summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/docbook/devdoc/encryption.sgml196
-rw-r--r--docs/docbook/projdoc/pdb_xml.sgml42
-rw-r--r--docs/docbook/projdoc/upgrading-to-3.0.sgml19
-rw-r--r--docs/htmldocs/p1346.html917
-rw-r--r--docs/htmldocs/p18.html438
-rw-r--r--docs/htmldocs/p3106.html391
-rw-r--r--docs/htmldocs/p544.html388
-rw-r--r--source3/include/libsmb_internal.h67
-rw-r--r--source3/passdb/pdb_mysql.c1032
-rw-r--r--source3/passdb/pdb_xml.c567
10 files changed, 4057 insertions, 0 deletions
diff --git a/docs/docbook/devdoc/encryption.sgml b/docs/docbook/devdoc/encryption.sgml
new file mode 100644
index 0000000000..7d95edd34a
--- /dev/null
+++ b/docs/docbook/devdoc/encryption.sgml
@@ -0,0 +1,196 @@
+<chapter id="pwencrypt">
+
+
+<chapterinfo>
+ <author>
+ <firstname>Jeremy</firstname><surname>Allison</surname>
+ <affiliation>
+ <orgname>Samba Team</orgname>
+ <address>
+ <email>samba@samba.org</email>
+ </address>
+ </affiliation>
+ </author>
+
+ <pubdate>19 Apr 1999</pubdate>
+</chapterinfo>
+
+<title>LanMan and NT Password Encryption</title>
+
+<sect1>
+ <title>Introduction</title>
+
+ <para>With the development of LanManager and Windows NT
+ compatible password encryption for Samba, it is now able
+ to validate user connections in exactly the same way as
+ a LanManager or Windows NT server.</para>
+
+ <para>This document describes how the SMB password encryption
+ algorithm works and what issues there are in choosing whether
+ you want to use it. You should read it carefully, especially
+ the part about security and the "PROS and CONS" section.</para>
+
+</sect1>
+
+<sect1>
+ <title>How does it work?</title>
+
+ <para>LanManager encryption is somewhat similar to UNIX
+ password encryption. The server uses a file containing a
+ hashed value of a user's password. This is created by taking
+ the user's plaintext password, capitalising it, and either
+ truncating to 14 bytes or padding to 14 bytes with null bytes.
+ This 14 byte value is used as two 56 bit DES keys to encrypt
+ a 'magic' eight byte value, forming a 16 byte value which is
+ stored by the server and client. Let this value be known as
+ the "hashed password".</para>
+
+ <para>Windows NT encryption is a higher quality mechanism,
+ consisting of doing an MD4 hash on a Unicode version of the user's
+ password. This also produces a 16 byte hash value that is
+ non-reversible.</para>
+
+ <para>When a client (LanManager, Windows for WorkGroups, Windows
+ 95 or Windows NT) wishes to mount a Samba drive (or use a Samba
+ resource), it first requests a connection and negotiates the
+ protocol that the client and server will use. In the reply to this
+ request the Samba server generates and appends an 8 byte, random
+ value - this is stored in the Samba server after the reply is sent
+ and is known as the "challenge". The challenge is different for
+ every client connection.</para>
+
+ <para>The client then uses the hashed password (16 byte values
+ described above), appended with 5 null bytes, as three 56 bit
+ DES keys, each of which is used to encrypt the challenge 8 byte
+ value, forming a 24 byte value known as the "response".</para>
+
+ <para>In the SMB call SMBsessionsetupX (when user level security
+ is selected) or the call SMBtconX (when share level security is
+ selected), the 24 byte response is returned by the client to the
+ Samba server. For Windows NT protocol levels the above calculation
+ is done on both hashes of the user's password and both responses are
+ returned in the SMB call, giving two 24 byte values.</para>
+
+ <para>The Samba server then reproduces the above calculation, using
+ its own stored value of the 16 byte hashed password (read from the
+ <filename>smbpasswd</filename> file - described later) and the challenge
+ value that it kept from the negotiate protocol reply. It then checks
+ to see if the 24 byte value it calculates matches the 24 byte value
+ returned to it from the client.</para>
+
+ <para>If these values match exactly, then the client knew the
+ correct password (or the 16 byte hashed value - see security note
+ below) and is thus allowed access. If not, then the client did not
+ know the correct password and is denied access.</para>
+
+ <para>Note that the Samba server never knows or stores the cleartext
+ of the user's password - just the 16 byte hashed values derived from
+ it. Also note that the cleartext password or 16 byte hashed values
+ are never transmitted over the network - thus increasing security.</para>
+</sect1>
+
+<sect1>
+ <title><anchor id="SMBPASSWDFILEFORMAT">The smbpasswd file</title>
+
+ <para>In order for Samba to participate in the above protocol
+ it must be able to look up the 16 byte hashed values given a user name.
