2000-10-26 03:31:41 +00:00
/*
2002-01-30 06:08:46 +00:00
* Unix SMB / CIFS implementation .
* SMB parameters and setup
2003-07-11 05:33:40 +00:00
* Copyright ( C ) Andrew Tridgell 1992 - 1998
2005-01-13 18:20:37 +00:00
* Copyright ( C ) Simo Sorce 2000 - 2003
2006-02-15 18:26:06 +00:00
* Copyright ( C ) Gerald Carter 2000 - 2006
2003-07-11 05:33:40 +00:00
* Copyright ( C ) Jeremy Allison 2001
* Copyright ( C ) Andrew Bartlett 2002
2005-10-11 20:14:04 +00:00
* Copyright ( C ) Jim McDonough < jmcd @ us . ibm . com > 2005
2000-10-26 03:31:41 +00:00
*
* This program is free software ; you can redistribute it and / or modify it under
* the terms of the GNU General Public License as published by the Free
2007-07-09 19:25:36 +00:00
* Software Foundation ; either version 3 of the License , or ( at your option )
2000-10-26 03:31:41 +00:00
* any later version .
*
* This program is distributed in the hope that it will be useful , but WITHOUT
* ANY WARRANTY ; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE . See the GNU General Public License for
* more details .
*
* You should have received a copy of the GNU General Public License along with
2007-07-10 05:23:25 +00:00
* this program ; if not , see < http : //www.gnu.org/licenses/>.
2000-10-26 03:31:41 +00:00
*/
# include "includes.h"
2002-07-15 10:35:28 +00:00
#if 0 /* when made a module use this */
static int tdbsam_debug_level = DBGC_ALL ;
# undef DBGC_CLASS
# define DBGC_CLASS tdbsam_debug_level
# else
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_PASSDB
# endif
2008-12-15 19:28:27 +01:00
# define TDBSAM_VERSION 4 /* Most recent TDBSAM version */
2004-02-13 14:48:20 +00:00
# define TDBSAM_VERSION_STRING "INFO / version"
2002-02-01 23:20:08 +00:00
# define PASSDB_FILE_NAME "passdb.tdb"
2000-11-21 05:55:16 +00:00
# define USERPREFIX "USER_"
2008-03-14 20:35:38 +01:00
# define USERPREFIX_LEN 5
2000-12-06 18:22:29 +00:00
# define RIDPREFIX "RID_"
2005-01-13 18:20:37 +00:00
# define PRIVPREFIX "PRIV_"
2008-12-15 19:28:27 +01:00
# define NEXT_RID_STRING "NEXT_RID"
2000-11-13 23:03:34 +00:00
2006-02-15 18:26:06 +00:00
/* GLOBAL TDB SAM CONTEXT */
2008-03-14 20:35:38 +01:00
static struct db_context * db_sam ;
2007-11-04 18:15:37 +01:00
static char * tdbsam_filename ;
2004-02-12 05:07:44 +00:00
2008-03-14 20:35:38 +01:00
struct tdbsam_convert_state {
int32_t from ;
bool success ;
} ;
static int tdbsam_convert_one ( struct db_record * rec , void * priv )
2004-02-12 05:07:44 +00:00
{
2008-03-14 20:35:38 +01:00
struct tdbsam_convert_state * state =
( struct tdbsam_convert_state * ) priv ;
struct samu * user ;
TDB_DATA data ;
NTSTATUS status ;
bool ret ;
2004-02-13 14:48:20 +00:00
2008-03-14 20:35:38 +01:00
if ( rec - > key . dsize < USERPREFIX_LEN ) {
return 0 ;
}
if ( strncmp ( ( char * ) rec - > key . dptr , USERPREFIX , USERPREFIX_LEN ) ! = 0 ) {
return 0 ;
}
2004-02-13 14:48:20 +00:00
2008-03-14 20:35:38 +01:00
user = samu_new ( talloc_tos ( ) ) ;
if ( user = = NULL ) {
DEBUG ( 0 , ( " tdbsam_convert: samu_new() failed! \n " ) ) ;
state - > success = false ;
return - 1 ;
}
DEBUG ( 10 , ( " tdbsam_convert: Try unpacking a record with (key:%s) "
" (version:%d) \n " , rec - > key . dptr , state - > from ) ) ;
switch ( state - > from ) {
case 0 :
2008-12-15 18:46:37 +01:00
ret = init_samu_from_buffer ( user , SAMU_BUFFER_V0 ,
( uint8 * ) rec - > value . dptr ,
rec - > value . dsize ) ;
2008-03-14 20:35:38 +01:00
break ;
case 1 :
2008-12-15 18:46:37 +01:00
ret = init_samu_from_buffer ( user , SAMU_BUFFER_V1 ,
( uint8 * ) rec - > value . dptr ,
rec - > value . dsize ) ;
2008-03-14 20:35:38 +01:00
break ;
case 2 :
2008-12-15 18:46:37 +01:00
ret = init_samu_from_buffer ( user , SAMU_BUFFER_V2 ,
( uint8 * ) rec - > value . dptr ,
rec - > value . dsize ) ;
2008-03-14 20:35:38 +01:00
break ;
case 3 :
2008-12-15 18:46:37 +01:00
ret = init_samu_from_buffer ( user , SAMU_BUFFER_V3 ,
( uint8 * ) rec - > value . dptr ,
rec - > value . dsize ) ;
2008-12-15 19:28:27 +01:00
case 4 :
ret = init_samu_from_buffer ( user , SAMU_BUFFER_V4 ,
( uint8 * ) rec - > value . dptr ,
rec - > value . dsize ) ;
2008-03-14 20:35:38 +01:00
break ;
default :
/* unknown tdbsam version */
ret = False ;
}
if ( ! ret ) {
DEBUG ( 0 , ( " tdbsam_convert: Bad struct samu entry returned "
" from TDB (key:%s) (version:%d) \n " , rec - > key . dptr ,
state - > from ) ) ;
TALLOC_FREE ( user ) ;
state - > success = false ;
return - 1 ;
2004-02-13 14:48:20 +00:00
}
2008-12-15 18:46:37 +01:00
data . dsize = init_buffer_from_samu ( & data . dptr , user , false ) ;
2008-03-14 20:35:38 +01:00
TALLOC_FREE ( user ) ;
if ( data . dsize = = - 1 ) {
DEBUG ( 0 , ( " tdbsam_convert: cannot pack the struct samu into "
