( enum SID_NAME_USE sid_name_use , GROUP_MAP * * pp_rmap ,
size_t * p_num_entries , BOOL unix_only )
2002-11-02 06:47:48 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2002-11-02 06:47:48 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2002-11-02 06:47:48 +03:00
return False ;
}
2006-02-12 00:27:08 +03:00
return NT_STATUS_IS_OK ( pdb - > enum_group_mapping ( pdb , sid_name_use ,
pp_rmap , p_num_entries , unix_only ) ) ;
2002-11-02 06:47:48 +03:00
}
2005-02-20 16:47:16 +03:00
NTSTATUS pdb_enum_group_members ( TALLOC_CTX * mem_ctx ,
const DOM_SID * sid ,
2005-10-18 07:24:00 +04:00
uint32 * * pp_member_rids ,
size_t * p_num_members )
2005-02-20 16:47:16 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2005-02-20 16:47:16 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2005-02-20 16:47:16 +03:00
return NT_STATUS_UNSUCCESSFUL ;
}
2006-02-12 00:27:08 +03:00
return pdb - > enum_group_members ( pdb , mem_ctx , sid ,
2005-10-18 07:24:00 +04:00
pp_member_rids , p_num_members ) ;
2005-02-20 16:47:16 +03:00
}
2006-02-20 23:09:36 +03:00
NTSTATUS pdb_enum_group_memberships ( TALLOC_CTX * mem_ctx , struct samu * user ,
2005-10-18 07:24:00 +04:00
DOM_SID * * pp_sids , gid_t * * pp_gids ,
size_t * p_num_groups )
2004-11-12 18:49:47 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2004-11-12 18:49:47 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2004-11-12 18:49:47 +03:00
return NT_STATUS_UNSUCCESSFUL ;
}
2006-02-12 00:27:08 +03:00
return pdb - > enum_group_memberships (
pdb , mem_ctx , user ,
2006-02-04 01:19:41 +03:00
pp_sids , pp_gids , p_num_groups ) ;
2004-11-12 18:49:47 +03:00
}
2006-02-13 20:08:25 +03:00
static NTSTATUS pdb_default_set_unix_primary_group ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx ,
2006-02-20 23:09:36 +03:00
struct samu * sampass )
2006-02-13 20:08:25 +03:00
{
struct group * grp ;
gid_t gid ;
if ( ! sid_to_gid ( pdb_get_group_sid ( sampass ) , & gid ) | |
( grp = getgrgid ( gid ) ) = = NULL ) {
return NT_STATUS_INVALID_PRIMARY_GROUP ;
}
if ( smb_set_primary_group ( grp - > gr_name ,
pdb_get_username ( sampass ) ) ! = 0 ) {
return NT_STATUS_ACCESS_DENIED ;
}
return NT_STATUS_OK ;
}
2006-02-20 23:09:36 +03:00
NTSTATUS pdb_set_unix_primary_group ( TALLOC_CTX * mem_ctx , struct samu * user )
2006-02-13 20:08:25 +03:00
{
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
if ( ! pdb ) {
return NT_STATUS_UNSUCCESSFUL ;
}
return pdb - > set_unix_primary_group ( pdb , mem_ctx , user ) ;
}
/*
* Helper function to see whether a user is in a group . We can ' t use
* user_in_group_sid here because this creates dependencies only smbd can
* fulfil .
*/
2006-02-20 23:09:36 +03:00
static BOOL pdb_user_in_group ( TALLOC_CTX * mem_ctx , struct samu * account ,
2006-02-13 20:08:25 +03:00
const DOM_SID * group_sid )
{
DOM_SID * sids ;
gid_t * gids ;
size_t i , num_groups ;
if ( ! NT_STATUS_IS_OK ( pdb_enum_group_memberships ( mem_ctx , account ,
& sids , & gids ,
& num_groups ) ) ) {
return False ;
}
for ( i = 0 ; i < num_groups ; i + + ) {
if ( sid_equal ( group_sid , & sids [ i ] ) ) {
return True ;
}
}
return False ;
}
static NTSTATUS pdb_default_add_groupmem ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx ,
uint32 group_rid ,
uint32 member_rid )
{
DOM_SID group_sid , member_sid ;
2006-02-20 23:09:36 +03:00
struct samu * account = NULL ;
2006-02-13 20:08:25 +03:00
GROUP_MAP map ;
struct group * grp ;
struct passwd * pwd ;
const char * group_name ;
uid_t uid ;
sid_compose ( & group_sid , get_global_sam_sid ( ) , group_rid ) ;
sid_compose ( & member_sid , get_global_sam_sid ( ) , member_rid ) ;
if ( ! get_domain_group_from_sid ( group_sid , & map ) | |
( map . gid = = ( gid_t ) - 1 ) | |
( ( grp = getgrgid ( map . gid ) ) = = NULL ) ) {
return NT_STATUS_NO_SUCH_GROUP ;
}
group_name = talloc_strdup ( mem_ctx , grp - > gr_name ) ;
if ( group_name = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2006-02-21 17:34:11 +03:00
if ( ! ( account = samu_new ( NULL ) ) ) {
return NT_STATUS_NO_MEMORY ;
2006-02-13 20:08:25 +03:00
}
if ( ! pdb_getsampwsid ( account , & member_sid ) | |
! sid_to_uid ( & member_sid , & uid ) | |
( ( pwd = getpwuid_alloc ( mem_ctx , uid ) ) = = NULL ) ) {
return NT_STATUS_NO_SUCH_USER ;
}
if ( pdb_user_in_group ( mem_ctx , account , & group_sid ) ) {
return NT_STATUS_MEMBER_IN_GROUP ;
}
/*
* ok , the group exist , the user exist , the user is not in the group ,
* we can ( finally ) add it to the group !
*/
smb_add_user_group ( group_name , pwd - > pw_name ) ;
if ( ! pdb_user_in_group ( mem_ctx , account , & group_sid ) ) {
return NT_STATUS_ACCESS_DENIED ;
}
return NT_STATUS_OK ;
}
NTSTATUS pdb_add_groupmem ( TALLOC_CTX * mem_ctx , uint32 group_rid ,
uint32 member_rid )
{
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
if ( ! pdb ) {
return NT_STATUS_UNSUCCESSFUL ;
}
return pdb - > add_groupmem ( pdb , mem_ctx , group_rid , member_rid ) ;
}
static NTSTATUS pdb_default_del_groupmem ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx ,
uint32 group_rid ,
uint32 member_rid )
{
DOM_SID group_sid , member_sid ;
2006-02-20 23:09:36 +03:00
struct samu * account = NULL ;
2006-02-13 20:08:25 +03:00
GROUP_MAP map ;
struct group * grp ;
struct passwd * pwd ;
const char * group_name ;
uid_t uid ;
sid_compose ( & group_sid , get_global_sam_sid ( ) , group_rid ) ;
sid_compose ( & member_sid , get_global_sam_sid ( ) , member_rid ) ;
if ( ! get_domain_group_from_sid ( group_sid , & map ) | |
( map . gid = = ( gid_t ) - 1 ) | |
( ( grp = getgrgid ( map . gid ) ) = = NULL ) ) {
return NT_STATUS_NO_SUCH_GROUP ;
}
group_name = talloc_strdup ( mem_ctx , grp - > gr_name ) ;
if ( group_name = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2006-02-21 17:34:11 +03:00
if ( ! ( account = samu_new ( NULL ) ) ) {
return NT_STATUS_NO_MEMORY ;
2006-02-13 20:08:25 +03:00
}
if ( ! pdb_getsampwsid ( account , & member_sid ) | |
! sid_to_uid ( & member_sid , & uid ) | |
( ( pwd = getpwuid_alloc ( mem_ctx , uid ) ) = = NULL ) ) {
return NT_STATUS_NO_SUCH_USER ;
}
if ( ! pdb_user_in_group ( mem_ctx , account , & group_sid ) ) {
return NT_STATUS_MEMBER_NOT_IN_GROUP ;
}
/*
* ok , the group exist , the user exist , the user is in the group ,
* we can ( finally ) delete it from the group !