+ Unfortunately, as the UNIX password value is also a one way hash
+ function (ie. it is impossible to retrieve the cleartext of the user's
+ password given the UNIX hash of it), a separate password file
+ containing this 16 byte value must be kept. To minimise problems with
+ these two password files, getting out of sync, the UNIX <filename>
+ /etc/passwd</filename> and the <filename>smbpasswd</filename> file,
+ a utility, <command>mksmbpasswd.sh</command>, is provided to generate
+ a smbpasswd file from a UNIX <filename>/etc/passwd</filename> file.
+ </para
+
+
+ <para>To generate the smbpasswd file from your <filename>/etc/passwd
+ </filename> file use the following command :</para>
+
+ <para><prompt>$ </prompt><userinput>cat /etc/passwd | mksmbpasswd.sh
+ &gt; /usr/local/samba/private/smbpasswd</userinput></para>
+
+ <para>If you are running on a system that uses NIS, use</para>
+
+ <para><prompt>$ </prompt><userinput>ypcat passwd | mksmbpasswd.sh
+ &gt; /usr/local/samba/private/smbpasswd</userinput></para>
+
+ <para>The <command>mksmbpasswd.sh</command> program is found in
+ the Samba source directory. By default, the smbpasswd file is
+ stored in :</para>
+
+ <para><filename>/usr/local/samba/private/smbpasswd</filename></para>
+
+ <para>The owner of the <filename>/usr/local/samba/private/</filename>
+ directory should be set to root, and the permissions on it should
+ be set to 0500 (<command>chmod 500 /usr/local/samba/private</command>).
+ </para>
+
+ <para>Likewise, the smbpasswd file inside the private directory should
+ be owned by root and the permissions on is should be set to 0600
+ (<command>chmod 600 smbpasswd</command>).</para>
+
+
+ <para>The format of the smbpasswd file is (The line has been
+ wrapped here. It should appear as one entry per line in
+ your smbpasswd file.)</para>
+
+ <para><programlisting>
+username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
+ [Account type]:LCT-&lt;last-change-time&gt;:Long name
+ </programlisting></para>
+
+ <para>Although only the <replaceable>username</replaceable>,
+ <replaceable>uid</replaceable>, <replaceable>
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</replaceable>,
+ [<replaceable>Account type</replaceable>] and <replaceable>
+ last-change-time</replaceable> sections are significant
+ and are looked at in the Samba code.</para>
+
+ <para>It is <emphasis>VITALLY</emphasis> important that there by 32
+ 'X' characters between the two ':' characters in the XXX sections -
+ the smbpasswd and Samba code will fail to validate any entries that
+ do not have 32 characters between ':' characters. The first XXX
+ section is for the Lanman password hash, the second is for the
+ Windows NT version.</para>
+
+ <para>When the password file is created all users have password entries
+ consisting of 32 'X' characters. By default this disallows any access
+ as this user. When a user has a password set, the 'X' characters change
+ to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii
+ representation of the 16 byte hashed value of a user's password.</para>
+
+ <para>To set a user to have no password (not recommended), edit the file
+ using vi, and replace the first 11 characters with the ascii text
+ <constant>"NO PASSWORD"</constant> (minus the quotes).</para>
+
+ <para>For example, to clear the password for user bob, his smbpasswd file
+ entry would look like :</para>
+
+ <para><programlisting>
+ bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Bob's full name:/bobhome:/bobshell
+ </programlisting></para>
+
+ <para>If you are allowing users to use the smbpasswd command to set
+ their own passwords, you may want to give users NO PASSWORD initially
+ so they do not have to enter a previous password when changing to their
+ new password (not recommended). In order for you to allow this the
+ <command>smbpasswd</command> program must be able to connect to the
+ <command>smbd</command> daemon as that user with no password. Enable this
+ by adding the line :</para>
+
+ <para><command>null passwords = yes</command></para>
+
+ <para>to the [global] section of the smb.conf file (this is why
+ the above scenario is not recommended). Preferably, allocate your
+ users a default password to begin with, so you do not have
+ to enable this on your server.</para>
+
+ <para><emphasis>Note : </emphasis>This file should be protected very
+ carefully. Anyone with access to this file can (with enough knowledge of
+ the protocols) gain access to your SMB server. The file is thus more
+ sensitive than a normal unix <filename>/etc/passwd</filename> file.</para>
+</sect1>
+
+</chapter>
diff --git a/docs/docbook/projdoc/pdb_xml.sgml b/docs/docbook/projdoc/pdb_xml.sgml
new file mode 100644
index 0000000000..87afb7b401
--- /dev/null
+++ b/docs/docbook/projdoc/pdb_xml.sgml
@@ -0,0 +1,42 @@
+<chapter id="pdb-xml">
+<chapterinfo>
+ <author>
+ <firstname>Jelmer</firstname><surname>Vernooij</surname>
+ <affiliation>
+ <orgname>The Samba Team</orgname>
+ <address><email>jelmer@samba.org</email></address>
+ </affiliation>
+ </author>
+ <pubdate>November 2002</pubdate>
+</chapterinfo>
+
+<title>Passdb XML plugin</title>
+
+<sect1>
+<title>Building</title>
+
+<para>This module requires libxml2 to be installed.</para>
+
+<para>To build pdb_xml, run: <command>make bin/pdb_xml.so</command> in
+the directory <filename>source/</filename>. </para>
+
+</sect1>
+
+<sect1>
+<title>Usage</title>
+
+<para>The usage of pdb_xml is pretty straightforward. To export data, use:
+
+<command>pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filename</command>
+
+(where filename is the name of the file to put the data in)
+</para>
+
+<para>
+To import data, use:
+<command>pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdb</command>
+
+Where filename is the name to read the data from and current-pdb to put it in.