" the new format \n " ) ) ;
state - > success = false ;
return - 1 ;
}
status = rec - > store ( rec , data , TDB_MODIFY ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " Could not store the new record: %s \n " ,
nt_errstr ( status ) ) ) ;
state - > success = false ;
return - 1 ;
}
return 0 ;
}
2008-12-15 19:28:27 +01:00
static bool tdbsam_upgrade_next_rid ( struct db_context * db )
{
TDB_CONTEXT * tdb ;
uint32 rid ;
bool ok = false ;
ok = dbwrap_fetch_uint32 ( db , NEXT_RID_STRING , & rid ) ;
if ( ok ) {
return true ;
}
tdb = tdb_open_log ( state_path ( " winbindd_idmap.tdb " ) , 0 ,
TDB_DEFAULT , O_RDONLY , 0644 ) ;
if ( tdb ) {
ok = tdb_fetch_uint32 ( tdb , " RID_COUNTER " , & rid ) ;
if ( ! ok ) {
rid = BASE_RID ;
}
tdb_close ( tdb ) ;
} else {
rid = BASE_RID ;
}
if ( dbwrap_store_uint32 ( db , NEXT_RID_STRING , rid ) ! = 0 ) {
return false ;
}
return true ;
}
2008-03-14 20:35:38 +01:00
static bool tdbsam_convert ( struct db_context * db , int32 from )
{
struct tdbsam_convert_state state ;
2008-04-15 00:12:45 +02:00
int ret ;
2008-03-14 20:35:38 +01:00
state . from = from ;
state . success = true ;
if ( db - > transaction_start ( db ) ! = 0 ) {
DEBUG ( 0 , ( " Could not start transaction \n " ) ) ;
return false ;
}
2008-12-15 19:28:27 +01:00
if ( ! tdbsam_upgrade_next_rid ( db ) ) {
DEBUG ( 0 , ( " tdbsam_upgrade_next_rid failed \n " ) ) ;
goto cancel ;
}
2008-04-15 00:12:45 +02:00
ret = db - > traverse ( db , tdbsam_convert_one , & state ) ;
if ( ret < 0 ) {
2008-03-14 20:35:38 +01:00
DEBUG ( 0 , ( " traverse failed \n " ) ) ;
goto cancel ;
}
2004-02-13 14:48:20 +00:00
2008-03-14 20:35:38 +01:00
if ( ! state . success ) {
DEBUG ( 0 , ( " Converting records failed \n " ) ) ;
goto cancel ;
}
if ( dbwrap_store_int32 ( db , TDBSAM_VERSION_STRING ,
TDBSAM_VERSION ) ! = 0 ) {
DEBUG ( 0 , ( " Could not store tdbsam version \n " ) ) ;
goto cancel ;
}
if ( db - > transaction_commit ( db ) ! = 0 ) {
DEBUG ( 0 , ( " Could not commit transaction \n " ) ) ;
2008-08-08 11:42:06 +10:00
return false ;
2008-03-14 20:35:38 +01:00
}
return true ;
cancel :
if ( db - > transaction_cancel ( db ) ! = 0 ) {
smb_panic ( " transaction_cancel failed " ) ;
}
return false ;
2004-02-13 14:48:20 +00:00
}
2006-02-15 18:26:06 +00:00
/*********************************************************************
Open the tdbsam file based on the absolute path specified .
Uses a reference count to allow multiple open calls .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2004-02-13 14:48:20 +00:00
2007-10-18 17:40:25 -07:00
static bool tdbsam_open ( const char * name )
2004-02-13 14:48:20 +00:00
{
2006-02-15 18:26:06 +00:00
int32 version ;
2008-03-14 20:35:38 +01:00
2006-02-15 18:26:06 +00:00
/* check if we are already open */
2008-03-14 20:35:38 +01:00
if ( db_sam ) {
return true ;
2004-02-12 05:07:44 +00:00
}
2008-03-14 20:35:38 +01:00
/* Try to open tdb passwd. Create a new one if necessary */
2006-02-28 06:33:31 +00:00
2008-08-07 16:20:05 +10:00
db_sam = db_open ( NULL , name , 0 , TDB_DEFAULT , O_CREAT | O_RDWR , 0600 ) ;
2008-03-14 20:35:38 +01:00
if ( db_sam = = NULL ) {
DEBUG ( 0 , ( " tdbsam_open: Failed to open/create TDB passwd "
" [%s] \n " , name ) ) ;
return false ;
}
2006-02-28 06:33:31 +00:00
2004-02-13 14:48:20 +00:00
/* Check the version */
2008-03-14 20:35:38 +01:00
version = dbwrap_fetch_int32 ( db_sam , TDBSAM_VERSION_STRING ) ;
2006-02-28 06:33:31 +00:00
if ( version = = - 1 ) {
2004-02-13 14:48:20 +00:00
version = 0 ; /* Version not found, assume version 0 */
2006-02-28 06:33:31 +00:00
}
2008-03-14 20:35:38 +01:00
2004-02-13 14:48:20 +00:00
/* Compare the version */
if ( version > TDBSAM_VERSION ) {
2008-03-14 20:35:38 +01:00
/* Version more recent than the latest known */
2006-02-15 18:26:06 +00:00
DEBUG ( 0 , ( " tdbsam_open: unknown version => %d \n " , version ) ) ;
2008-03-14 20:35:38 +01:00
TALLOC_FREE ( db_sam ) ;
return false ;
2004-02-13 14:48:20 +00:00
}
2004-02-12 05:07:44 +00:00
2008-03-14 20:35:38 +01:00
if ( version < TDBSAM_VERSION ) {
DEBUG ( 1 , ( " tdbsam_open: Converting version %d database to "
" version %d. \n " , version , TDBSAM_VERSION ) ) ;
2004-02-12 05:07:44 +00:00
2008-03-14 20:35:38 +01:00
if ( ! tdbsam_convert ( db_sam , version ) ) {
DEBUG ( 0 , ( " tdbsam_open: Error when trying to convert "
" tdbsam [%s] \n " , name ) ) ;
TALLOC_FREE ( db_sam ) ;
return false ;
}
2006-02-15 18:26:06 +00:00
2008-03-14 20:35:38 +01:00
DEBUG ( 3 , ( " TDBSAM converted successfully. \n " ) ) ;
2004-02-12 05:07:44 +00:00
}
2008-03-14 20:35:38 +01:00
DEBUG ( 4 , ( " tdbsam_open: successfully opened %s \n " , name ) ) ;
return true ;
2004-02-12 05:07:44 +00:00
}
2004-02-11 21:10:04 +00:00