*/
smb_delete_user_group ( group_name , pwd - > pw_name ) ;
if ( pdb_user_in_group ( mem_ctx , account , & group_sid ) ) {
return NT_STATUS_ACCESS_DENIED ;
}
return NT_STATUS_OK ;
}
NTSTATUS pdb_del_groupmem ( TALLOC_CTX * mem_ctx , uint32 group_rid ,
uint32 member_rid )
{
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
if ( ! pdb ) {
return NT_STATUS_UNSUCCESSFUL ;
}
return pdb - > del_groupmem ( pdb , mem_ctx , group_rid , member_rid ) ;
}
2004-04-07 16:43:44 +04:00
BOOL pdb_find_alias ( const char * name , DOM_SID * sid )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2004-04-07 16:43:44 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2004-04-07 16:43:44 +04:00
return False ;
}
2006-02-12 00:27:08 +03:00
return NT_STATUS_IS_OK ( pdb - > find_alias ( pdb ,
2004-04-07 16:43:44 +04:00
name , sid ) ) ;
}
2004-04-10 20:09:48 +04:00
NTSTATUS pdb_create_alias ( const char * name , uint32 * rid )
2004-04-07 16:43:44 +04:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2004-04-07 16:43:44 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2004-04-10 20:09:48 +04:00
return NT_STATUS_NOT_IMPLEMENTED ;
2004-04-07 16:43:44 +04:00
}
2006-02-12 00:27:08 +03:00
return pdb - > create_alias ( pdb , name , rid ) ;
2004-04-07 16:43:44 +04:00
}
BOOL pdb_delete_alias ( const DOM_SID * sid )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2004-04-07 16:43:44 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2004-04-07 16:43:44 +04:00
return False ;
}
2006-02-12 00:27:08 +03:00
return NT_STATUS_IS_OK ( pdb - > delete_alias ( pdb ,
2004-04-07 16:43:44 +04:00
sid ) ) ;
}
BOOL pdb_get_aliasinfo ( const DOM_SID * sid , struct acct_info * info )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2004-04-07 16:43:44 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2004-04-07 16:43:44 +04:00
return False ;
}
2006-02-12 00:27:08 +03:00
return NT_STATUS_IS_OK ( pdb - > get_aliasinfo ( pdb , sid ,
2004-04-07 16:43:44 +04:00
info ) ) ;
}
BOOL pdb_set_aliasinfo ( const DOM_SID * sid , struct acct_info * info )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2004-04-07 16:43:44 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2004-04-07 16:43:44 +04:00
return False ;
}
2006-02-12 00:27:08 +03:00
return NT_STATUS_IS_OK ( pdb - > set_aliasinfo ( pdb , sid ,
2004-04-07 16:43:44 +04:00
info ) ) ;
}
2006-02-04 01:19:41 +03:00
NTSTATUS pdb_add_aliasmem ( const DOM_SID * alias , const DOM_SID * member )
2004-04-07 16:43:44 +04:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2004-04-07 16:43:44 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-04 01:19:41 +03:00
return NT_STATUS_UNSUCCESSFUL ;
2004-04-07 16:43:44 +04:00
}
2006-02-12 00:27:08 +03:00
return pdb - > add_aliasmem ( pdb , alias , member ) ;
2004-04-07 16:43:44 +04:00
}
2006-02-04 01:19:41 +03:00
NTSTATUS pdb_del_aliasmem ( const DOM_SID * alias , const DOM_SID * member )
2004-04-07 16:43:44 +04:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2004-04-07 16:43:44 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-04 01:19:41 +03:00
return NT_STATUS_UNSUCCESSFUL ;
2004-04-07 16:43:44 +04:00
}
2006-02-12 00:27:08 +03:00
return pdb - > del_aliasmem ( pdb , alias , member ) ;
2004-04-07 16:43:44 +04:00
}
2006-02-04 01:19:41 +03:00
NTSTATUS pdb_enum_aliasmem ( const DOM_SID * alias ,
DOM_SID * * pp_members , size_t * p_num_members )
2004-04-07 16:43:44 +04:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2004-04-07 16:43:44 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-04 01:19:41 +03:00
return NT_STATUS_UNSUCCESSFUL ;
2004-04-07 16:43:44 +04:00
}
2006-02-12 00:27:08 +03:00
return pdb - > enum_aliasmem ( pdb , alias ,
2006-02-04 01:19:41 +03:00
pp_members , p_num_members ) ;
2004-04-07 16:43:44 +04:00
}
2006-02-04 01:19:41 +03:00
NTSTATUS pdb_enum_alias_memberships ( TALLOC_CTX * mem_ctx ,
const DOM_SID * domain_sid ,
const DOM_SID * members , size_t num_members ,
uint32 * * pp_alias_rids ,
size_t * p_num_alias_rids )
2004-04-07 16:43:44 +04:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2004-04-07 16:43:44 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-04 01:19:41 +03:00
return NT_STATUS_NOT_IMPLEMENTED ;
2004-04-07 16:43:44 +04:00
}
2006-02-12 00:27:08 +03:00
return pdb - > enum_alias_memberships ( pdb , mem_ctx ,
2006-02-04 01:19:41 +03:00
domain_sid ,
members , num_members ,
pp_alias_rids ,
p_num_alias_rids ) ;
2004-04-07 16:43:44 +04:00
}
2005-11-27 01:04:28 +03:00
NTSTATUS pdb_lookup_rids ( const DOM_SID * domain_sid ,
2005-03-22 23:50:29 +03:00
int num_rids ,
uint32 * rids ,
2005-11-27 01:04:28 +03:00
const char * * names ,
uint32 * attrs )
2005-03-22 23:50:29 +03:00
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2005-03-22 23:50:29 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2005-03-22 23:50:29 +03:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2006-02-12 00:27:08 +03:00
return pdb - > lookup_rids ( pdb , domain_sid ,
2005-03-22 23:50:29 +03:00
num_rids , rids , names , attrs ) ;
}
2005-12-03 21:34:13 +03:00
NTSTATUS pdb_lookup_names ( const DOM_SID * domain_sid ,
int num_names ,
const char * * names ,
uint32 * rids ,
uint32 * attrs )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2005-12-03 21:34:13 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2005-12-03 21:34:13 +03:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2006-02-12 00:27:08 +03:00
return pdb - > lookup_names ( pdb , domain_sid ,
2005-12-03 21:34:13 +03:00
num_names , names , rids , attrs ) ;
}
2005-09-30 21:13:37 +04:00
BOOL pdb_get_account_policy ( int policy_index , uint32 * value )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2005-09-30 21:13:37 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2005-09-30 21:13:37 +04:00
return False ;
}
2006-02-12 00:27:08 +03:00
return NT_STATUS_IS_OK ( pdb - > get_account_policy ( pdb , policy_index , value ) ) ;
2005-09-30 21:13:37 +04:00
}
BOOL pdb_set_account_policy ( int policy_index , uint32 value )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2005-09-30 21:13:37 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2005-09-30 21:13:37 +04:00
return False ;
}
2006-02-12 00:27:08 +03:00
return NT_STATUS_IS_OK ( pdb - > set_account_policy ( pdb , policy_index , value ) ) ;
2005-09-30 21:13:37 +04:00
}
