2001-04-10 02:11:37 +04:00
/*
2002-01-30 09:08:46 +03:00
Unix SMB / CIFS implementation .
2001-04-10 02:11:37 +04:00
passdb structures and parameters
Copyright ( C ) Gerald Carter 2001
Copyright ( C ) Luke Kenneth Casson Leighton 1998 - 2000
2003-05-12 22:12:31 +04:00
Copyright ( C ) Andrew Bartlett 2002
Copyright ( C ) Simo Sorce 2003
2001-04-10 02:11:37 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# ifndef _PASSDB_H
# define _PASSDB_H
2004-02-12 19:16:53 +03:00
/*
* fields_present flags meanings
* same names as found in samba4 idl files
*/
# define ACCT_USERNAME 0x00000001
# define ACCT_FULL_NAME 0x00000002
# define ACCT_RID 0x00000004
# define ACCT_PRIMARY_GID 0x00000008
2006-07-11 22:01:26 +04:00
# define ACCT_DESCRIPTION 0x00000010
# define ACCT_COMMENT 0x00000020
2004-02-12 19:16:53 +03:00
# define ACCT_HOME_DIR 0x00000040
# define ACCT_HOME_DRIVE 0x00000080
# define ACCT_LOGON_SCRIPT 0x00000100
# define ACCT_PROFILE 0x00000200
# define ACCT_WORKSTATIONS 0x00000400
# define ACCT_LAST_LOGON 0x00000800
# define ACCT_LAST_LOGOFF 0x00001000
# define ACCT_LOGON_HOURS 0x00002000
# define ACCT_BAD_PWD_COUNT 0x00004000
# define ACCT_NUM_LOGONS 0x00008000
# define ACCT_ALLOW_PWD_CHANGE 0x00010000
# define ACCT_FORCE_PWD_CHANGE 0x00020000
# define ACCT_LAST_PWD_CHANGE 0x00040000
# define ACCT_EXPIRY 0x00080000
# define ACCT_FLAGS 0x00100000
2004-03-02 21:04:16 +03:00
# define ACCT_CALLBACK 0x00200000
2004-02-12 19:16:53 +03:00
# define ACCT_COUNTRY_CODE 0x00400000
# define ACCT_CODE_PAGE 0x00800000
# define ACCT_NT_PWD_SET 0x01000000
# define ACCT_LM_PWD_SET 0x02000000
# define ACCT_PRIVATEDATA 0x04000000
# define ACCT_EXPIRED_FLAG 0x08000000
# define ACCT_SEC_DESC 0x10000000
# define ACCT_OWF_PWD 0x20000000
2003-05-12 22:12:31 +04:00
/*
2006-02-20 23:09:36 +03:00
* bit flags representing initialized fields in struct samu
2003-05-12 22:12:31 +04:00
*/
enum pdb_elements {
PDB_UNINIT ,
PDB_SMBHOME ,
PDB_PROFILE ,
PDB_DRIVE ,
PDB_LOGONSCRIPT ,
PDB_LOGONTIME ,
PDB_LOGOFFTIME ,
PDB_KICKOFFTIME ,
2004-02-19 18:57:53 +03:00
PDB_BAD_PASSWORD_TIME ,
2003-05-12 22:12:31 +04:00
PDB_CANCHANGETIME ,
PDB_MUSTCHANGETIME ,
PDB_PLAINTEXT_PW ,
PDB_USERNAME ,
PDB_FULLNAME ,
PDB_DOMAIN ,
PDB_NTUSERNAME ,
PDB_HOURSLEN ,
PDB_LOGONDIVS ,
PDB_USERSID ,
PDB_GROUPSID ,
PDB_ACCTCTRL ,
PDB_PASSLASTSET ,
PDB_UNIXHOMEDIR ,
PDB_ACCTDESC ,
PDB_WORKSTATIONS ,
2006-07-11 22:01:26 +04:00
PDB_COMMENT ,
2003-05-12 22:12:31 +04:00
PDB_MUNGEDDIAL ,
PDB_HOURS ,
2004-02-12 19:16:53 +03:00
PDB_FIELDS_PRESENT ,
2003-09-19 03:53:48 +04:00
PDB_BAD_PASSWORD_COUNT ,
PDB_LOGON_COUNT ,
2003-05-12 22:12:31 +04:00
PDB_UNKNOWN6 ,
PDB_LMPASSWD ,
PDB_NTPASSWD ,
2004-07-08 02:46:51 +04:00
PDB_PWHISTORY ,
2003-07-05 13:46:12 +04:00
PDB_BACKEND_PRIVATE_DATA ,
2003-05-12 22:12:31 +04:00
/* this must be the last element */
PDB_COUNT
} ;
enum pdb_group_elements {
PDB_GROUP_NAME ,
PDB_GROUP_SID ,
PDB_GROUP_SID_NAME_USE ,
PDB_GROUP_MEMBERS ,
/* this must be the last element */
PDB_GROUP_COUNT
} ;
enum pdb_value_state {
PDB_DEFAULT = 0 ,
PDB_SET ,
PDB_CHANGED
} ;
# define IS_SAM_SET(x, flag) (pdb_get_init_flags(x, flag) == PDB_SET)
# define IS_SAM_CHANGED(x, flag) (pdb_get_init_flags(x, flag) == PDB_CHANGED)
# define IS_SAM_DEFAULT(x, flag) (pdb_get_init_flags(x, flag) == PDB_DEFAULT)
2004-03-18 22:22:51 +03:00