+</para>
+</sect1>
+</chapter>
diff --git a/docs/docbook/projdoc/upgrading-to-3.0.sgml b/docs/docbook/projdoc/upgrading-to-3.0.sgml
new file mode 100644
index 0000000000..5b6b8dd635
--- /dev/null
+++ b/docs/docbook/projdoc/upgrading-to-3.0.sgml
@@ -0,0 +1,19 @@
+<chapter id="upgrading-to-3.0">
+<chapterinfo>
+ <author>
+ <firstname>Jelmer</firstname><surname>Vernooij</surname>
+ <affiliation>Samba Team</affiliation>
+ </author>
+ <pubdate>25 October 2002</pubdate>
+</chapterinfo>
+
+<title>Issues when upgrading from 2.2 to 3.0</title>
+
+<sect1>
+<title>Charsets</title>
+
+FIXME
+
+</sect1>
+
+</chapter>
diff --git a/docs/htmldocs/p1346.html b/docs/htmldocs/p1346.html
new file mode 100644
index 0000000000..e558561800
--- /dev/null
+++ b/docs/htmldocs/p1346.html
@@ -0,0 +1,917 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>Optional configuration</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK
+REL="HOME"
+TITLE="SAMBA Project Documentation"
+HREF="samba-howto-collection.html"><LINK
+REL="PREVIOUS"
+TITLE="Samba as a NT4 domain member"
+HREF="domain-security.html"><LINK
+REL="NEXT"
+TITLE="Integrating MS Windows networks with Samba"
+HREF="integrate-ms-networks.html"></HEAD
+><BODY
+CLASS="PART"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>SAMBA Project Documentation</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="domain-security.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="integrate-ms-networks.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
+><DIV
+CLASS="PART"
+><A
+NAME="AEN1346"
+></A
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+>III. Optional configuration</H1
+><DIV
+CLASS="PARTINTRO"
+><A
+NAME="AEN1348"
+></A
+><H1
+>Introduction</H1
+><P
+>Samba has several features that you might want or might not want to use. The chapters in this
+part each cover one specific feature.</P
+></DIV
+><DIV
+CLASS="TOC"
+><DL
+><DT
+><B
+>Table of Contents</B
+></DT
+><DT
+>10. <A
+HREF="integrate-ms-networks.html"
+>Integrating MS Windows networks with Samba</A
+></DT
+><DD
+><DL
+><DT
+>10.1. <A
+HREF="integrate-ms-networks.html#AEN1362"
+>Agenda</A
+></DT
+><DT
+>10.2. <A
+HREF="integrate-ms-networks.html#AEN1384"
+>Name Resolution in a pure Unix/Linux world</A
+></DT
+><DD
+><DL
+><DT
+>10.2.1. <A
+HREF="integrate-ms-networks.html#AEN1400"
+><TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+></A
+></DT
+><DT
+>10.2.2. <A
+HREF="integrate-ms-networks.html#AEN1416"
+><TT
+CLASS="FILENAME"
+>/etc/resolv.conf</TT
+></A
+></DT
+><DT
+>10.2.3. <A
+HREF="integrate-ms-networks.html#AEN1427"
+><TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+></A
+></DT
+><DT
+>10.2.4. <A
+HREF="integrate-ms-networks.html#AEN1435"
+><TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+></A
+></DT
+></DL
+></DD
+><DT
+>10.3. <A
+HREF="integrate-ms-networks.html#AEN1447"
+>Name resolution as used within MS Windows networking</A
+></DT
+><DD
+><DL
+><DT
+>10.3.1. <A
+HREF="integrate-ms-networks.html#AEN1459"
+>The NetBIOS Name Cache</A
+></DT
+><DT
+>10.3.2. <A
+HREF="integrate-ms-networks.html#AEN1464"
+>The LMHOSTS file</A
+></DT
+><DT
+>10.3.3. <A
+HREF="integrate-ms-networks.html#AEN1472"
+>HOSTS file</A
+></DT
+><DT
+>10.3.4. <A
+HREF="integrate-ms-networks.html#AEN1477"
+>DNS Lookup</A
+></DT
+><DT
+>10.3.5. <A
+HREF="integrate-ms-networks.html#AEN1480"