BOOL pdb_get_seq_num ( time_t * seq_num )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2005-09-30 21:13:37 +04:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2005-09-30 21:13:37 +04:00
return False ;
}
2006-02-12 00:27:08 +03:00
return NT_STATUS_IS_OK ( pdb - > get_seq_num ( pdb , seq_num ) ) ;
2005-09-30 21:13:37 +04:00
}
2006-02-04 01:19:41 +03:00
BOOL pdb_uid_to_rid ( uid_t uid , uint32 * rid )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2006-02-04 01:19:41 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-04 01:19:41 +03:00
return False ;
}
2006-02-12 00:27:08 +03:00
return pdb - > uid_to_rid ( pdb , uid , rid ) ;
2006-02-04 01:19:41 +03:00
}
BOOL pdb_gid_to_sid ( gid_t gid , DOM_SID * sid )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2006-02-04 01:19:41 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-04 01:19:41 +03:00
return False ;
}
2006-02-12 00:27:08 +03:00
return pdb - > gid_to_sid ( pdb , gid , sid ) ;
2006-02-04 01:19:41 +03:00
}
BOOL pdb_sid_to_id ( const DOM_SID * sid , union unid_t * id ,
enum SID_NAME_USE * type )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2006-02-04 01:19:41 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-04 01:19:41 +03:00
return False ;
}
2006-02-12 00:27:08 +03:00
return pdb - > sid_to_id ( pdb , sid , id , type ) ;
2006-02-04 01:19:41 +03:00
}
BOOL pdb_rid_algorithm ( void )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2006-02-04 01:19:41 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-04 01:19:41 +03:00
return False ;
}
2006-02-12 00:27:08 +03:00
return pdb - > rid_algorithm ( pdb ) ;
2006-02-04 01:19:41 +03:00
}
BOOL pdb_new_rid ( uint32 * rid )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2006-02-04 01:19:41 +03:00
2006-02-12 00:27:08 +03:00
if ( ! pdb ) {
2006-02-04 01:19:41 +03:00
return False ;
}
if ( pdb_rid_algorithm ( ) ) {
DEBUG ( 0 , ( " Trying to allocate a RID when algorithmic RIDs "
" are active \n " ) ) ;
return False ;
}
if ( algorithmic_rid_base ( ) ! = BASE_RID ) {
DEBUG ( 0 , ( " 'algorithmic rid base' is set but a passdb backend "
" without algorithmic RIDs is chosen. \n " ) ) ;
DEBUGADD ( 0 , ( " Please map all used groups using 'net groupmap "
" add', set the maximum used RID using \n " ) ) ;
DEBUGADD ( 0 , ( " 'net setmaxrid' and remove the parameter \n " ) ) ;
return False ;
}
2006-02-12 00:27:08 +03:00
return pdb - > new_rid ( pdb , rid ) ;
2006-02-04 01:19:41 +03:00
}
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
/***************************************************************
2002-07-15 14:35:28 +04:00
Initialize the static context ( at smbd startup etc ) .
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2002-07-15 14:35:28 +04:00
If uninitialised , context will auto - init on first use .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
BOOL initialize_password_db ( BOOL reload )
{
2006-02-12 00:27:08 +03:00
return ( pdb_get_methods ( reload ) ! = NULL ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
}
2003-03-22 12:03:46 +03:00
/***************************************************************************
Default implementations of some functions .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-20 23:09:36 +03:00
static NTSTATUS pdb_default_getsampwnam ( struct pdb_methods * methods , struct samu * user , const char * sname )
2003-03-22 12:03:46 +03:00
{
return NT_STATUS_NO_SUCH_USER ;
}
2006-02-20 23:09:36 +03:00
static NTSTATUS pdb_default_getsampwsid ( struct pdb_methods * my_methods , struct samu * user , const DOM_SID * sid )
2003-03-22 12:03:46 +03:00
{
return NT_STATUS_NO_SUCH_USER ;
}
2006-02-20 23:09:36 +03:00
static NTSTATUS pdb_default_add_sam_account ( struct pdb_methods * methods , struct samu * newpwd )
2003-03-22 12:03:46 +03:00
{
DEBUG ( 0 , ( " this backend (%s) should not be listed as the first passdb backend! You can't add users to it. \n " , methods - > name ) ) ;
return NT_STATUS_NOT_IMPLEMENTED ;
}
2006-02-20 23:09:36 +03:00
static NTSTATUS pdb_default_update_sam_account ( struct pdb_methods * methods , struct samu * newpwd )
2003-03-22 12:03:46 +03:00
{
return NT_STATUS_NOT_IMPLEMENTED ;
}
2006-02-20 23:09:36 +03:00
static NTSTATUS pdb_default_delete_sam_account ( struct pdb_methods * methods , struct samu * pwd )
2003-03-22 12:03:46 +03:00
{
return NT_STATUS_NOT_IMPLEMENTED ;
}
2006-02-20 23:09:36 +03:00
static NTSTATUS pdb_default_rename_sam_account ( struct pdb_methods * methods , struct samu * pwd , const char * newname )
2005-10-12 00:14:04 +04:00
{
return NT_STATUS_NOT_IMPLEMENTED ;
}
2006-02-20 23:09:36 +03:00
static NTSTATUS pdb_default_update_login_attempts ( struct pdb_methods * methods , struct samu * newpwd , BOOL success )
2005-03-05 04:22:53 +03:00
{
return NT_STATUS_OK ;
}
2005-01-19 19:13:26 +03:00
static NTSTATUS pdb_default_setsampwent ( struct pdb_methods * methods , BOOL update , uint16 acb_mask )
2003-03-22 12:03:46 +03:00
{
return NT_STATUS_NOT_IMPLEMENTED ;
}
2006-02-20 23:09:36 +03:00
static NTSTATUS pdb_default_getsampwent ( struct pdb_methods * methods , struct samu * user )
2003-03-22 12:03:46 +03:00
{
return NT_STATUS_NOT_IMPLEMENTED ;
}
static void pdb_default_endsampwent ( struct pdb_methods * methods )
{
return ; /* NT_STATUS_NOT_IMPLEMENTED; */
}
2005-09-30 21:13:37 +04:00
static NTSTATUS pdb_default_get_account_policy ( struct pdb_methods * methods , int policy_index , uint32 * value )
{
return account_policy_get ( policy_index , value ) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ;
}
static NTSTATUS pdb_default_set_account_policy ( struct pdb_methods * methods , int policy_index , uint32 value )
{
return account_policy_set ( policy_index , value ) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL ;
}
static NTSTATUS pdb_default_get_seq_num ( struct pdb_methods * methods , time_t * seq_num )
{
* seq_num = time ( NULL ) ;
return NT_STATUS_OK ;
}
2006-02-04 01:19:41 +03:00
static BOOL pdb_default_uid_to_rid ( struct pdb_methods * methods , uid_t uid ,
uint32 * rid )
{
2006-02-20 23:09:36 +03:00
struct samu * sampw = NULL ;
2006-02-04 01:19:41 +03:00
struct passwd * unix_pw ;
BOOL ret ;
unix_pw = sys_getpwuid ( uid ) ;
if ( ! unix_pw ) {
DEBUG ( 4 , ( " pdb_default_uid_to_rid: host has no idea of uid "
" %lu \n " , ( unsigned long ) uid ) ) ;
return False ;
}
2006-02-21 17:34:11 +03:00