2000-11-21 05:55:16 +00:00
/******************************************************************
Lookup a name in the SAM TDB
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2001-09-25 20:21:21 +00:00
2008-03-14 20:35:38 +01:00
static NTSTATUS tdbsam_getsampwnam ( struct pdb_methods * my_methods ,
struct samu * user , const char * sname )
2000-10-26 03:31:41 +00:00
{
2007-03-27 10:43:32 +00:00
TDB_DATA data ;
2000-12-12 16:50:23 +00:00
fstring keystr ;
fstring name ;
2001-05-04 15:44:27 +00:00
2004-02-12 05:07:44 +00:00
if ( ! user ) {
2006-02-20 20:09:36 +00:00
DEBUG ( 0 , ( " pdb_getsampwnam: struct samu is NULL. \n " ) ) ;
2006-02-15 18:26:06 +00:00
return NT_STATUS_NO_MEMORY ;
2001-05-04 15:44:27 +00:00
}
2004-02-13 14:48:20 +00:00
2001-09-26 11:36:37 +00:00
/* Data is stored in all lower-case */
2003-04-23 00:56:06 +00:00
fstrcpy ( name , sname ) ;
2003-07-03 19:11:31 +00:00
strlower_m ( name ) ;
2001-09-26 11:36:37 +00:00
2000-11-21 05:55:16 +00:00
/* set search key */
2001-04-08 20:31:39 +00:00
slprintf ( keystr , sizeof ( keystr ) - 1 , " %s%s " , USERPREFIX , name ) ;
2000-10-26 03:31:41 +00:00
2006-02-15 18:26:06 +00:00
/* open the database */
2008-03-14 20:35:38 +01:00
2006-02-15 18:26:06 +00:00
if ( ! tdbsam_open ( tdbsam_filename ) ) {
DEBUG ( 0 , ( " tdbsam_getsampwnam: failed to open %s! \n " , tdbsam_filename ) ) ;
return NT_STATUS_ACCESS_DENIED ;
2000-11-21 05:55:16 +00:00
}
2008-03-14 20:35:38 +01:00
2000-11-21 05:55:16 +00:00
/* get the record */
2008-03-14 20:35:38 +01:00
data = dbwrap_fetch_bystring ( db_sam , talloc_tos ( ) , keystr ) ;
2001-09-25 20:21:21 +00:00
if ( ! data . dptr ) {
2000-11-21 05:55:16 +00:00
DEBUG ( 5 , ( " pdb_getsampwnam (TDB): error fetching database. \n " ) ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
DEBUGADD ( 5 , ( " Key: %s \n " , keystr ) ) ;
2006-03-20 10:18:23 +00:00
return NT_STATUS_NO_SUCH_USER ;
2000-10-26 03:31:41 +00:00
}
2008-03-14 20:35:38 +01:00
2000-11-21 05:55:16 +00:00
/* unpack the buffer */
2008-03-14 20:35:38 +01:00
2008-12-15 18:46:37 +01:00
if ( ! init_samu_from_buffer ( user , SAMU_BUFFER_LATEST , data . dptr , data . dsize ) ) {
2006-02-20 20:09:36 +00:00
DEBUG ( 0 , ( " pdb_getsampwent: Bad struct samu entry returned from TDB! \n " ) ) ;
2001-09-25 09:58:36 +00:00
SAFE_FREE ( data . dptr ) ;
2006-03-20 10:18:23 +00:00
return NT_STATUS_NO_MEMORY ;
2000-11-21 05:55:16 +00:00
}
2008-03-14 20:35:38 +01:00
2006-03-20 10:18:23 +00:00
/* success */
2008-03-14 20:35:38 +01:00
TALLOC_FREE ( data . dptr ) ;
2006-03-20 10:18:23 +00:00
return NT_STATUS_OK ;
2000-10-26 03:31:41 +00:00
}
2000-11-21 05:55:16 +00:00
/***************************************************************************
Search by rid
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2001-09-25 20:21:21 +00:00
2008-03-14 20:35:38 +01:00
static NTSTATUS tdbsam_getsampwrid ( struct pdb_methods * my_methods ,
struct samu * user , uint32 rid )
2000-10-26 03:31:41 +00:00
{
2006-02-15 18:26:06 +00:00
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL ;
2007-03-27 10:43:32 +00:00
TDB_DATA data ;
2000-12-06 18:22:29 +00:00
fstring keystr ;
fstring name ;
2006-02-15 18:26:06 +00:00
if ( ! user ) {
2006-02-20 20:09:36 +00:00
DEBUG ( 0 , ( " pdb_getsampwrid: struct samu is NULL. \n " ) ) ;
2002-09-26 18:37:55 +00:00
return nt_status ;
2001-05-04 15:44:27 +00:00
}
2008-03-14 20:35:38 +01:00
2000-12-06 18:22:29 +00:00
/* set search key */
2008-03-14 20:35:38 +01:00
2001-04-08 20:31:39 +00:00
slprintf ( keystr , sizeof ( keystr ) - 1 , " %s%.8x " , RIDPREFIX , rid ) ;
2000-10-26 03:31:41 +00:00
2006-02-15 18:26:06 +00:00
/* open the database */
2008-03-14 20:35:38 +01:00
2006-02-15 18:26:06 +00:00
if ( ! tdbsam_open ( tdbsam_filename ) ) {
2009-02-17 13:43:58 -08:00
DEBUG ( 0 , ( " tdbsam_getsampwrid: failed to open %s! \n " , tdbsam_filename ) ) ;
2006-02-15 18:26:06 +00:00
return NT_STATUS_ACCESS_DENIED ;
2000-12-06 18:22:29 +00:00
}
/* get the record */
2008-03-14 20:35:38 +01:00
data = dbwrap_fetch_bystring ( db_sam , talloc_tos ( ) , keystr ) ;
2004-02-13 14:48:20 +00:00
if ( ! data . dptr ) {
2002-01-26 01:52:52 +00:00
DEBUG ( 5 , ( " pdb_getsampwrid (TDB): error looking up RID %d by key %s. \n " , rid , keystr ) ) ;
2008-03-14 20:35:38 +01:00
return NT_STATUS_UNSUCCESSFUL ;
2000-12-06 18:22:29 +00:00
}
2007-03-29 09:35:51 +00:00
fstrcpy ( name , ( const char * ) data . dptr ) ;
2008-03-14 20:35:38 +01:00
TALLOC_FREE ( data . dptr ) ;
2006-02-15 18:26:06 +00:00
2008-03-14 20:35:38 +01:00
return tdbsam_getsampwnam ( my_methods , user , name ) ;
2002-07-15 10:35:28 +00:00
}
2008-03-14 20:35:38 +01:00
static NTSTATUS tdbsam_getsampwsid ( struct pdb_methods * my_methods ,