+>WINS Lookup</A
+></DT
+></DL
+></DD
+><DT
+>10.4. <A
+HREF="integrate-ms-networks.html#AEN1492"
+>How browsing functions and how to deploy stable and
+dependable browsing using Samba</A
+></DT
+><DT
+>10.5. <A
+HREF="integrate-ms-networks.html#AEN1502"
+>MS Windows security options and how to configure
+Samba for seemless integration</A
+></DT
+><DD
+><DL
+><DT
+>10.5.1. <A
+HREF="integrate-ms-networks.html#AEN1530"
+>Use MS Windows NT as an authentication server</A
+></DT
+><DT
+>10.5.2. <A
+HREF="integrate-ms-networks.html#AEN1538"
+>Make Samba a member of an MS Windows NT security domain</A
+></DT
+><DT
+>10.5.3. <A
+HREF="integrate-ms-networks.html#AEN1555"
+>Configure Samba as an authentication server</A
+></DT
+></DL
+></DD
+><DT
+>10.6. <A
+HREF="integrate-ms-networks.html#AEN1572"
+>Conclusions</A
+></DT
+></DL
+></DD
+><DT
+>11. <A
+HREF="unix-permissions.html"
+>UNIX Permission Bits and Windows NT Access Control Lists</A
+></DT
+><DD
+><DL
+><DT
+>11.1. <A
+HREF="unix-permissions.html#AEN1593"
+>Viewing and changing UNIX permissions using the NT
+ security dialogs</A
+></DT
+><DT
+>11.2. <A
+HREF="unix-permissions.html#AEN1602"
+>How to view file security on a Samba share</A
+></DT
+><DT
+>11.3. <A
+HREF="unix-permissions.html#AEN1613"
+>Viewing file ownership</A
+></DT
+><DT
+>11.4. <A
+HREF="unix-permissions.html#AEN1633"
+>Viewing file or directory permissions</A
+></DT
+><DD
+><DL
+><DT
+>11.4.1. <A
+HREF="unix-permissions.html#AEN1648"
+>File Permissions</A
+></DT
+><DT
+>11.4.2. <A
+HREF="unix-permissions.html#AEN1662"
+>Directory Permissions</A
+></DT
+></DL
+></DD
+><DT
+>11.5. <A
+HREF="unix-permissions.html#AEN1669"
+>Modifying file or directory permissions</A
+></DT
+><DT
+>11.6. <A
+HREF="unix-permissions.html#AEN1691"
+>Interaction with the standard Samba create mask
+ parameters</A
+></DT
+><DT
+>11.7. <A
+HREF="unix-permissions.html#AEN1755"
+>Interaction with the standard Samba file attribute
+ mapping</A
+></DT
+></DL
+></DD
+><DT
+>12. <A
+HREF="pam.html"
+>Configuring PAM for distributed but centrally
+managed authentication</A
+></DT
+><DD
+><DL
+><DT
+>12.1. <A
+HREF="pam.html#AEN1776"
+>Samba and PAM</A
+></DT
+><DT
+>12.2. <A
+HREF="pam.html#AEN1820"
+>Distributed Authentication</A
+></DT
+><DT
+>12.3. <A
+HREF="pam.html#AEN1827"
+>PAM Configuration in smb.conf</A
+></DT
+></DL
+></DD
+><DT
+>13. <A
+HREF="msdfs.html"
+>Hosting a Microsoft Distributed File System tree on Samba</A
+></DT
+><DD
+><DL
+><DT
+>13.1. <A
+HREF="msdfs.html#AEN1847"
+>Instructions</A
+></DT
+><DD
+><DL
+><DT
+>13.1.1. <A
+HREF="msdfs.html#AEN1882"
+>Notes</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>14. <A
+HREF="printing.html"
+>Printing Support</A
+></DT
+><DD
+><DL
+><DT
+>14.1. <A
+HREF="printing.html#AEN1908"
+>Introduction</A
+></DT
+><DT
+>14.2. <A
+HREF="printing.html#AEN1930"
+>Configuration</A
+></DT
+><DD
+><DL
+><DT
+>14.2.1. <A
+HREF="printing.html#AEN1938"
+>Creating [print$]</A
+></DT
+><DT
+>14.2.2. <A
+HREF="printing.html#AEN1973"
+>Setting Drivers for Existing Printers</A
+></DT
+><DT
+>14.2.3. <A
+HREF="printing.html#AEN1989"
+>Support a large number of printers</A
+></DT
+><DT
+>14.2.4. <A
+HREF="printing.html#AEN2000"
+>Adding New Printers via the Windows NT APW</A
+></DT
+><DT
+>14.2.5. <A
+HREF="printing.html#AEN2030"