if ( ! ( sampw = samu_new ( NULL ) ) ) {
DEBUG ( 0 , ( " pdb_default_uid_to_rid: samu_new() failed! \n " ) ) ;
2006-02-04 01:19:41 +03:00
return False ;
}
2006-02-21 17:34:11 +03:00
2006-02-04 01:19:41 +03:00
become_root ( ) ;
ret = NT_STATUS_IS_OK (
methods - > getsampwnam ( methods , sampw , unix_pw - > pw_name ) ) ;
unbecome_root ( ) ;
if ( ! ret ) {
DEBUG ( 5 , ( " pdb_default_uid_to_rid: Did not find user "
" %s (%d) \n " , unix_pw - > pw_name , uid ) ) ;
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( sampw ) ;
2006-02-04 01:19:41 +03:00
return False ;
}
ret = sid_peek_check_rid ( get_global_sam_sid ( ) ,
pdb_get_user_sid ( sampw ) , rid ) ;
if ( ! ret ) {
DEBUG ( 1 , ( " Could not peek rid out of sid %s \n " ,
sid_string_static ( pdb_get_user_sid ( sampw ) ) ) ) ;
}
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( sampw ) ;
2006-02-04 01:19:41 +03:00
return ret ;
}
static BOOL pdb_default_gid_to_sid ( struct pdb_methods * methods , gid_t gid ,
DOM_SID * sid )
{
GROUP_MAP map ;
if ( ! NT_STATUS_IS_OK ( methods - > getgrgid ( methods , & map , gid ) ) ) {
return False ;
}
sid_copy ( sid , & map . sid ) ;
return True ;
}
static BOOL pdb_default_sid_to_id ( struct pdb_methods * methods ,
const DOM_SID * sid ,
union unid_t * id , enum SID_NAME_USE * type )
{
TALLOC_CTX * mem_ctx ;
BOOL ret = False ;
const char * name ;
uint32 rid ;
mem_ctx = talloc_new ( NULL ) ;
if ( mem_ctx = = NULL ) {
DEBUG ( 0 , ( " talloc_new failed \n " ) ) ;
return False ;
}
if ( sid_peek_check_rid ( get_global_sam_sid ( ) , sid , & rid ) ) {
/* Here we might have users as well as groups and aliases */
ret = lookup_global_sam_rid ( mem_ctx , rid , & name , type , id ) ;
goto done ;
}
if ( sid_peek_check_rid ( & global_sid_Builtin , sid , & rid ) ) {
/* Here we only have aliases */
GROUP_MAP map ;
if ( ! NT_STATUS_IS_OK ( methods - > getgrsid ( methods , & map , * sid ) ) ) {
DEBUG ( 10 , ( " Could not find map for sid %s \n " ,
sid_string_static ( sid ) ) ) ;
goto done ;
}
if ( ( map . sid_name_use ! = SID_NAME_ALIAS ) & &
( map . sid_name_use ! = SID_NAME_WKN_GRP ) ) {
DEBUG ( 10 , ( " Map for sid %s is a %s, expected an "
" alias \n " , sid_string_static ( sid ) ,
sid_type_lookup ( map . sid_name_use ) ) ) ;
goto done ;
}
id - > gid = map . gid ;
* type = SID_NAME_ALIAS ;
ret = True ;
goto done ;
}
DEBUG ( 5 , ( " Sid %s is neither ours nor builtin, don't know it \n " ,
sid_string_static ( sid ) ) ) ;
done :
2006-02-20 20:59:58 +03:00
TALLOC_FREE ( mem_ctx ) ;
2006-02-04 01:19:41 +03:00
return ret ;
}
2005-02-20 16:47:16 +03:00
static void add_uid_to_array_unique ( TALLOC_CTX * mem_ctx ,
2005-10-18 07:24:00 +04:00
uid_t uid , uid_t * * pp_uids , size_t * p_num )
2005-02-20 16:47:16 +03:00
{
2005-10-18 07:24:00 +04:00
size_t i ;
2005-02-20 16:47:16 +03:00
2005-10-18 07:24:00 +04:00
for ( i = 0 ; i < * p_num ; i + + ) {
if ( ( * pp_uids ) [ i ] = = uid )
2005-02-20 16:47:16 +03:00
return ;
}
2005-10-18 07:24:00 +04:00
* pp_uids = TALLOC_REALLOC_ARRAY ( mem_ctx , * pp_uids , uid_t , * p_num + 1 ) ;
2005-02-20 16:47:16 +03:00
2005-10-18 07:24:00 +04:00
if ( * pp_uids = = NULL )
2005-02-20 16:47:16 +03:00
return ;
2005-10-18 07:24:00 +04:00
( * pp_uids ) [ * p_num ] = uid ;
* p_num + = 1 ;
2005-02-20 16:47:16 +03:00
}
2005-10-18 07:24:00 +04:00
static BOOL get_memberuids ( TALLOC_CTX * mem_ctx , gid_t gid , uid_t * * pp_uids , size_t * p_num )
2005-02-20 16:47:16 +03:00
{
struct group * grp ;
char * * gr ;
2006-02-13 20:08:25 +03:00
struct passwd * pwd ;
2005-02-20 16:47:16 +03:00
2005-10-18 07:24:00 +04:00
* pp_uids = NULL ;
* p_num = 0 ;
2005-02-20 16:47:16 +03:00
/* We only look at our own sam, so don't care about imported stuff */
winbind_off ( ) ;
if ( ( grp = getgrgid ( gid ) ) = = NULL ) {
winbind_on ( ) ;
return False ;
}
/* Primary group members */
2006-02-13 20:08:25 +03:00
setpwent ( ) ;
while ( ( pwd = getpwent ( ) ) ! = NULL ) {
if ( pwd - > pw_gid = = gid ) {
add_uid_to_array_unique ( mem_ctx , pwd - > pw_uid ,
pp_uids , p_num ) ;
}
2005-02-20 16:47:16 +03:00
}
2006-02-13 20:08:25 +03:00
endpwent ( ) ;
2005-02-20 16:47:16 +03:00
/* Secondary group members */
for ( gr = grp - > gr_mem ; ( * gr ! = NULL ) & & ( ( * gr ) [ 0 ] ! = ' \0 ' ) ; gr + = 1 ) {
struct passwd * pw = getpwnam ( * gr ) ;
if ( pw = = NULL )
continue ;
2005-10-18 07:24:00 +04:00
add_uid_to_array_unique ( mem_ctx , pw - > pw_uid , pp_uids , p_num ) ;
2005-02-20 16:47:16 +03:00
}
winbind_on ( ) ;
return True ;
}
NTSTATUS pdb_default_enum_group_members ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx ,
const DOM_SID * group ,
2005-10-18 07:24:00 +04:00
uint32 * * pp_member_rids ,
size_t * p_num_members )
2005-02-20 16:47:16 +03:00
{
gid_t gid ;
uid_t * uids ;
2005-10-18 07:24:00 +04:00
size_t i , num_uids ;
2005-02-20 16:47:16 +03:00
2005-10-18 07:24:00 +04:00
* pp_member_rids = NULL ;
* p_num_members = 0 ;
2005-02-20 16:47:16 +03:00
2006-02-04 01:19:41 +03:00
if ( ! sid_to_gid ( group , & gid ) )
2005-02-20 16:47:16 +03:00
return NT_STATUS_NO_SUCH_GROUP ;
if ( ! get_memberuids ( mem_ctx , gid , & uids , & num_uids ) )
return NT_STATUS_NO_SUCH_GROUP ;
if ( num_uids = = 0 )
return NT_STATUS_OK ;
2005-10-18 07:24:00 +04:00
* pp_member_rids = TALLOC_ZERO_ARRAY ( mem_ctx , uint32 , num_uids ) ;
2005-02-20 16:47:16 +03:00
for ( i = 0 ; i < num_uids ; i + + ) {
DOM_SID sid ;
2006-02-04 01:19:41 +03:00
uid_to_sid ( & sid , uids [ i ] ) ;
2005-02-20 16:47:16 +03:00
if ( ! sid_check_is_in_our_domain ( & sid ) ) {
2006-02-13 20:08:25 +03:00
DEBUG ( 5 , ( " Inconsistent SAM -- group member uid not "
2005-02-20 16:47:16 +03:00
" in our domain \n " ) ) ;
continue ;
}
2005-10-18 07:24:00 +04:00
sid_peek_rid ( & sid , & ( * pp_member_rids ) [ * p_num_members ] ) ;
* p_num_members + = 1 ;
2005-02-20 16:47:16 +03:00
}
return NT_STATUS_OK ;
}
2006-02-13 20:08:25 +03:00
NTSTATUS pdb_default_enum_group_memberships ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx ,
2006-02-20 23:09:36 +03:00
struct samu * user ,
2006-02-13 20:08:25 +03:00
DOM_SID * * pp_sids ,
gid_t * * pp_gids ,
size_t * p_num_groups )
{
size_t i ;
gid_t gid ;
2006-02-17 22:07:58 +03:00
struct passwd * pw ;
const char * username = pdb_get_username ( user ) ;
2006-02-13 20:08:25 +03:00
2006-02-17 22:07:58 +03:00
#if 0
/* Ignore the primary group SID. Honor the real Unix primary group.