struct samu * user , const DOM_SID * sid )
2002-07-15 10:35:28 +00:00
{
uint32 rid ;
2008-03-14 20:35:38 +01:00
2006-02-15 18:26:06 +00:00
if ( ! sid_peek_check_rid ( get_global_sam_sid ( ) , sid , & rid ) )
2002-09-26 18:37:55 +00:00
return NT_STATUS_UNSUCCESSFUL ;
2006-02-15 18:26:06 +00:00
2002-07-15 10:35:28 +00:00
return tdbsam_getsampwrid ( my_methods , user , rid ) ;
2000-10-26 03:31:41 +00:00
}
2007-10-18 17:40:25 -07:00
static bool tdb_delete_samacct_only ( struct samu * sam_pass )
2005-10-11 20:14:04 +00:00
{
fstring keystr ;
fstring name ;
2008-03-14 20:35:38 +01:00
NTSTATUS status ;
2005-10-11 20:14:04 +00:00
fstrcpy ( name , pdb_get_username ( sam_pass ) ) ;
strlower_m ( name ) ;
2008-03-14 20:35:38 +01:00
2005-10-11 20:14:04 +00:00
/* set the search key */
2008-03-14 20:35:38 +01:00
2005-10-11 20:14:04 +00:00
slprintf ( keystr , sizeof ( keystr ) - 1 , " %s%s " , USERPREFIX , name ) ;
2008-03-14 20:35:38 +01:00
2005-10-11 20:14:04 +00:00
/* it's outaa here! 8^) */
2009-02-17 13:43:58 -08:00
if ( ! tdbsam_open ( tdbsam_filename ) ) {
DEBUG ( 0 , ( " tdb_delete_samacct_only: failed to open %s! \n " ,
tdbsam_filename ) ) ;
return false ;
}
2008-03-14 20:35:38 +01:00
status = dbwrap_delete_bystring ( db_sam , keystr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 5 , ( " Error deleting entry from tdb passwd "
" database: %s! \n " , nt_errstr ( status ) ) ) ;
return false ;
2005-10-11 20:14:04 +00:00
}
2008-03-14 20:35:38 +01:00
return true ;
2005-10-11 20:14:04 +00:00
}
2000-11-21 05:55:16 +00:00
/***************************************************************************
2006-02-20 20:09:36 +00:00
Delete a struct samu records for the username and RID key
2000-11-21 05:55:16 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2001-09-25 20:21:21 +00:00
2008-03-14 20:35:38 +01:00
static NTSTATUS tdbsam_delete_sam_account ( struct pdb_methods * my_methods ,
struct samu * sam_pass )
2000-10-26 03:31:41 +00:00
{
2006-02-15 18:26:06 +00:00
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL ;
2000-11-21 05:55:16 +00:00
fstring keystr ;
2000-12-06 18:22:29 +00:00
uint32 rid ;
fstring name ;
2008-03-14 20:35:38 +01:00
2006-02-27 21:28:19 +00:00
/* open the database */
2008-03-14 20:35:38 +01:00
2006-02-27 21:28:19 +00:00
if ( ! tdbsam_open ( tdbsam_filename ) ) {
DEBUG ( 0 , ( " tdbsam_delete_sam_account: failed to open %s! \n " ,
tdbsam_filename ) ) ;
return NT_STATUS_ACCESS_DENIED ;
2006-02-15 18:26:06 +00:00
}
2003-04-23 00:56:06 +00:00
fstrcpy ( name , pdb_get_username ( sam_pass ) ) ;
2003-07-03 19:11:31 +00:00
strlower_m ( name ) ;
2008-03-14 20:35:38 +01:00
2000-11-21 05:55:16 +00:00
/* set the search key */
2006-02-15 18:26:06 +00:00
2001-04-08 20:31:39 +00:00
slprintf ( keystr , sizeof ( keystr ) - 1 , " %s%s " , USERPREFIX , name ) ;
2008-03-14 20:35:38 +01:00
2001-09-25 14:40:25 +00:00
rid = pdb_get_user_rid ( sam_pass ) ;
2000-12-06 18:22:29 +00:00
/* it's outaa here! 8^) */
2001-05-04 14:01:33 +00:00
2008-03-14 20:35:38 +01:00
if ( db_sam - > transaction_start ( db_sam ) ! = 0 ) {
DEBUG ( 0 , ( " Could not start transaction \n " ) ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
nt_status = dbwrap_delete_bystring ( db_sam , keystr ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
DEBUG ( 5 , ( " Error deleting entry from tdb passwd "
" database: %s! \n " , nt_errstr ( nt_status ) ) ) ;
goto cancel ;
2006-02-15 18:26:06 +00:00
}
2000-12-06 18:22:29 +00:00
/* set the search key */
2008-03-14 20:35:38 +01:00
2001-04-08 20:31:39 +00:00
slprintf ( keystr , sizeof ( keystr ) - 1 , " %s%.8x " , RIDPREFIX , rid ) ;
2000-12-06 18:22:29 +00:00
2000-11-21 05:55:16 +00:00
/* it's outaa here! 8^) */
2008-03-14 20:35:38 +01:00
nt_status = dbwrap_delete_bystring ( db_sam , keystr ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
DEBUG ( 5 , ( " Error deleting entry from tdb rid "
" database: %s! \n " , nt_errstr ( nt_status ) ) ) ;
goto cancel ;
}
if ( db_sam - > transaction_commit ( db_sam ) ! = 0 ) {
DEBUG ( 0 , ( " Could not commit transaction \n " ) ) ;
2008-08-08 11:42:06 +10:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
2008-03-14 20:35:38 +01:00
}
return NT_STATUS_OK ;
cancel :
if ( db_sam - > transaction_cancel ( db_sam ) ! = 0 ) {
smb_panic ( " transaction_cancel failed " ) ;
2000-11-21 05:55:16 +00:00
}
2006-02-15 18:26:06 +00:00
return nt_status ;
2000-10-26 03:31:41 +00:00
}
2005-10-11 20:14:04 +00:00
2000-11-21 05:55:16 +00:00
/***************************************************************************
2005-10-11 20:14:04 +00:00
Update the TDB SAM account record only
2006-02-15 18:26:06 +00:00
Assumes that the tdbsam is already open