+>Samba and Printer Ports</A
+></DT
+></DL
+></DD
+><DT
+>14.3. <A
+HREF="printing.html#AEN2038"
+>The Imprints Toolset</A
+></DT
+><DD
+><DL
+><DT
+>14.3.1. <A
+HREF="printing.html#AEN2042"
+>What is Imprints?</A
+></DT
+><DT
+>14.3.2. <A
+HREF="printing.html#AEN2052"
+>Creating Printer Driver Packages</A
+></DT
+><DT
+>14.3.3. <A
+HREF="printing.html#AEN2055"
+>The Imprints server</A
+></DT
+><DT
+>14.3.4. <A
+HREF="printing.html#AEN2059"
+>The Installation Client</A
+></DT
+></DL
+></DD
+><DT
+>14.4. <A
+HREF="printing.html#AEN2081"
+>Diagnosis</A
+></DT
+><DD
+><DL
+><DT
+>14.4.1. <A
+HREF="printing.html#AEN2083"
+>Introduction</A
+></DT
+><DT
+>14.4.2. <A
+HREF="printing.html#AEN2099"
+>Debugging printer problems</A
+></DT
+><DT
+>14.4.3. <A
+HREF="printing.html#AEN2108"
+>What printers do I have?</A
+></DT
+><DT
+>14.4.4. <A
+HREF="printing.html#AEN2116"
+>Setting up printcap and print servers</A
+></DT
+><DT
+>14.4.5. <A
+HREF="printing.html#AEN2144"
+>Job sent, no output</A
+></DT
+><DT
+>14.4.6. <A
+HREF="printing.html#AEN2155"
+>Job sent, strange output</A
+></DT
+><DT
+>14.4.7. <A
+HREF="printing.html#AEN2167"
+>Raw PostScript printed</A
+></DT
+><DT
+>14.4.8. <A
+HREF="printing.html#AEN2170"
+>Advanced Printing</A
+></DT
+><DT
+>14.4.9. <A
+HREF="printing.html#AEN2173"
+>Real debugging</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>15. <A
+HREF="securitylevels.html"
+>Security levels</A
+></DT
+><DD
+><DL
+><DT
+>15.1. <A
+HREF="securitylevels.html#AEN2186"
+>Introduction</A
+></DT
+><DT
+>15.2. <A
+HREF="securitylevels.html#AEN2197"
+>More complete description of security levels</A
+></DT
+></DL
+></DD
+><DT
+>16. <A
+HREF="winbind.html"
+>Unified Logons between Windows NT and UNIX using Winbind</A
+></DT
+><DD
+><DL
+><DT
+>16.1. <A
+HREF="winbind.html#AEN2249"
+>Abstract</A
+></DT
+><DT
+>16.2. <A
+HREF="winbind.html#AEN2253"
+>Introduction</A
+></DT
+><DT
+>16.3. <A
+HREF="winbind.html#AEN2266"
+>What Winbind Provides</A
+></DT
+><DD
+><DL
+><DT
+>16.3.1. <A
+HREF="winbind.html#AEN2273"
+>Target Uses</A
+></DT
+></DL
+></DD
+><DT
+>16.4. <A
+HREF="winbind.html#AEN2277"
+>How Winbind Works</A
+></DT
+><DD
+><DL
+><DT
+>16.4.1. <A
+HREF="winbind.html#AEN2282"
+>Microsoft Remote Procedure Calls</A
+></DT
+><DT
+>16.4.2. <A
+HREF="winbind.html#AEN2286"
+>Name Service Switch</A
+></DT
+><DT
+>16.4.3. <A
+HREF="winbind.html#AEN2302"
+>Pluggable Authentication Modules</A
+></DT
+><DT
+>16.4.4. <A
+HREF="winbind.html#AEN2310"
+>User and Group ID Allocation</A
+></DT
+><DT
+>16.4.5. <A
+HREF="winbind.html#AEN2314"
+>Result Caching</A
+></DT
+></DL
+></DD
+><DT
+>16.5. <A
+HREF="winbind.html#AEN2317"
+>Installation and Configuration</A
+></DT
+><DD
+><DL
+><DT
+>16.5.1. <A
+HREF="winbind.html#AEN2324"
+>Introduction</A
+></DT
+><DT
+>16.5.2. <A
+HREF="winbind.html#AEN2337"
+>Requirements</A
+></DT
+><DT
+>16.5.3. <A
+HREF="winbind.html#AEN2351"
+>Testing Things Out</A
+></DT
+></DL
+></DD
+><DT
+>16.6. <A
+HREF="winbind.html#AEN2566"
+>Limitations</A
+></DT
+><DT
+>16.7. <A
+HREF="winbind.html#AEN2576"
+>Conclusion</A
+></DT
+></DL
+></DD
+><DT
+>17. <A
+HREF="pdb-mysql.html"
+>Passdb MySQL plugin</A
+></DT
+><DD
+><DL
+><DT
+>17.1. <A
+HREF="pdb-mysql.html#AEN2590"
+>Building</A
+></DT
+><DT
+>17.2. <A
+HREF="pdb-mysql.html#AEN2596"
+>Configuring</A