/* cache for bad password lockout data, to be used on replicated SAMs */
2005-10-18 07:24:00 +04:00
typedef struct logon_cache_struct {
2004-03-18 22:22:51 +03:00
time_t entry_timestamp ;
2006-02-27 13:32:45 +03:00
uint32 acct_ctrl ;
2004-03-18 22:22:51 +03:00
uint16 bad_password_count ;
time_t bad_password_time ;
} LOGIN_CACHE ;
2003-05-12 22:12:31 +04:00
2006-02-20 23:09:36 +03:00
struct samu {
2003-05-12 22:12:31 +04:00
struct pdb_methods * methods ;
2006-02-20 23:09:36 +03:00
/* initialization flags */
struct bitmap * change_flags ;
struct bitmap * set_flags ;
time_t logon_time ; /* logon time */
time_t logoff_time ; /* logoff time */
time_t kickoff_time ; /* kickoff time */
time_t bad_password_time ; /* last bad password entered */
time_t pass_last_set_time ; /* password last set time */
time_t pass_can_change_time ; /* password can change time */
time_t pass_must_change_time ; /* password must change time */
2003-05-12 22:12:31 +04:00
2006-02-20 23:09:36 +03:00
const char * username ; /* UNIX username string */
const char * domain ; /* Windows Domain name */
const char * nt_username ; /* Windows username string */
const char * full_name ; /* user's full name string */
const char * home_dir ; /* home directory string */
const char * dir_drive ; /* home directory drive string */
const char * logon_script ; /* logon script string */
const char * profile_path ; /* profile path string */
const char * acct_desc ; /* user description string */
const char * workstations ; /* login from workstations string */
2006-07-11 22:01:26 +04:00
const char * comment ;
2006-02-20 23:09:36 +03:00
const char * munged_dial ; /* munged path name and dial-back tel number */
2003-05-12 22:12:31 +04:00
2006-02-25 00:36:40 +03:00
DOM_SID user_sid ;
DOM_SID * group_sid ;
2003-05-12 22:12:31 +04:00
2006-02-20 23:09:36 +03:00
DATA_BLOB lm_pw ; /* .data is Null if no password */
DATA_BLOB nt_pw ; /* .data is Null if no password */
DATA_BLOB nt_pw_his ; /* nt hashed password history .data is Null if not available */
char * plaintext_pw ; /* is Null if not available */
2003-05-12 22:12:31 +04:00
2006-02-27 13:32:45 +03:00
uint32 acct_ctrl ; /* account info (ACB_xxxx bit-mask) */
2006-02-20 23:09:36 +03:00
uint32 fields_present ; /* 0x00ff ffff */
2003-05-12 22:12:31 +04:00
2006-02-20 23:09:36 +03:00
uint16 logon_divs ; /* 168 - number of hours in a week */
uint32 hours_len ; /* normally 21 bytes */
uint8 hours [ MAX_HOURS_LEN ] ;
2003-05-12 22:12:31 +04:00
2006-02-20 23:09:36 +03:00
/* Was unknown_5. */
uint16 bad_password_count ;
uint16 logon_count ;
uint32 unknown_6 ; /* 0x0000 04ec */
/* a tag for who added the private methods */
2006-02-25 00:36:40 +03:00
2006-02-20 23:09:36 +03:00
const struct pdb_methods * backend_private_methods ;
void * backend_private_data ;
void ( * backend_private_data_free_fn ) ( void * * ) ;
2006-02-21 22:22:49 +03:00
/* maintain a copy of the user's struct passwd */
2006-02-20 23:09:36 +03:00
2006-02-21 22:22:49 +03:00
struct passwd * unix_pw ;
2006-02-20 23:09:36 +03:00
} ;
2003-05-12 22:12:31 +04:00
2005-10-18 07:24:00 +04:00
struct acct_info {
fstring acct_name ; /* account name */
fstring acct_desc ; /* account name */
uint32 rid ; /* domain-relative RID */
2004-04-07 16:43:44 +04:00
} ;
2003-05-12 22:12:31 +04:00
2005-04-15 17:41:49 +04:00
struct samr_displayentry {
2005-09-30 21:13:37 +04:00
uint32 idx ;