2000-11-21 05:55:16 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-18 17:40:25 -07:00
static bool tdb_update_samacct_only ( struct samu * newpwd , int flag )
2000-10-26 03:31:41 +00:00
{
2007-03-27 10:43:32 +00:00
TDB_DATA data ;
2001-03-11 00:51:54 +00:00
uint8 * buf = NULL ;
2000-11-21 05:55:16 +00:00
fstring keystr ;
2000-12-06 18:22:29 +00:00
fstring name ;
2008-03-14 20:35:38 +01:00
bool ret = false ;
NTSTATUS status ;
2003-07-11 15:17:06 +00:00
2006-02-20 20:09:36 +00:00
/* copy the struct samu struct into a BYTE buffer for storage */
2008-03-14 20:35:38 +01:00
2008-12-15 18:46:37 +01:00
if ( ( data . dsize = init_buffer_from_samu ( & buf , newpwd , False ) ) = = - 1 ) {
2006-02-20 20:09:36 +00:00
DEBUG ( 0 , ( " tdb_update_sam: ERROR - Unable to copy struct samu info BYTE buffer! \n " ) ) ;
2001-09-25 09:58:36 +00:00
goto done ;
2000-11-21 05:55:16 +00:00
}
2007-03-29 09:35:51 +00:00
data . dptr = buf ;
2000-10-26 03:31:41 +00:00
2003-04-23 00:56:06 +00:00
fstrcpy ( name , pdb_get_username ( newpwd ) ) ;
2003-07-03 19:11:31 +00:00
strlower_m ( name ) ;
2008-03-14 20:35:38 +01:00
DEBUG ( 5 , ( " Storing %saccount %s with RID %d \n " ,
flag = = TDB_INSERT ? " (new) " : " " , name ,
2005-10-11 20:14:04 +00:00
pdb_get_user_rid ( newpwd ) ) ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
2000-12-06 18:22:29 +00:00
/* setup the USER index key */
2001-04-08 20:31:39 +00:00
slprintf ( keystr , sizeof ( keystr ) - 1 , " %s%s " , USERPREFIX , name ) ;
2000-11-21 05:55:16 +00:00
/* add the account */
2008-03-14 20:35:38 +01:00
status = dbwrap_store_bystring ( db_sam , keystr , data , flag ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " Unable to modify passwd TDB: %s! " ,
nt_errstr ( status ) ) ) ;
2001-09-25 09:58:36 +00:00
goto done ;
2000-11-21 05:55:16 +00:00
}
2005-10-11 20:14:04 +00:00
2008-03-14 20:35:38 +01:00
ret = true ;
done :
2005-10-11 20:14:04 +00:00
/* cleanup */
SAFE_FREE ( buf ) ;
2006-02-15 18:26:06 +00:00
return ret ;
2005-10-11 20:14:04 +00:00
}
/***************************************************************************
Update the TDB SAM RID record only
2008-03-14 20:35:38 +01:00
Assumes that the tdbsam is already open
2005-10-11 20:14:04 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-18 17:40:25 -07:00
static bool tdb_update_ridrec_only ( struct samu * newpwd , int flag )
2005-10-11 20:14:04 +00:00
{
2007-03-27 10:43:32 +00:00
TDB_DATA data ;
2005-10-11 20:14:04 +00:00
fstring keystr ;
fstring name ;
2008-03-14 20:35:38 +01:00
NTSTATUS status ;
2005-10-11 20:14:04 +00:00
fstrcpy ( name , pdb_get_username ( newpwd ) ) ;
strlower_m ( name ) ;
2000-12-12 16:50:23 +00:00
/* setup RID data */
2007-03-27 10:43:32 +00:00
data = string_term_tdb_data ( name ) ;
2000-11-21 05:55:16 +00:00
2000-12-06 18:22:29 +00:00
/* setup the RID index key */
2008-03-14 20:35:38 +01:00
slprintf ( keystr , sizeof ( keystr ) - 1 , " %s%.8x " , RIDPREFIX ,
pdb_get_user_rid ( newpwd ) ) ;
2000-12-06 18:22:29 +00:00
/* add the reference */
2008-03-14 20:35:38 +01:00
status = dbwrap_store_bystring ( db_sam , keystr , data , flag ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " Unable to modify TDB passwd: %s! \n " ,
nt_errstr ( status ) ) ) ;
return false ;
2005-10-11 20:14:04 +00:00
}
2008-03-14 20:35:38 +01:00
return true ;
2005-10-11 20:14:04 +00:00
}
/***************************************************************************
Update the TDB SAM
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-03-14 20:35:38 +01:00
static bool tdb_update_sam ( struct pdb_methods * my_methods , struct samu * newpwd ,
int flag )
2005-10-11 20:14:04 +00:00
{
2006-06-28 17:11:06 +00:00
if ( ! pdb_get_user_rid ( newpwd ) ) {
2008-03-14 20:35:38 +01:00
DEBUG ( 0 , ( " tdb_update_sam: struct samu (%s) with no RID! \n " ,
pdb_get_username ( newpwd ) ) ) ;
2006-02-15 18:26:06 +00:00
return False ;
2005-10-11 20:14:04 +00:00
}
2006-02-15 18:26:06 +00:00
/* open the database */
2008-03-14 20:35:38 +01:00
2006-02-15 18:26:06 +00:00
if ( ! tdbsam_open ( tdbsam_filename ) ) {
DEBUG ( 0 , ( " tdbsam_getsampwnam: failed to open %s! \n " , tdbsam_filename ) ) ;
return False ;
}
2008-03-14 20:35:38 +01:00
if ( db_sam - > transaction_start ( db_sam ) ! = 0 ) {
DEBUG ( 0 , ( " Could not start transaction \n " ) ) ;
return false ;
2000-12-06 18:22:29 +00:00
}
2001-09-25 09:58:36 +00:00
2008-03-14 20:35:38 +01:00
if ( ! tdb_update_samacct_only ( newpwd , flag )
| | ! tdb_update_ridrec_only ( newpwd , flag ) ) {
goto cancel ;
}
2006-02-15 18:26:06 +00:00
2008-03-14 20:35:38 +01:00
if ( db_sam - > transaction_commit ( db_sam ) ! = 0 ) {
DEBUG ( 0 , ( " Could not commit transaction \n " ) ) ;
2008-08-08 11:42:06 +10:00