+></DT
+><DT
+>17.3. <A
+HREF="pdb-mysql.html#AEN2611"
+>Using plaintext passwords or encrypted password</A
+></DT
+><DT
+>17.4. <A
+HREF="pdb-mysql.html#AEN2616"
+>Getting non-column data from the table</A
+></DT
+></DL
+></DD
+><DT
+>18. <A
+HREF="pdb-xml.html"
+>Passdb XML plugin</A
+></DT
+><DD
+><DL
+><DT
+>18.1. <A
+HREF="pdb-xml.html#AEN2635"
+>Building</A
+></DT
+><DT
+>18.2. <A
+HREF="pdb-xml.html#AEN2641"
+>Usage</A
+></DT
+></DL
+></DD
+><DT
+>19. <A
+HREF="samba-ldap-howto.html"
+>Storing Samba's User/Machine Account information in an LDAP Directory</A
+></DT
+><DD
+><DL
+><DT
+>19.1. <A
+HREF="samba-ldap-howto.html#AEN2664"
+>Purpose</A
+></DT
+><DT
+>19.2. <A
+HREF="samba-ldap-howto.html#AEN2684"
+>Introduction</A
+></DT
+><DT
+>19.3. <A
+HREF="samba-ldap-howto.html#AEN2713"
+>Supported LDAP Servers</A
+></DT
+><DT
+>19.4. <A
+HREF="samba-ldap-howto.html#AEN2718"
+>Schema and Relationship to the RFC 2307 posixAccount</A
+></DT
+><DT
+>19.5. <A
+HREF="samba-ldap-howto.html#AEN2730"
+>Configuring Samba with LDAP</A
+></DT
+><DD
+><DL
+><DT
+>19.5.1. <A
+HREF="samba-ldap-howto.html#AEN2732"
+>OpenLDAP configuration</A
+></DT
+><DT
+>19.5.2. <A
+HREF="samba-ldap-howto.html#AEN2749"
+>Configuring Samba</A
+></DT
+></DL
+></DD
+><DT
+>19.6. <A
+HREF="samba-ldap-howto.html#AEN2777"
+>Accounts and Groups management</A
+></DT
+><DT
+>19.7. <A
+HREF="samba-ldap-howto.html#AEN2782"
+>Security and sambaAccount</A
+></DT
+><DT
+>19.8. <A
+HREF="samba-ldap-howto.html#AEN2802"
+>LDAP specials attributes for sambaAccounts</A
+></DT
+><DT
+>19.9. <A
+HREF="samba-ldap-howto.html#AEN2872"
+>Example LDIF Entries for a sambaAccount</A
+></DT
+><DT
+>19.10. <A
+HREF="samba-ldap-howto.html#AEN2880"
+>Comments</A
+></DT
+></DL
+></DD
+><DT
+>20. <A
+HREF="cvs-access.html"
+>HOWTO Access Samba source code via CVS</A
+></DT
+><DD
+><DL
+><DT
+>20.1. <A
+HREF="cvs-access.html#AEN2891"
+>Introduction</A
+></DT
+><DT
+>20.2. <A
+HREF="cvs-access.html#AEN2896"
+>CVS Access to samba.org</A
+></DT
+><DD
+><DL
+><DT
+>20.2.1. <A
+HREF="cvs-access.html#AEN2899"
+>Access via CVSweb</A
+></DT
+><DT
+>20.2.2. <A
+HREF="cvs-access.html#AEN2904"
+>Access via cvs</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>21. <A
+HREF="groupmapping.html"
+>Group mapping HOWTO</A
+></DT
+><DT
+>22. <A
+HREF="speed.html"
+>Samba performance issues</A
+></DT
+><DD
+><DL
+><DT
+>22.1. <A
+HREF="speed.html#AEN2982"
+>Comparisons</A
+></DT
+><DT
+>22.2. <A
+HREF="speed.html#AEN2988"
+>Oplocks</A
+></DT
+><DD
+><DL
+><DT
+>22.2.1. <A
+HREF="speed.html#AEN2990"
+>Overview</A
+></DT
+><DT
+>22.2.2. <A
+HREF="speed.html#AEN2998"
+>Level2 Oplocks</A
+></DT
+><DT
+>22.2.3. <A
+HREF="speed.html#AEN3004"
+>Old 'fake oplocks' option - deprecated</A
+></DT
+></DL
+></DD
+><DT
+>22.3. <A
+HREF="speed.html#AEN3008"
+>Socket options</A
+></DT
+><DT
+>22.4. <A
+HREF="speed.html#AEN3015"
+>Read size</A
+></DT
+><DT
+>22.5. <A
+HREF="speed.html#AEN3020"
+>Max xmit</A
+></DT
+><DT
+>22.6. <A
+HREF="speed.html#AEN3025"
+>Locking</A
+></DT
+><DT
+>22.7. <A
+HREF="speed.html#AEN3029"
+>Share modes</A
+></DT
+><DT
+>22.8. <A
+HREF="speed.html#AEN3034"
+>Log level</A
+></DT
+><DT
+>22.9. <A
+HREF="speed.html#AEN3037"
+>Wide lines</A
+></DT
+><DT
+>22.10. <A
+HREF="speed.html#AEN3040"
+>Read raw</A
+></DT
+><DT
+>22.11. <A