2005-04-15 17:41:49 +04:00
uint32 rid ;
2006-02-27 13:32:45 +03:00
uint32 acct_flags ;
2005-04-15 17:41:49 +04:00
const char * account_name ;
const char * fullname ;
const char * description ;
} ;
enum pdb_search_type {
PDB_USER_SEARCH ,
PDB_GROUP_SEARCH ,
PDB_ALIAS_SEARCH
} ;
struct pdb_search {
TALLOC_CTX * mem_ctx ;
enum pdb_search_type type ;
struct samr_displayentry * cache ;
uint32 num_entries ;
ssize_t cache_size ;
BOOL search_ended ;
2005-06-25 00:25:18 +04:00
void * private_data ;
2005-04-18 20:07:49 +04:00
BOOL ( * next_entry ) ( struct pdb_search * search ,
struct samr_displayentry * entry ) ;
void ( * search_end ) ( struct pdb_search * search ) ;
2005-04-15 17:41:49 +04:00
} ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
/*****************************************************************
Functions to be implemented by the new ( v2 ) passdb API
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-07-15 14:35:28 +04:00
/*
* This next constant specifies the version number of the PASSDB interface
* this SAMBA will load . Increment this if * ANY * changes are made to the interface .
2005-10-18 07:24:00 +04:00
* Changed interface to fix int - > size_t problems . JRA .
2005-11-27 04:17:24 +03:00
* There ' s no point in allocating arrays in
* samr_lookup_rids twice . It was done in the srv_samr_nt . c code as well as in
* the pdb module . Remove the latter , this might happen more often . VL .
2006-06-28 21:56:10 +04:00
* changed to version 14 to move lookup_rids and lookup_names to return
2006-09-08 18:28:06 +04:00
* enum lsa_SidType rather than uint32 .
2002-07-15 14:35:28 +04:00
*/
2006-08-15 18:07:15 +04:00
# define PASSDB_INTERFACE_VERSION 14
2002-07-15 14:35:28 +04:00
2006-02-12 00:27:08 +03:00
struct pdb_methods
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
{
2002-01-26 09:28:50 +03:00
const char * name ; /* What name got this module */
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-27 13:32:45 +03:00
NTSTATUS ( * setsampwent ) ( struct pdb_methods * , BOOL update , uint32 acb_mask ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2002-07-15 14:35:28 +04:00
void ( * endsampwent ) ( struct pdb_methods * ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-20 23:09:36 +03:00
NTSTATUS ( * getsampwent ) ( struct pdb_methods * , struct samu * user ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-20 23:09:36 +03:00
NTSTATUS ( * getsampwnam ) ( struct pdb_methods * , struct samu * sam_acct , const char * username ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-20 23:09:36 +03:00
NTSTATUS ( * getsampwsid ) ( struct pdb_methods * , struct samu * sam_acct , const DOM_SID * sid ) ;
2006-02-13 20:08:25 +03:00
NTSTATUS ( * create_user ) ( struct pdb_methods * , TALLOC_CTX * tmp_ctx ,
const char * name , uint32 acct_flags ,
uint32 * rid ) ;
NTSTATUS ( * delete_user ) ( struct pdb_methods * , TALLOC_CTX * tmp_ctx ,
2006-02-20 23:09:36 +03:00
struct samu * sam_acct ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-20 23:09:36 +03:00
NTSTATUS ( * add_sam_account ) ( struct pdb_methods * , struct samu * sampass ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-20 23:09:36 +03:00
NTSTATUS ( * update_sam_account ) ( struct pdb_methods * , struct samu * sampass ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-20 23:09:36 +03:00