The primary group SID is only of real use to Windows clients */
2006-02-13 20:08:25 +03:00
if ( ! sid_to_gid ( pdb_get_group_sid ( user ) , & gid ) ) {
DEBUG ( 10 , ( " sid_to_gid failed \n " ) ) ;
return NT_STATUS_NO_SUCH_USER ;
}
2006-02-17 22:07:58 +03:00
# else
if ( ! ( pw = getpwnam_alloc ( mem_ctx , username ) ) ) {
return NT_STATUS_NO_SUCH_USER ;
}
gid = pw - > pw_gid ;
TALLOC_FREE ( pw ) ;
# endif
2006-02-13 20:08:25 +03:00
2006-02-17 22:07:58 +03:00
if ( ! getgroups_unix_user ( mem_ctx , username , gid , pp_gids , p_num_groups ) ) {
2006-02-13 20:08:25 +03:00
return NT_STATUS_NO_SUCH_USER ;
}
if ( * p_num_groups = = 0 ) {
smb_panic ( " primary group missing " ) ;
}
* pp_sids = TALLOC_ARRAY ( mem_ctx , DOM_SID , * p_num_groups ) ;
if ( * pp_sids = = NULL ) {
2006-02-20 20:59:58 +03:00
TALLOC_FREE ( * pp_gids ) ;
2006-02-13 20:08:25 +03:00
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < * p_num_groups ; i + + ) {
gid_to_sid ( & ( * pp_sids ) [ i ] , ( * pp_gids ) [ i ] ) ;
}
return NT_STATUS_OK ;
}
2006-02-04 01:19:41 +03:00
/*******************************************************************
Look up a rid in the SAM we ' re responsible for ( i . e . passdb )
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL lookup_global_sam_rid ( TALLOC_CTX * mem_ctx , uint32 rid ,
const char * * name ,
enum SID_NAME_USE * psid_name_use ,
union unid_t * unix_id )
{
2006-02-20 23:09:36 +03:00
struct samu * sam_account = NULL ;
2006-02-04 01:19:41 +03:00
GROUP_MAP map ;
BOOL ret ;
DOM_SID sid ;
* psid_name_use = SID_NAME_UNKNOWN ;
DEBUG ( 5 , ( " lookup_global_sam_rid: looking up RID %u. \n " ,
( unsigned int ) rid ) ) ;
sid_copy ( & sid , get_global_sam_sid ( ) ) ;
sid_append_rid ( & sid , rid ) ;
/* see if the passdb can help us with the name of the user */
2006-02-21 17:34:11 +03:00
if ( ! ( sam_account = samu_new ( NULL ) ) ) {
2006-02-04 01:19:41 +03:00
return False ;
}
/* BEING ROOT BLLOCK */
become_root ( ) ;
if ( pdb_getsampwsid ( sam_account , & sid ) ) {
struct passwd * pw ;
unbecome_root ( ) ; /* -----> EXIT BECOME_ROOT() */
* name = talloc_strdup ( mem_ctx , pdb_get_username ( sam_account ) ) ;
* psid_name_use = SID_NAME_USER ;
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( sam_account ) ;
2006-02-04 01:19:41 +03:00
if ( unix_id = = NULL ) {
return True ;
}
pw = Get_Pwnam ( * name ) ;
if ( pw = = NULL ) {
return False ;
}
unix_id - > uid = pw - > pw_uid ;
return True ;
}
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( sam_account ) ;
2006-02-04 01:19:41 +03:00
ret = pdb_getgrsid ( & map , sid ) ;
unbecome_root ( ) ;
/* END BECOME_ROOT BLOCK */
2006-02-17 22:07:58 +03:00
/* do not resolve SIDs to a name unless there is a valid
gid associated with it */
if ( ret & & ( map . gid ! = ( gid_t ) - 1 ) ) {
2006-02-04 01:19:41 +03:00
* name = talloc_strdup ( mem_ctx , map . nt_name ) ;
* psid_name_use = map . sid_name_use ;
2006-02-17 22:07:58 +03:00
if ( unix_id ) {
unix_id - > gid = map . gid ;
2006-02-04 01:19:41 +03:00
}
2006-02-17 22:07:58 +03:00
return True ;
}
/* Windows will always map RID 513 to something. On a non-domain
controller , this gets mapped to SERVER \ None . */
2006-02-04 01:19:41 +03:00
2006-02-17 22:07:58 +03:00
if ( unix_id ) {
DEBUG ( 5 , ( " Can't find a unix id for an unmapped group \n " ) ) ;
return False ;
}
if ( rid = = DOMAIN_GROUP_RID_USERS ) {
* name = talloc_strdup ( mem_ctx , " None " ) ;
* psid_name_use = IS_DC ? SID_NAME_DOM_GRP : SID_NAME_ALIAS ;
2006-02-04 01:19:41 +03:00
return True ;
}
return False ;
}
2005-03-22 23:50:29 +03:00
NTSTATUS pdb_default_lookup_rids ( struct pdb_methods * methods ,
const DOM_SID * domain_sid ,
int num_rids ,
uint32 * rids ,
2005-11-27 01:04:28 +03:00
const char * * names ,
uint32 * attrs )
2005-03-22 23:50:29 +03:00
{
int i ;
NTSTATUS result ;
BOOL have_mapped = False ;
BOOL have_unmapped = False ;
2005-11-27 01:28:41 +03:00
if ( sid_check_is_builtin ( domain_sid ) ) {
for ( i = 0 ; i < num_rids ; i + + ) {
2005-12-10 14:22:01 +03:00
const char * name ;
2005-11-27 01:28:41 +03:00
2005-12-03 21:34:13 +03:00
if ( lookup_builtin_rid ( names , rids [ i ] , & name ) ) {
2005-11-27 01:28:41 +03:00
attrs [ i ] = SID_NAME_ALIAS ;
2005-12-03 21:34:13 +03:00
names [ i ] = name ;
2005-11-27 01:28:41 +03:00
DEBUG ( 5 , ( " lookup_rids: %s:%d \n " ,
names [ i ] , attrs [ i ] ) ) ;
have_mapped = True ;
} else {
have_unmapped = True ;
attrs [ i ] = SID_NAME_UNKNOWN ;
}
}
2005-03-22 23:50:29 +03:00
goto done ;
}
2005-11-27 01:28:41 +03:00
/* Should not happen, but better check once too many */
if ( ! sid_check_is_domain ( domain_sid ) ) {
return NT_STATUS_INVALID_HANDLE ;
}
2005-03-22 23:50:29 +03:00
for ( i = 0 ; i < num_rids ; i + + ) {
2005-12-10 14:22:01 +03:00
const char * name ;
2005-12-03 21:34:13 +03:00
2006-02-04 01:19:41 +03:00
if ( lookup_global_sam_rid ( names , rids [ i ] , & name , & attrs [ i ] ,
NULL ) ) {
2005-12-03 21:34:13 +03:00
names [ i ] = name ;
DEBUG ( 5 , ( " lookup_rids: %s:%d \n " , names [ i ] , attrs [ i ] ) ) ;
have_mapped = True ;
} else {
have_unmapped = True ;
attrs [ i ] = SID_NAME_UNKNOWN ;
}
}
done :
result = NT_STATUS_NONE_MAPPED ;
if ( have_mapped )
result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK ;
return result ;
}
NTSTATUS pdb_default_lookup_names ( struct pdb_methods * methods ,
const DOM_SID * domain_sid ,