return false ;
2008-03-14 20:35:38 +01:00
}
return true ;
cancel :
if ( db_sam - > transaction_cancel ( db_sam ) ! = 0 ) {
smb_panic ( " transaction_cancel failed " ) ;
}
return false ;
2000-10-26 03:31:41 +00:00
}
2000-11-21 05:55:16 +00:00
/***************************************************************************
2006-02-20 20:09:36 +00:00
Modifies an existing struct samu
2000-11-21 05:55:16 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2001-09-25 20:21:21 +00:00
2006-02-20 20:09:36 +00:00
static NTSTATUS tdbsam_update_sam_account ( struct pdb_methods * my_methods , struct samu * newpwd )
2000-10-26 03:31:41 +00:00
{
2006-02-15 18:26:06 +00:00
if ( ! tdb_update_sam ( my_methods , newpwd , TDB_MODIFY ) )
2002-09-26 18:37:55 +00:00
return NT_STATUS_UNSUCCESSFUL ;
2006-02-15 18:26:06 +00:00
return NT_STATUS_OK ;
2000-10-26 03:31:41 +00:00
}
2000-11-21 05:55:16 +00:00
/***************************************************************************
2006-02-20 20:09:36 +00:00
Adds an existing struct samu
2000-11-21 05:55:16 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2001-09-25 20:21:21 +00:00
2006-02-20 20:09:36 +00:00
static NTSTATUS tdbsam_add_sam_account ( struct pdb_methods * my_methods , struct samu * newpwd )
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
{
2006-02-15 18:26:06 +00:00
if ( ! tdb_update_sam ( my_methods , newpwd , TDB_INSERT ) )
2002-09-26 18:37:55 +00:00
return NT_STATUS_UNSUCCESSFUL ;
2006-02-15 18:26:06 +00:00
return NT_STATUS_OK ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
}
2005-10-11 20:14:04 +00:00
/***************************************************************************
2006-02-20 20:09:36 +00:00
Renames a struct samu
2005-10-11 20:14:04 +00:00
- check for the posix user / rename user script
- Add and lock the new user record
- rename the posix user
- rewrite the rid - > username record
- delete the old user
- unlock the new user record
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS tdbsam_rename_sam_account ( struct pdb_methods * my_methods ,
2007-11-20 17:18:16 -08:00
struct samu * old_acct ,
2005-10-20 20:40:47 +00:00
const char * newname )
2005-10-11 20:14:04 +00:00
{
2006-02-20 20:09:36 +00:00
struct samu * new_acct = NULL ;
2007-11-20 17:18:16 -08:00
char * rename_script = NULL ;
2006-02-15 18:26:06 +00:00
int rename_ret ;
2006-07-19 20:59:04 +00:00
fstring oldname_lower ;
fstring newname_lower ;
2005-10-11 20:14:04 +00:00
2006-02-15 18:26:06 +00:00
/* can't do anything without an external script */
2007-11-20 17:18:16 -08:00
2008-03-14 20:35:38 +01:00
if ( ! ( new_acct = samu_new ( talloc_tos ( ) ) ) ) {
return NT_STATUS_NO_MEMORY ;
}
rename_script = talloc_strdup ( new_acct , lp_renameuser_script ( ) ) ;
2007-11-20 17:18:16 -08:00
if ( ! rename_script ) {
2008-03-14 20:35:38 +01:00
TALLOC_FREE ( new_acct ) ;
2007-11-20 17:18:16 -08:00
return NT_STATUS_NO_MEMORY ;
}
if ( ! * rename_script ) {
2008-03-14 20:35:38 +01:00
TALLOC_FREE ( new_acct ) ;
2006-02-15 18:26:06 +00:00
return NT_STATUS_ACCESS_DENIED ;
2006-03-22 08:04:13 +00:00
}
2005-10-11 20:14:04 +00:00
2007-11-20 17:18:16 -08:00
if ( ! pdb_copy_sam_account ( new_acct , old_acct )
| | ! pdb_set_username ( new_acct , newname , PDB_CHANGED ) )
2006-02-15 18:26:06 +00:00
{
2008-03-14 20:35:38 +01:00
TALLOC_FREE ( new_acct ) ;
2006-02-15 18:26:06 +00:00
return NT_STATUS_NO_MEMORY ;
2005-10-11 20:14:04 +00:00
}
2006-02-15 18:26:06 +00:00
/* open the database */
if ( ! tdbsam_open ( tdbsam_filename ) ) {
2008-03-14 20:35:38 +01:00
DEBUG ( 0 , ( " tdbsam_getsampwnam: failed to open %s! \n " ,
tdbsam_filename ) ) ;
TALLOC_FREE ( new_acct ) ;
2006-02-15 18:26:06 +00:00
return NT_STATUS_ACCESS_DENIED ;
2005-10-11 20:14:04 +00:00
}
2008-03-27 16:55:35 +01:00
if ( db_sam - > transaction_start ( db_sam ) ! = 0 ) {
2008-03-14 20:35:38 +01:00
DEBUG ( 0 , ( " Could not start transaction \n " ) ) ;
TALLOC_FREE ( new_acct ) ;
return NT_STATUS_ACCESS_DENIED ;
2007-11-20 17:18:16 -08:00
2008-03-14 20:35:38 +01:00
}
2005-10-11 20:14:04 +00:00
2008-03-14 20:35:38 +01:00
/* add the new account and lock it */
if ( ! tdb_update_samacct_only ( new_acct , TDB_INSERT ) ) {
goto cancel ;
2005-10-11 20:14:04 +00:00
}
2006-07-19 20:59:04 +00:00
/* Rename the posix user. Follow the semantics of _samr_create_user()
so that we lower case the posix name but preserve the case in passdb */
fstrcpy ( oldname_lower , pdb_get_username ( old_acct ) ) ;
strlower_m ( oldname_lower ) ;
fstrcpy ( newname_lower , newname ) ;
strlower_m ( newname_lower ) ;
2008-03-14 20:35:38 +01:00
rename_script = talloc_string_sub2 ( new_acct ,
2007-11-20 17:18:16 -08:00
rename_script ,
" %unew " ,
newname_lower ,
true ,
false ,