NTSTATUS ( * delete_sam_account ) ( struct pdb_methods * , struct samu * username ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-20 23:09:36 +03:00
NTSTATUS ( * rename_sam_account ) ( struct pdb_methods * , struct samu * oldname , const char * newname ) ;
2005-10-12 00:14:04 +04:00
2006-02-20 23:09:36 +03:00
NTSTATUS ( * update_login_attempts ) ( struct pdb_methods * methods , struct samu * sam_acct , BOOL success ) ;
2005-03-05 04:22:53 +03:00
2006-08-15 18:07:15 +04:00
NTSTATUS ( * getgrsid ) ( struct pdb_methods * methods , GROUP_MAP * map , DOM_SID sid ) ;
2002-11-02 06:47:48 +03:00
2003-06-18 19:24:10 +04:00
NTSTATUS ( * getgrgid ) ( struct pdb_methods * methods , GROUP_MAP * map , gid_t gid ) ;
2002-11-02 06:47:48 +03:00
2003-06-18 19:24:10 +04:00
NTSTATUS ( * getgrnam ) ( struct pdb_methods * methods , GROUP_MAP * map , const char * name ) ;
2002-11-02 06:47:48 +03:00
2006-02-13 20:08:25 +03:00
NTSTATUS ( * create_dom_group ) ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx , const char * name ,
uint32 * rid ) ;
NTSTATUS ( * delete_dom_group ) ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx , uint32 rid ) ;
2002-11-02 06:47:48 +03:00
NTSTATUS ( * add_group_mapping_entry ) ( struct pdb_methods * methods ,
GROUP_MAP * map ) ;
NTSTATUS ( * update_group_mapping_entry ) ( struct pdb_methods * methods ,
GROUP_MAP * map ) ;
NTSTATUS ( * delete_group_mapping_entry ) ( struct pdb_methods * methods ,
DOM_SID sid ) ;
NTSTATUS ( * enum_group_mapping ) ( struct pdb_methods * methods ,
2006-09-08 18:28:06 +04:00
const DOM_SID * sid , enum lsa_SidType sid_name_use ,
2005-10-18 07:24:00 +04:00
GROUP_MAP * * pp_rmap , size_t * p_num_entries ,
2003-06-18 19:24:10 +04:00
BOOL unix_only ) ;
2002-11-02 06:47:48 +03:00
2005-02-20 16:47:16 +03:00
NTSTATUS ( * enum_group_members ) ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx ,
const DOM_SID * group ,
2005-10-18 07:24:00 +04:00
uint32 * * pp_member_rids ,
size_t * p_num_members ) ;
2005-02-20 16:47:16 +03:00
2004-11-12 18:49:47 +03:00
NTSTATUS ( * enum_group_memberships ) ( struct pdb_methods * methods ,
2006-02-04 01:19:41 +03:00
TALLOC_CTX * mem_ctx ,
2006-02-20 23:09:36 +03:00
struct samu * user ,
2005-10-18 07:24:00 +04:00
DOM_SID * * pp_sids , gid_t * * pp_gids ,
size_t * p_num_groups ) ;
2004-11-12 18:49:47 +03:00
2006-02-13 20:08:25 +03:00
NTSTATUS ( * set_unix_primary_group ) ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx ,
2006-02-20 23:09:36 +03:00
struct samu * user ) ;
2006-02-13 20:08:25 +03:00
NTSTATUS ( * add_groupmem ) ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx ,
uint32 group_rid , uint32 member_rid ) ;
NTSTATUS ( * del_groupmem ) ( struct pdb_methods * methods ,
TALLOC_CTX * mem_ctx ,
uint32 group_rid , uint32 member_rid ) ;
2006-08-15 18:07:15 +04:00
NTSTATUS ( * find_alias ) ( struct pdb_methods * methods ,
const char * name , DOM_SID * sid ) ;
2004-04-07 16:43:44 +04:00
NTSTATUS ( * create_alias ) ( struct pdb_methods * methods ,
const char * name , uint32 * rid ) ;
NTSTATUS ( * delete_alias ) ( struct pdb_methods * methods ,
const DOM_SID * sid ) ;
NTSTATUS ( * get_aliasinfo ) ( struct pdb_methods * methods ,
const DOM_SID * sid ,
struct acct_info * info ) ;
NTSTATUS ( * set_aliasinfo ) ( struct pdb_methods * methods ,
const DOM_SID * sid ,
struct acct_info * info ) ;