int num_names ,
const char * * names ,
uint32 * rids ,
uint32 * attrs )
{
int i ;
NTSTATUS result ;
BOOL have_mapped = False ;
BOOL have_unmapped = False ;
if ( sid_check_is_builtin ( domain_sid ) ) {
for ( i = 0 ; i < num_names ; i + + ) {
uint32 rid ;
if ( lookup_builtin_name ( names [ i ] , & rid ) ) {
attrs [ i ] = SID_NAME_ALIAS ;
rids [ i ] = rid ;
DEBUG ( 5 , ( " lookup_rids: %s:%d \n " ,
names [ i ] , attrs [ i ] ) ) ;
have_mapped = True ;
} else {
have_unmapped = True ;
attrs [ i ] = SID_NAME_UNKNOWN ;
}
}
goto done ;
}
/* Should not happen, but better check once too many */
if ( ! sid_check_is_domain ( domain_sid ) ) {
return NT_STATUS_INVALID_HANDLE ;
}
for ( i = 0 ; i < num_names ; i + + ) {
2006-02-04 01:19:41 +03:00
if ( lookup_global_sam_name ( names [ i ] , 0 , & rids [ i ] , & attrs [ i ] ) ) {
DEBUG ( 5 , ( " lookup_names: %s-> %d:%d \n " , names [ i ] ,
rids [ i ] , attrs [ i ] ) ) ;
2005-03-22 23:50:29 +03:00
have_mapped = True ;
} else {
have_unmapped = True ;
2005-11-27 01:28:41 +03:00
attrs [ i ] = SID_NAME_UNKNOWN ;
2005-03-22 23:50:29 +03:00
}
}
done :
result = NT_STATUS_NONE_MAPPED ;
if ( have_mapped )
result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK ;
return result ;
}
2005-04-10 19:26:37 +04:00
static struct pdb_search * pdb_search_init ( enum pdb_search_type type )
{
TALLOC_CTX * mem_ctx ;
struct pdb_search * result ;
mem_ctx = talloc_init ( " pdb_search " ) ;
if ( mem_ctx = = NULL ) {
DEBUG ( 0 , ( " talloc_init failed \n " ) ) ;
return NULL ;
}
result = TALLOC_P ( mem_ctx , struct pdb_search ) ;
if ( result = = NULL ) {
DEBUG ( 0 , ( " talloc failed \n " ) ) ;
return NULL ;
}
result - > mem_ctx = mem_ctx ;
result - > type = type ;
result - > cache = NULL ;
2005-04-15 17:41:49 +04:00
result - > num_entries = 0 ;
2005-04-10 19:26:37 +04:00
result - > cache_size = 0 ;
result - > search_ended = False ;
2005-04-18 20:07:49 +04:00
/* Segfault appropriately if not initialized */
result - > next_entry = NULL ;
result - > search_end = NULL ;
2005-04-10 19:26:37 +04:00
return result ;
}
static void fill_displayentry ( TALLOC_CTX * mem_ctx , uint32 rid ,
uint16 acct_flags ,
const char * account_name ,
const char * fullname ,
const char * description ,
struct samr_displayentry * entry )
{
entry - > rid = rid ;
entry - > acct_flags = acct_flags ;
if ( account_name ! = NULL )
entry - > account_name = talloc_strdup ( mem_ctx , account_name ) ;
2005-04-15 17:41:49 +04:00
else
entry - > account_name = " " ;
2005-04-10 19:26:37 +04:00
if ( fullname ! = NULL )
entry - > fullname = talloc_strdup ( mem_ctx , fullname ) ;
2005-04-15 17:41:49 +04:00
else
entry - > fullname = " " ;
2005-04-10 19:26:37 +04:00
if ( description ! = NULL )
entry - > description = talloc_strdup ( mem_ctx , description ) ;
2005-04-15 17:41:49 +04:00
else
entry - > description = " " ;
2005-04-10 19:26:37 +04:00
}
static BOOL user_search_in_progress = False ;
struct user_search {
uint16 acct_flags ;
} ;
2005-04-18 20:07:49 +04:00
static BOOL next_entry_users ( struct pdb_search * s ,
struct samr_displayentry * entry )
2005-04-10 19:26:37 +04:00
{
2005-06-25 00:25:18 +04:00
struct user_search * state = s - > private_data ;
2006-02-20 23:09:36 +03:00
struct samu * user = NULL ;
2005-04-10 19:26:37 +04:00
next :
2006-02-21 17:34:11 +03:00
if ( ! ( user = samu_new ( NULL ) ) ) {
DEBUG ( 0 , ( " next_entry_users: samu_new() failed! \n " ) ) ;
2005-04-10 19:26:37 +04:00
return False ;
}
if ( ! pdb_getsampwent ( user ) ) {
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( user ) ;
2005-04-10 19:26:37 +04:00
return False ;
}
if ( ( state - > acct_flags ! = 0 ) & &
( ( pdb_get_acct_ctrl ( user ) & state - > acct_flags ) = = 0 ) ) {
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( user ) ;
2005-04-10 19:26:37 +04:00
goto next ;
}
2005-04-15 17:41:49 +04:00
fill_displayentry ( s - > mem_ctx , pdb_get_user_rid ( user ) ,
2005-04-10 19:26:37 +04:00
pdb_get_acct_ctrl ( user ) , pdb_get_username ( user ) ,
pdb_get_fullname ( user ) , pdb_get_acct_desc ( user ) ,
entry ) ;
2006-02-20 23:09:36 +03:00
TALLOC_FREE ( user ) ;
2005-04-10 19:26:37 +04:00
return True ;
}
2005-04-18 20:07:49 +04:00
static void search_end_users ( struct pdb_search * search )
2005-04-10 19:26:37 +04:00
{
pdb_endsampwent ( ) ;
user_search_in_progress = False ;
}
2005-04-18 20:07:49 +04:00
static BOOL pdb_default_search_users ( struct pdb_methods * methods ,
struct pdb_search * search ,
uint16 acct_flags )
2005-04-10 19:26:37 +04:00
{
2005-04-18 20:07:49 +04:00
struct user_search * state ;
2005-04-10 19:26:37 +04:00
2005-04-18 20:07:49 +04:00
if ( user_search_in_progress ) {
DEBUG ( 1 , ( " user search in progress \n " ) ) ;
2005-04-15 17:41:49 +04:00
return False ;
2005-04-10 19:26:37 +04:00
}
2005-04-18 20:07:49 +04:00
if ( ! pdb_setsampwent ( False , acct_flags ) ) {
DEBUG ( 5 , ( " Could not start search \n " ) ) ;
2005-04-15 17:41:49 +04:00
return False ;
2005-04-10 19:26:37 +04:00
}
2005-04-18 20:07:49 +04:00
user_search_in_progress = True ;
state = TALLOC_P ( search - > mem_ctx , struct user_search ) ;
if ( state = = NULL ) {
DEBUG ( 0 , ( " talloc failed \n " ) ) ;
return False ;
}
state - > acct_flags = acct_flags ;
2005-06-25 00:25:18 +04:00
search - > private_data = state ;
2005-04-18 20:07:49 +04:00
search - > next_entry = next_entry_users ;
search - > search_end = search_end_users ;