true ) ;
if ( ! rename_script ) {
2008-03-14 20:35:38 +01:00
goto cancel ;
2007-11-20 17:18:16 -08:00
}
2008-03-14 20:35:38 +01:00
rename_script = talloc_string_sub2 ( new_acct ,
2007-11-20 17:18:16 -08:00
rename_script ,
" %uold " ,
oldname_lower ,
true ,
false ,
true ) ;
if ( ! rename_script ) {
2008-03-14 20:35:38 +01:00
goto cancel ;
2007-11-20 17:18:16 -08:00
}
2006-02-15 18:26:06 +00:00
rename_ret = smbrun ( rename_script , NULL ) ;
2005-10-11 20:14:04 +00:00
2007-11-20 17:18:16 -08:00
DEBUG ( rename_ret ? 0 : 3 , ( " Running the command `%s' gave %d \n " ,
rename_script , rename_ret ) ) ;
2005-10-11 20:14:04 +00:00
2008-03-14 20:35:38 +01:00
if ( rename_ret ! = 0 ) {
goto cancel ;
2006-09-20 00:15:50 +00:00
}
2008-03-14 20:35:38 +01:00
smb_nscd_flush_user_cache ( ) ;
2005-10-11 20:14:04 +00:00
/* rewrite the rid->username record */
2007-11-20 17:18:16 -08:00
2006-03-22 08:04:13 +00:00
if ( ! tdb_update_ridrec_only ( new_acct , TDB_MODIFY ) ) {
2008-03-14 20:35:38 +01:00
goto cancel ;
2006-03-22 08:04:13 +00:00
}
2005-10-11 20:14:04 +00:00
2006-02-15 18:26:06 +00:00
tdb_delete_samacct_only ( old_acct ) ;
2007-11-20 17:18:16 -08:00
2008-03-27 16:55:35 +01:00
if ( db_sam - > transaction_commit ( db_sam ) ! = 0 ) {
2008-03-14 20:35:38 +01:00
/*
* Ok , we ' re screwed . We ' ve changed the posix account , but
* could not adapt passdb . tdb . Shall we change the posix
* account back ?
*/
DEBUG ( 0 , ( " transaction_commit failed \n " ) ) ;
2008-08-08 11:42:06 +10:00
TALLOC_FREE ( new_acct ) ;
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
2008-03-14 20:35:38 +01:00
}
2007-11-20 17:18:16 -08:00
2006-02-20 20:09:36 +00:00
TALLOC_FREE ( new_acct ) ;
2006-02-15 18:26:06 +00:00
return NT_STATUS_OK ;
2005-10-11 20:14:04 +00:00
2008-03-14 20:35:38 +01:00
cancel :
if ( db_sam - > transaction_cancel ( db_sam ) ! = 0 ) {
smb_panic ( " transaction_cancel failed " ) ;
2005-10-11 20:14:04 +00:00
}
2007-11-20 17:18:16 -08:00
2008-01-12 00:09:35 -08:00
TALLOC_FREE ( new_acct ) ;
2008-03-14 20:35:38 +01:00
2006-02-15 18:26:06 +00:00
return NT_STATUS_ACCESS_DENIED ;
2005-10-11 20:14:04 +00:00
}
2006-02-03 22:19:41 +00:00
2007-10-18 17:40:25 -07:00
static bool tdbsam_rid_algorithm ( struct pdb_methods * methods )
2006-02-03 22:19:41 +00:00
{
return False ;
}
2007-10-18 17:40:25 -07:00
static bool tdbsam_new_rid ( struct pdb_methods * methods , uint32 * prid )
2006-02-03 22:19:41 +00:00
{
uint32 rid ;
rid = BASE_RID ; /* Default if not set */
2009-02-17 13:43:58 -08:00
if ( ! tdbsam_open ( tdbsam_filename ) ) {
DEBUG ( 0 , ( " tdbsam_new_rid: failed to open %s! \n " ,
tdbsam_filename ) ) ;
return false ;
}
2008-12-15 19:28:27 +01:00
if ( dbwrap_change_uint32_atomic ( db_sam , NEXT_RID_STRING , & rid , 1 ) ! = 0 ) {
DEBUG ( 3 , ( " tdbsam_new_rid: Failed to increase %s \n " ,
NEXT_RID_STRING ) ) ;
return false ;
2006-02-03 22:19:41 +00:00
}
* prid = rid ;
2008-12-15 19:28:27 +01:00
return true ;
2006-02-03 22:19:41 +00:00
}
2007-12-24 12:58:40 +01:00
struct tdbsam_search_state {
struct pdb_methods * methods ;
uint32_t acct_flags ;
uint32_t * rids ;
uint32_t num_rids ;
ssize_t array_size ;
uint32_t current ;
} ;
2008-03-14 20:35:38 +01:00
static int tdbsam_collect_rids ( struct db_record * rec , void * private_data )
2007-12-24 12:58:40 +01:00
{
struct tdbsam_search_state * state = talloc_get_type_abort (
private_data , struct tdbsam_search_state ) ;
size_t prefixlen = strlen ( RIDPREFIX ) ;
uint32 rid ;
2008-03-14 20:35:38 +01:00
if ( ( rec - > key . dsize < prefixlen )
| | ( strncmp ( ( char * ) rec - > key . dptr , RIDPREFIX , prefixlen ) ) ) {
2007-12-24 12:58:40 +01:00
return 0 ;
}
2008-03-14 20:35:38 +01:00
rid = strtoul ( ( char * ) rec - > key . dptr + prefixlen , NULL , 16 ) ;
2007-12-24 12:58:40 +01:00
ADD_TO_LARGE_ARRAY ( state , uint32 , rid , & state - > rids , & state - > num_rids ,
& state - > array_size ) ;
return 0 ;
}
static void tdbsam_search_end ( struct pdb_search * search )
{
struct tdbsam_search_state * state = talloc_get_type_abort (
search - > private_data , struct tdbsam_search_state ) ;
TALLOC_FREE ( state ) ;
}
static bool tdbsam_search_next_entry ( struct pdb_search * search ,
struct samr_displayentry * entry )
{
struct tdbsam_search_state * state = talloc_get_type_abort (
search - > private_data , struct tdbsam_search_state ) ;
struct samu * user = NULL ;
NTSTATUS status ;
uint32_t rid ;
again :
TALLOC_FREE ( user ) ;
user = samu_new ( talloc_tos ( ) ) ;
if ( user = = NULL ) {
DEBUG ( 0 , ( " samu_new failed \n " ) ) ;
return false ;
}
if ( state - > current = = state - > num_rids ) {
return false ;
}
rid = state - > rids [ state - > current + + ] ;
status = tdbsam_getsampwrid ( state - > methods , user , rid ) ;