NTSTATUS ( * add_aliasmem ) ( struct pdb_methods * methods ,
const DOM_SID * alias , const DOM_SID * member ) ;
NTSTATUS ( * del_aliasmem ) ( struct pdb_methods * methods ,
const DOM_SID * alias , const DOM_SID * member ) ;
NTSTATUS ( * enum_aliasmem ) ( struct pdb_methods * methods ,
const DOM_SID * alias , DOM_SID * * members ,
2005-10-18 07:24:00 +04:00
size_t * p_num_members ) ;
2004-04-07 16:43:44 +04:00
NTSTATUS ( * enum_alias_memberships ) ( struct pdb_methods * methods ,
2005-03-27 20:33:04 +04:00
TALLOC_CTX * mem_ctx ,
const DOM_SID * domain_sid ,
2005-03-28 07:27:44 +04:00
const DOM_SID * members ,
2005-10-18 07:24:00 +04:00
size_t num_members ,
uint32 * * pp_alias_rids ,
size_t * p_num_alias_rids ) ;
2005-09-30 21:13:37 +04:00
2005-03-22 23:50:29 +03:00
NTSTATUS ( * lookup_rids ) ( struct pdb_methods * methods ,
const DOM_SID * domain_sid ,
int num_rids ,
uint32 * rids ,
2005-11-27 01:04:28 +03:00
const char * * pp_names ,
2006-09-08 18:28:06 +04:00
enum lsa_SidType * attrs ) ;
2004-04-07 16:43:44 +04:00
2005-12-03 21:34:13 +03:00
NTSTATUS ( * lookup_names ) ( struct pdb_methods * methods ,
const DOM_SID * domain_sid ,
int num_names ,
const char * * pp_names ,
uint32 * rids ,
2006-09-08 18:28:06 +04:00
enum lsa_SidType * attrs ) ;
2005-12-03 21:34:13 +03:00
2005-09-30 21:13:37 +04:00
NTSTATUS ( * get_account_policy ) ( struct pdb_methods * methods ,
int policy_index , uint32 * value ) ;
NTSTATUS ( * set_account_policy ) ( struct pdb_methods * methods ,
int policy_index , uint32 value ) ;
NTSTATUS ( * get_seq_num ) ( struct pdb_methods * methods , time_t * seq_num ) ;
2005-04-15 17:41:49 +04:00
BOOL ( * search_users ) ( struct pdb_methods * methods ,
struct pdb_search * search ,
2006-02-27 13:32:45 +03:00
uint32 acct_flags ) ;
2005-04-15 17:41:49 +04:00
BOOL ( * search_groups ) ( struct pdb_methods * methods ,
struct pdb_search * search ) ;
BOOL ( * search_aliases ) ( struct pdb_methods * methods ,
struct pdb_search * search ,
const DOM_SID * sid ) ;
2006-02-04 01:19:41 +03:00
BOOL ( * uid_to_rid ) ( struct pdb_methods * methods , uid_t uid ,
uint32 * rid ) ;
BOOL ( * gid_to_sid ) ( struct pdb_methods * methods , gid_t gid ,
DOM_SID * sid ) ;
BOOL ( * sid_to_id ) ( struct pdb_methods * methods , const DOM_SID * sid ,
2006-09-08 18:28:06 +04:00
union unid_t * id , enum lsa_SidType * type ) ;
2006-02-04 01:19:41 +03:00
BOOL ( * rid_algorithm ) ( struct pdb_methods * methods ) ;
BOOL ( * new_rid ) ( struct pdb_methods * methods , uint32 * rid ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
void * private_data ; /* Private data of some kind */
void ( * free_private_data ) ( void * * ) ;
2006-02-12 00:27:08 +03:00
} ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2006-02-12 00:27:08 +03:00
typedef NTSTATUS ( * pdb_init_function ) ( struct pdb_methods * * , const char * ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
2002-02-22 05:47:53 +03:00
struct pdb_init_function_entry {
2003-01-03 11:28:12 +03:00
const char * name ;
2006-02-12 00:27:08 +03:00
2002-07-15 14:35:28 +04:00
/* Function to create a member of the pdb_methods list */
pdb_init_function init ;
2006-02-12 00:27:08 +03:00
2003-04-15 20:01:14 +04:00
struct pdb_init_function_entry * prev , * next ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 17:30:58 +03:00
} ;
2001-04-10 02:11:37 +04:00
# endif /* _PASSDB_H */