+HREF="speed.html#AEN3045"
+>Write raw</A
+></DT
+><DT
+>22.12. <A
+HREF="speed.html#AEN3049"
+>Read prediction</A
+></DT
+><DT
+>22.13. <A
+HREF="speed.html#AEN3056"
+>Memory mapping</A
+></DT
+><DT
+>22.14. <A
+HREF="speed.html#AEN3061"
+>Slow Clients</A
+></DT
+><DT
+>22.15. <A
+HREF="speed.html#AEN3065"
+>Slow Logins</A
+></DT
+><DT
+>22.16. <A
+HREF="speed.html#AEN3068"
+>Client tuning</A
+></DT
+><DT
+>22.17. <A
+HREF="speed.html#AEN3100"
+>My Results</A
+></DT
+></DL
+></DD
+></DL
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="domain-security.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="samba-howto-collection.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="integrate-ms-networks.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>Samba as a NT4 domain member</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>Integrating MS Windows networks with Samba</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file
diff --git a/docs/htmldocs/p18.html b/docs/htmldocs/p18.html
new file mode 100644
index 0000000000..a8f2a3c53c
--- /dev/null
+++ b/docs/htmldocs/p18.html
@@ -0,0 +1,438 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>General installation</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK
+REL="HOME"
+TITLE="SAMBA Project Documentation"
+HREF="samba-howto-collection.html"><LINK
+REL="PREVIOUS"
+TITLE="SAMBA Project Documentation"
+HREF="samba-howto-collection.html"><LINK
+REL="NEXT"
+TITLE="How to Install and Test SAMBA"
+HREF="install.html"></HEAD
+><BODY
+CLASS="PART"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>SAMBA Project Documentation</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="samba-howto-collection.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="install.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
+><DIV
+CLASS="PART"
+><A
+NAME="AEN18"
+></A
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+>I. General installation</H1
+><DIV
+CLASS="PARTINTRO"
+><A
+NAME="AEN20"
+></A
+><H1
+>Introduction</H1
+><P
+>This part contains general info on how to install samba
+and how to configure the parts of samba you will most likely need.
+PLEASE read this.</P
+></DIV
+><DIV
+CLASS="TOC"
+><DL
+><DT
+><B
+>Table of Contents</B
+></DT
+><DT
+>1. <A
+HREF="install.html"
+>How to Install and Test SAMBA</A
+></DT
+><DD
+><DL
+><DT
+>1.1. <A
+HREF="install.html#AEN25"
+>Read the man pages</A
+></DT
+><DT
+>1.2. <A
+HREF="install.html#AEN35"
+>Building the Binaries</A
+></DT
+><DT
+>1.3. <A
+HREF="install.html#AEN63"
+>The all important step</A
+></DT
+><DT
+>1.4. <A
+HREF="install.html#AEN67"
+>Create the smb configuration file.</A
+></DT
+><DT
+>1.5. <A
+HREF="install.html#AEN81"
+>Test your config file with
+ <B
+CLASS="COMMAND"
+>testparm</B
+></A
+></DT
+><DT
+>1.6. <A
+HREF="install.html#AEN89"
+>Starting the smbd and nmbd</A
+></DT
+><DD
+><DL
+><DT
+>1.6.1. <A
+HREF="install.html#AEN99"
+>Starting from inetd.conf</A
+></DT
+><DT
+>1.6.2. <A
+HREF="install.html#AEN128"
+>Alternative: starting it as a daemon</A
+></DT
+></DL
+></DD
+><DT
+>1.7. <A
+HREF="install.html#AEN144"
+>Try listing the shares available on your
+ server</A
+></DT
+><DT
+>1.8. <A
+HREF="install.html#AEN153"
+>Try connecting with the unix client</A
+></DT
+><DT
+>1.9. <A
+HREF="install.html#AEN169"
+>Try connecting from a DOS, WfWg, Win9x, WinNT,