if ( NT_STATUS_EQUAL ( status , NT_STATUS_NO_SUCH_USER ) ) {
/*
* Someone has deleted that user since we listed the RIDs
*/
goto again ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 10 , ( " tdbsam_getsampwrid failed: %s \n " ,
nt_errstr ( status ) ) ) ;
TALLOC_FREE ( user ) ;
return false ;
}
if ( ( state - > acct_flags ! = 0 ) & &
( ( state - > acct_flags & pdb_get_acct_ctrl ( user ) ) = = 0 ) ) {
goto again ;
}
entry - > acct_flags = pdb_get_acct_ctrl ( user ) ;
entry - > rid = rid ;
entry - > account_name = talloc_strdup (
search - > mem_ctx , pdb_get_username ( user ) ) ;
entry - > fullname = talloc_strdup (
search - > mem_ctx , pdb_get_fullname ( user ) ) ;
entry - > description = talloc_strdup (
search - > mem_ctx , pdb_get_acct_desc ( user ) ) ;
TALLOC_FREE ( user ) ;
if ( ( entry - > account_name = = NULL ) | | ( entry - > fullname = = NULL )
| | ( entry - > description = = NULL ) ) {
DEBUG ( 0 , ( " talloc_strdup failed \n " ) ) ;
return false ;
}
return true ;
}
static bool tdbsam_search_users ( struct pdb_methods * methods ,
struct pdb_search * search ,
uint32 acct_flags )
{
struct tdbsam_search_state * state ;
if ( ! tdbsam_open ( tdbsam_filename ) ) {
DEBUG ( 0 , ( " tdbsam_getsampwnam: failed to open %s! \n " ,
tdbsam_filename ) ) ;
return false ;
}
state = TALLOC_ZERO_P ( search - > mem_ctx , struct tdbsam_search_state ) ;
if ( state = = NULL ) {
DEBUG ( 0 , ( " talloc failed \n " ) ) ;
return false ;
}
state - > acct_flags = acct_flags ;
state - > methods = methods ;
2008-03-14 20:35:38 +01:00
db_sam - > traverse_read ( db_sam , tdbsam_collect_rids , state ) ;
2007-12-24 12:58:40 +01:00
search - > private_data = state ;
search - > next_entry = tdbsam_search_next_entry ;
search - > search_end = tdbsam_search_end ;
return true ;
}
2006-02-15 18:26:06 +00:00
/*********************************************************************
Initialize the tdb sam backend . Setup the dispath table of methods ,
open the tdb , etc . . .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-01-13 18:20:37 +00:00
2006-02-11 21:27:08 +00:00
static NTSTATUS pdb_init_tdbsam ( struct pdb_methods * * pdb_method , const char * location )
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
{
NTSTATUS nt_status ;
2007-11-20 17:18:16 -08:00
char * tdbfile = NULL ;
2006-02-15 18:26:06 +00:00
const char * pfile = location ;
2002-07-15 10:35:28 +00:00
2006-02-11 21:27:08 +00:00
if ( ! NT_STATUS_IS_OK ( nt_status = make_pdb_method ( pdb_method ) ) ) {
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
return nt_status ;
}
2002-01-25 11:44:15 +00:00
( * pdb_method ) - > name = " tdbsam " ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
( * pdb_method ) - > getsampwnam = tdbsam_getsampwnam ;
2002-07-15 10:35:28 +00:00
( * pdb_method ) - > getsampwsid = tdbsam_getsampwsid ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
( * pdb_method ) - > add_sam_account = tdbsam_add_sam_account ;
( * pdb_method ) - > update_sam_account = tdbsam_update_sam_account ;
( * pdb_method ) - > delete_sam_account = tdbsam_delete_sam_account ;
2005-10-11 20:14:04 +00:00
( * pdb_method ) - > rename_sam_account = tdbsam_rename_sam_account ;
2007-12-24 12:58:40 +01:00
( * pdb_method ) - > search_users = tdbsam_search_users ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
2006-02-03 22:19:41 +00:00
( * pdb_method ) - > rid_algorithm = tdbsam_rid_algorithm ;
( * pdb_method ) - > new_rid = tdbsam_new_rid ;
2006-02-15 18:26:06 +00:00
/* save the path for later */
2007-11-20 17:18:16 -08:00
if ( ! location ) {
2007-12-30 03:12:11 +01:00
if ( asprintf ( & tdbfile , " %s/%s " , lp_private_dir ( ) ,
2007-12-24 14:12:54 +01:00
PASSDB_FILE_NAME ) < 0 ) {
2007-11-20 17:18:16 -08:00
return NT_STATUS_NO_MEMORY ;
}
2006-02-15 18:26:06 +00:00
pfile = tdbfile ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
}
2007-11-04 18:15:37 +01:00
tdbsam_filename = SMB_STRDUP ( pfile ) ;
2007-11-20 17:18:16 -08:00
if ( ! tdbsam_filename ) {
return NT_STATUS_NO_MEMORY ;
}
SAFE_FREE ( tdbfile ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
2006-02-15 18:26:06 +00:00
/* no private data */
2007-11-20 17:18:16 -08:00
2006-02-15 18:26:06 +00:00
( * pdb_method ) - > private_data = NULL ;
( * pdb_method ) - > free_private_data = NULL ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
return NT_STATUS_OK ;
}
2003-06-17 10:38:22 +00:00
NTSTATUS pdb_tdbsam_init ( void )
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
{
2003-06-17 10:38:22 +00:00
return smb_register_passdb ( PASSDB_INTERFACE_VERSION , " tdbsam " , pdb_init_tdbsam ) ;
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20 14:30:58 +00:00
}