2005-04-15 17:41:49 +04:00
return True ;
2005-04-10 19:26:37 +04:00
}
2005-04-18 20:07:49 +04:00
struct group_search {
GROUP_MAP * groups ;
2005-10-18 07:24:00 +04:00
size_t num_groups , current_group ;
2005-04-18 20:07:49 +04:00
} ;
static BOOL next_entry_groups ( struct pdb_search * s ,
struct samr_displayentry * entry )
2005-04-10 19:26:37 +04:00
{
2005-06-25 00:25:18 +04:00
struct group_search * state = s - > private_data ;
2005-04-10 19:26:37 +04:00
uint32 rid ;
GROUP_MAP * map = & state - > groups [ state - > current_group ] ;
if ( state - > current_group = = state - > num_groups )
return False ;
sid_peek_rid ( & map - > sid , & rid ) ;
2005-04-15 17:41:49 +04:00
fill_displayentry ( s - > mem_ctx , rid , 0 , map - > nt_name , NULL , map - > comment ,
2005-04-10 19:26:37 +04:00
entry ) ;
state - > current_group + = 1 ;
return True ;
}
2005-04-18 20:07:49 +04:00
static void search_end_groups ( struct pdb_search * search )
2005-04-10 19:26:37 +04:00
{
2005-06-25 00:25:18 +04:00
struct group_search * state = search - > private_data ;
2005-04-10 19:26:37 +04:00
SAFE_FREE ( state - > groups ) ;
}
2005-04-18 20:07:49 +04:00
static BOOL pdb_search_grouptype ( struct pdb_search * search ,
enum SID_NAME_USE type )
2005-04-10 19:26:37 +04:00
{
2005-04-18 20:07:49 +04:00
struct group_search * state ;
2005-04-10 19:26:37 +04:00
2005-04-18 20:07:49 +04:00
state = TALLOC_P ( search - > mem_ctx , struct group_search ) ;
2005-04-10 19:26:37 +04:00
if ( state = = NULL ) {
DEBUG ( 0 , ( " talloc failed \n " ) ) ;
2005-04-15 17:41:49 +04:00
return False ;
2005-04-10 19:26:37 +04:00
}
2005-04-18 20:07:49 +04:00
if ( ! pdb_enum_group_mapping ( type , & state - > groups , & state - > num_groups ,
True ) ) {
DEBUG ( 0 , ( " Could not enum groups \n " ) ) ;
2005-04-15 17:41:49 +04:00
return False ;
2005-04-10 19:26:37 +04:00
}
2005-04-18 20:07:49 +04:00
state - > current_group = 0 ;
2005-06-25 00:25:18 +04:00
search - > private_data = state ;
2005-04-18 20:07:49 +04:00
search - > next_entry = next_entry_groups ;
search - > search_end = search_end_groups ;
2005-04-15 17:41:49 +04:00
return True ;
2005-04-10 19:26:37 +04:00
}
2005-04-18 20:07:49 +04:00
static BOOL pdb_default_search_groups ( struct pdb_methods * methods ,
struct pdb_search * search )
2005-04-15 17:41:49 +04:00
{
2005-04-18 20:07:49 +04:00
return pdb_search_grouptype ( search , SID_NAME_DOM_GRP ) ;
2005-04-15 17:41:49 +04:00
}
2005-04-18 20:07:49 +04:00
static BOOL pdb_default_search_aliases ( struct pdb_methods * methods ,
struct pdb_search * search ,
const DOM_SID * sid )
2005-04-10 19:26:37 +04:00
{
2005-04-18 20:07:49 +04:00
if ( sid_equal ( sid , get_global_sam_sid ( ) ) )
return pdb_search_grouptype ( search , SID_NAME_ALIAS ) ;
2005-04-15 17:41:49 +04:00
2005-04-18 20:07:49 +04:00
if ( sid_equal ( sid , & global_sid_Builtin ) )
return pdb_search_grouptype ( search , SID_NAME_WKN_GRP ) ;
2005-04-15 17:41:49 +04:00
2005-04-18 20:07:49 +04:00
DEBUG ( 3 , ( " unknown domain sid: %s \n " , sid_string_static ( sid ) ) ) ;
return False ;
2005-04-15 17:41:49 +04:00
}
2005-04-10 19:26:37 +04:00
static struct samr_displayentry * pdb_search_getentry ( struct pdb_search * search ,
uint32 idx )
{
2005-04-15 17:41:49 +04:00
if ( idx < search - > num_entries )
2005-04-10 19:26:37 +04:00
return & search - > cache [ idx ] ;
if ( search - > search_ended )
return NULL ;
2005-04-15 17:41:49 +04:00
while ( idx > = search - > num_entries ) {
2005-04-10 19:26:37 +04:00
struct samr_displayentry entry ;
2005-04-18 20:07:49 +04:00
if ( ! search - > next_entry ( search , & entry ) ) {
search - > search_end ( search ) ;
2005-04-10 19:26:37 +04:00
search - > search_ended = True ;
break ;
}
2005-04-15 17:41:49 +04:00
ADD_TO_LARGE_ARRAY ( search - > mem_ctx , struct samr_displayentry ,
entry , & search - > cache , & search - > num_entries ,
& search - > cache_size ) ;
}
return ( search - > num_entries > idx ) ? & search - > cache [ idx ] : NULL ;
}
struct pdb_search * pdb_search_users ( uint16 acct_flags )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2005-04-15 17:41:49 +04:00
struct pdb_search * result ;
2006-02-12 00:27:08 +03:00
if ( pdb = = NULL ) return NULL ;
2005-04-15 17:41:49 +04:00
result = pdb_search_init ( PDB_USER_SEARCH ) ;
if ( result = = NULL ) return NULL ;
2006-02-12 00:27:08 +03:00
if ( ! pdb - > search_users ( pdb , result , acct_flags ) ) {
2005-04-15 17:41:49 +04:00
talloc_destroy ( result - > mem_ctx ) ;
return NULL ;
}
return result ;
}
struct pdb_search * pdb_search_groups ( void )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2005-04-15 17:41:49 +04:00
struct pdb_search * result ;
2006-02-12 00:27:08 +03:00
if ( pdb = = NULL ) return NULL ;
2005-04-15 17:41:49 +04:00
result = pdb_search_init ( PDB_GROUP_SEARCH ) ;
if ( result = = NULL ) return NULL ;
2006-02-12 00:27:08 +03:00
if ( ! pdb - > search_groups ( pdb , result ) ) {
2005-04-15 17:41:49 +04:00
talloc_destroy ( result - > mem_ctx ) ;
return NULL ;
2005-04-10 19:26:37 +04:00
}
2005-04-15 17:41:49 +04:00
return result ;
}
struct pdb_search * pdb_search_aliases ( const DOM_SID * sid )
{
2006-02-12 00:27:08 +03:00
struct pdb_methods * pdb = pdb_get_methods ( False ) ;
2005-04-15 17:41:49 +04:00
struct pdb_search * result ;
2005-04-10 19:26:37 +04:00
2006-02-12 00:27:08 +03:00
if ( pdb = = NULL ) return NULL ;
