summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-01-20 14:30:58 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-01-20 14:30:58 +0000
commit1a74d8d1f0758d15c5c35d20e33d9868565812cf (patch)
tree7a0f62e8228770198cc5bb36de355c290ac77b44 /source3/utils
parent32101155d4a0c80faf392f56a6baa7b91847dd99 (diff)
downloadsamba-1a74d8d1f0758d15c5c35d20e33d9868565812cf.tar.gz
samba-1a74d8d1f0758d15c5c35d20e33d9868565812cf.tar.bz2
samba-1a74d8d1f0758d15c5c35d20e33d9868565812cf.zip
This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the one in use in the auth subsystem. In this case, only one backend may be active at a time by the 'normal' interface, and only one backend per passdb_context is permitted outside that. This pluggable interface is designed to allow any number of passdb backends to be compiled in, with the selection at runtime. The 'passdb backend' paramater has been created (and documented!) to support this. As such, configure has been modfied to allow (for example) --with-ldap and the old smbpasswd to be selected at the same time. This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua. These two backends accept 'non unix accounts', where the user does *not* exist in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to avoid conflicts in the algroitmic mapping of RIDs, they use the values specified in the 'non unix account range' paramter - in the same way as the winbind ranges are specifed. While I was at it, I cleaned up some of the code in pdb_tdb (code copied directly from smbpasswd and not really considered properly). Most of this was to do with % macro expansion on stored data. It isn't easy to get the macros into the tdb, and the first password change will 'expand' them. tdbsam needs to use a similar system to pdb_ldap in this regard. This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I don't have the test facilities for these. I plan to incoroprate at least pdb_ldap into this scheme after consultation with Jerry. Each (converted) passdb module now no longer has any 'static' variables, and only exports 1 init function outside its .c file. The non-unix-account support in this patch has been proven! It is now possible to join a win2k machine to a Samba PDC without an account in /etc/passwd! Other changes: Minor interface adjustments: pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*. pdb_update_sam_account() no longer takes the 'override' argument that was being ignored so often (every other passdb backend). Extra checks have been added in some places. Minor code changes: smbpasswd no longer attempts to initialise the passdb at startup, this is now done on first use. pdbedit has lost some of its 'machine account' logic, as this behaviour is now controlled by the passdb subsystem directly. The samr subsystem no longer calls 'local password change', but does the pdb interactions directly. This allow the ACB_ flags specifed to be transferred direct to the backend, without interference. Doco: I've updated the doco to reflect some of the changes, and removed some paramters no longer applicable to HEAD. (This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/pdbedit.c61
-rw-r--r--source3/utils/smbpasswd.c5
2 files changed, 26 insertions, 40 deletions
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index ae600f6a6a..33b62ebd42 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -21,14 +21,6 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-/* base uid for trust accounts is set to 60000 !
- * May be we should add the defines in smb.h to make it possible having
- * different values on different platforms?
- */
-
-#define BASE_MACHINE_UID 60000
-#define MAX_MACHINE_UID 65500 /* 5500 trust accounts aren't enough? */
-
#include "includes.h"
extern pstring global_myname;
@@ -213,7 +205,7 @@ static int set_user_info (char *username, char *fullname, char *homedir, char *d
if (profile)
pdb_set_profile_path (sam_pwent, profile, True);
- if (pdb_update_sam_account (sam_pwent, True))
+ if (pdb_update_sam_account (sam_pwent))
print_user_info (username, True, False);
else {
fprintf (stderr, "Unable to modify entry!\n");
@@ -284,10 +276,8 @@ static int new_user (char *username, char *fullname, char *homedir, char *drive,
static int new_machine (char *machinename)
{
SAM_ACCOUNT *sam_pwent=NULL;
- SAM_ACCOUNT *sam_trust=NULL;
char name[16];
char *password = NULL;
- uid_t uid;
pdb_init_sam (&sam_pwent);
@@ -304,23 +294,6 @@ static int new_machine (char *machinename)
pdb_set_username (sam_pwent, name);
- for (uid=BASE_MACHINE_UID; uid<=MAX_MACHINE_UID; uid++) {
- pdb_init_sam (&sam_trust);
- if (pdb_getsampwrid (sam_trust, pdb_uid_to_user_rid (uid))) {
- pdb_free_sam (&sam_trust);
- } else {
- break;
- }
- }
-
- if (uid>MAX_MACHINE_UID) {
- fprintf (stderr, "No more free UIDs available to Machine accounts!\n");
- pdb_free_sam(&sam_pwent);
- return -1;
- }
-
- pdb_set_user_rid (sam_pwent,pdb_uid_to_user_rid (uid));
- pdb_set_group_rid (sam_pwent, pdb_gid_to_group_rid (BASE_MACHINE_UID));
pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
if (pdb_add_sam_account (sam_pwent)) {
@@ -340,7 +313,16 @@ static int new_machine (char *machinename)
static int delete_user_entry (char *username)
{
- return pdb_delete_sam_account (username);
+ SAM_ACCOUNT *samaccount;
+
+ pdb_init_sam(&samaccount);
+
+ if (!pdb_getsampwnam(samaccount, username)) {
+ fprintf (stderr, "user %s does not exist in the passdb\n", username);
+ return -1;
+ }
+
+ return pdb_delete_sam_account (samaccount);
}
/*********************************************************
@@ -350,11 +332,20 @@ static int delete_user_entry (char *username)
static int delete_machine_entry (char *machinename)
{
char name[16];
+ SAM_ACCOUNT *samaccount;
safe_strcpy (name, machinename, 16);
if (name[strlen(name)] != '$')
safe_strcat (name, "$", 16);
- return pdb_delete_sam_account (name);
+
+ pdb_init_sam(&samaccount);
+
+ if (!pdb_getsampwnam(samaccount, name)) {
+ fprintf (stderr, "user %s does not exist in the passdb\n", name);
+ return -1;
+ }
+
+ return pdb_delete_sam_account (samaccount);
}
/*********************************************************
@@ -564,11 +555,6 @@ int main (int argc, char **argv)
return 0;
}
- if(!initialize_password_db(True)) {
- fprintf(stderr, "Can't setup password database vectors.\n");
- exit(1);
- }
-
DEBUGLEVEL = 1;
AllowDebugChange = False;
@@ -578,6 +564,11 @@ int main (int argc, char **argv)
exit(1);
}
+ if(!initialize_password_db(True)) {
+ fprintf(stderr, "Can't setup password database vectors.\n");
+ exit(1);
+ }
+
while ((ch = getopt(argc, argv, "ad:f:h:i:lmp:s:u:vwx")) != EOF) {
switch(ch) {
case 'a':
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 6a20e71d96..a4abca2ce6 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -575,11 +575,6 @@ int main(int argc, char **argv)
setup_logging("smbpasswd", True);
- if(!initialize_password_db(True)) {
- fprintf(stderr, "Can't setup password database vectors.\n");
- exit(1);
- }
-
if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
fprintf(stderr, "Can't load %s - run testparm to debug it\n",
dyn_CONFIGFILE);