2005-04-15 17:41:49 +04:00
result = pdb_search_init ( PDB_ALIAS_SEARCH ) ;
if ( result = = NULL ) return NULL ;
2006-02-12 00:27:08 +03:00
if ( ! pdb - > search_aliases ( pdb , result , sid ) ) {
2005-04-15 17:41:49 +04:00
talloc_destroy ( result - > mem_ctx ) ;
return NULL ;
}
return result ;
2005-04-10 19:26:37 +04:00
}
uint32 pdb_search_entries ( struct pdb_search * search ,
uint32 start_idx , uint32 max_entries ,
struct samr_displayentry * * result )
{
struct samr_displayentry * end_entry ;
uint32 end_idx = start_idx + max_entries - 1 ;
/* The first entry needs to be searched after the last. Otherwise the
* first entry might have moved due to a realloc during the search for
* the last entry . */
end_entry = pdb_search_getentry ( search , end_idx ) ;
* result = pdb_search_getentry ( search , start_idx ) ;
if ( end_entry ! = NULL )
return max_entries ;
2005-04-15 17:41:49 +04:00
if ( start_idx > = search - > num_entries )
2005-04-10 19:26:37 +04:00
return 0 ;
2005-04-15 17:41:49 +04:00
return search - > num_entries - start_idx ;
2005-04-10 19:26:37 +04:00
}
void pdb_search_destroy ( struct pdb_search * search )
{
if ( search = = NULL )
return ;
if ( ! search - > search_ended )
2005-04-18 20:07:49 +04:00
search - > search_end ( search ) ;
2005-04-10 19:26:37 +04:00
talloc_destroy ( search - > mem_ctx ) ;
}
2005-04-15 17:41:49 +04:00
2006-02-12 00:27:08 +03:00
/*******************************************************************
Create a pdb_methods structure and initialize it with the default
operations . In this way a passdb module can simply implement
the functionality it cares about . However , normally this is done
in groups of related functions .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
NTSTATUS make_pdb_method ( struct pdb_methods * * methods )
2005-04-15 17:41:49 +04:00
{
2006-02-12 00:27:08 +03:00
/* allocate memory for the structure as its own talloc CTX */
2005-04-15 17:41:49 +04:00
2006-02-12 00:27:08 +03:00
if ( ! ( * methods = TALLOC_ZERO_P ( NULL , struct pdb_methods ) ) ) {
2005-04-15 17:41:49 +04:00
return NT_STATUS_NO_MEMORY ;
}
( * methods ) - > setsampwent = pdb_default_setsampwent ;
( * methods ) - > endsampwent = pdb_default_endsampwent ;
( * methods ) - > getsampwent = pdb_default_getsampwent ;
( * methods ) - > getsampwnam = pdb_default_getsampwnam ;
( * methods ) - > getsampwsid = pdb_default_getsampwsid ;
2006-02-13 20:08:25 +03:00
( * methods ) - > create_user = pdb_default_create_user ;
( * methods ) - > delete_user = pdb_default_delete_user ;
2005-04-15 17:41:49 +04:00
( * methods ) - > add_sam_account = pdb_default_add_sam_account ;
( * methods ) - > update_sam_account = pdb_default_update_sam_account ;
( * methods ) - > delete_sam_account = pdb_default_delete_sam_account ;
2005-10-12 00:14:04 +04:00
( * methods ) - > rename_sam_account = pdb_default_rename_sam_account ;
2005-04-15 17:41:49 +04:00
( * methods ) - > update_login_attempts = pdb_default_update_login_attempts ;
( * methods ) - > getgrsid = pdb_default_getgrsid ;
( * methods ) - > getgrgid = pdb_default_getgrgid ;
( * methods ) - > getgrnam = pdb_default_getgrnam ;
2006-02-13 20:08:25 +03:00
( * methods ) - > create_dom_group = pdb_default_create_dom_group ;
( * methods ) - > delete_dom_group = pdb_default_delete_dom_group ;
2005-04-15 17:41:49 +04:00
( * methods ) - > add_group_mapping_entry = pdb_default_add_group_mapping_entry ;
( * methods ) - > update_group_mapping_entry = pdb_default_update_group_mapping_entry ;
( * methods ) - > delete_group_mapping_entry = pdb_default_delete_group_mapping_entry ;
( * methods ) - > enum_group_mapping = pdb_default_enum_group_mapping ;
( * methods ) - > enum_group_members = pdb_default_enum_group_members ;
( * methods ) - > enum_group_memberships = pdb_default_enum_group_memberships ;
2006-02-13 20:08:25 +03:00
( * methods ) - > set_unix_primary_group = pdb_default_set_unix_primary_group ;
( * methods ) - > add_groupmem = pdb_default_add_groupmem ;
( * methods ) - > del_groupmem = pdb_default_del_groupmem ;
2005-04-15 17:41:49 +04:00
( * methods ) - > find_alias = pdb_default_find_alias ;
( * methods ) - > create_alias = pdb_default_create_alias ;
( * methods ) - > delete_alias = pdb_default_delete_alias ;
( * methods ) - > get_aliasinfo = pdb_default_get_aliasinfo ;
( * methods ) - > set_aliasinfo = pdb_default_set_aliasinfo ;
( * methods ) - > add_aliasmem = pdb_default_add_aliasmem ;
( * methods ) - > del_aliasmem = pdb_default_del_aliasmem ;
( * methods ) - > enum_aliasmem = pdb_default_enum_aliasmem ;
( * methods ) - > enum_alias_memberships = pdb_default_alias_memberships ;
( * methods ) - > lookup_rids = pdb_default_lookup_rids ;
2005-09-30 21:13:37 +04:00
( * methods ) - > get_account_policy = pdb_default_get_account_policy ;
( * methods ) - > set_account_policy = pdb_default_set_account_policy ;
( * methods ) - > get_seq_num = pdb_default_get_seq_num ;
2006-02-04 01:19:41 +03:00
( * methods ) - > uid_to_rid = pdb_default_uid_to_rid ;
( * methods ) - > gid_to_sid = pdb_default_gid_to_sid ;
( * methods ) - > sid_to_id = pdb_default_sid_to_id ;
2005-09-30 21:13:37 +04:00
2005-04-15 17:41:49 +04:00
( * methods ) - > search_users = pdb_default_search_users ;
( * methods ) - > search_groups = pdb_default_search_groups ;
( * methods ) - > search_aliases = pdb_default_search_aliases ;
return NT_STATUS_OK ;
}