+ Win2k, OS/2, etc... client</A
+></DT
+><DT
+>1.10. <A
+HREF="install.html#AEN183"
+>What If Things Don't Work?</A
+></DT
+><DD
+><DL
+><DT
+>1.10.1. <A
+HREF="install.html#AEN188"
+>Diagnosing Problems</A
+></DT
+><DT
+>1.10.2. <A
+HREF="install.html#AEN192"
+>Scope IDs</A
+></DT
+><DT
+>1.10.3. <A
+HREF="install.html#AEN195"
+>Choosing the Protocol Level</A
+></DT
+><DT
+>1.10.4. <A
+HREF="install.html#AEN204"
+>Printing from UNIX to a Client PC</A
+></DT
+><DT
+>1.10.5. <A
+HREF="install.html#AEN209"
+>Locking</A
+></DT
+><DT
+>1.10.6. <A
+HREF="install.html#AEN218"
+>Mapping Usernames</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>2. <A
+HREF="improved-browsing.html"
+>Improved browsing in samba</A
+></DT
+><DD
+><DL
+><DT
+>2.1. <A
+HREF="improved-browsing.html#AEN228"
+>Overview of browsing</A
+></DT
+><DT
+>2.2. <A
+HREF="improved-browsing.html#AEN232"
+>Browsing support in samba</A
+></DT
+><DT
+>2.3. <A
+HREF="improved-browsing.html#AEN241"
+>Problem resolution</A
+></DT
+><DT
+>2.4. <A
+HREF="improved-browsing.html#AEN248"
+>Browsing across subnets</A
+></DT
+><DD
+><DL
+><DT
+>2.4.1. <A
+HREF="improved-browsing.html#AEN253"
+>How does cross subnet browsing work ?</A
+></DT
+></DL
+></DD
+><DT
+>2.5. <A
+HREF="improved-browsing.html#AEN288"
+>Setting up a WINS server</A
+></DT
+><DT
+>2.6. <A
+HREF="improved-browsing.html#AEN307"
+>Setting up Browsing in a WORKGROUP</A
+></DT
+><DT
+>2.7. <A
+HREF="improved-browsing.html#AEN325"
+>Setting up Browsing in a DOMAIN</A
+></DT
+><DT
+>2.8. <A
+HREF="improved-browsing.html#AEN335"
+>Forcing samba to be the master</A
+></DT
+><DT
+>2.9. <A
+HREF="improved-browsing.html#AEN344"
+>Making samba the domain master</A
+></DT
+><DT
+>2.10. <A
+HREF="improved-browsing.html#AEN362"
+>Note about broadcast addresses</A
+></DT
+><DT
+>2.11. <A
+HREF="improved-browsing.html#AEN365"
+>Multiple interfaces</A
+></DT
+></DL
+></DD
+><DT
+>3. <A
+HREF="oplocks.html"
+>Oplocks</A
+></DT
+><DD
+><DL
+><DT
+>3.1. <A
+HREF="oplocks.html#AEN377"
+>What are oplocks?</A
+></DT
+></DL
+></DD
+><DT
+>4. <A
+HREF="browsing-quick.html"
+>Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A
+></DT
+><DD
+><DL
+><DT
+>4.1. <A
+HREF="browsing-quick.html#AEN392"
+>Discussion</A
+></DT
+><DT
+>4.2. <A
+HREF="browsing-quick.html#AEN400"
+>Use of the "Remote Announce" parameter</A
+></DT
+><DT
+>4.3. <A
+HREF="browsing-quick.html#AEN414"
+>Use of the "Remote Browse Sync" parameter</A
+></DT
+><DT
+>4.4. <A
+HREF="browsing-quick.html#AEN419"
+>Use of WINS</A
+></DT
+><DT
+>4.5. <A
+HREF="browsing-quick.html#AEN430"
+>Do NOT use more than one (1) protocol on MS Windows machines</A
+></DT
+><DT
+>4.6. <A
+HREF="browsing-quick.html#AEN436"
+>Name Resolution Order</A
+></DT
+></DL
+></DD
+><DT
+>5. <A
+HREF="pwencrypt.html"
+>LanMan and NT Password Encryption in Samba</A
+></DT
+><DD
+><DL
+><DT
+>5.1. <A
+HREF="pwencrypt.html#AEN472"
+>Introduction</A
+></DT
+><DT
+>5.2. <A
+HREF="pwencrypt.html#AEN477"
+>Important Notes About Security</A
+></DT
+><DD
+><DL
+><DT
+>5.2.1. <A
+HREF="pwencrypt.html#AEN496"
+>Advantages of SMB Encryption</A
+></DT
+><DT
+>5.2.2. <A
+HREF="pwencrypt.html#AEN503"
+>Advantages of non-encrypted passwords</A
+></DT
+></DL
+></DD
+><DT
+>5.3. <A
+HREF="pwencrypt.html#AEN512"
+>The smbpasswd Command</A
+></DT
+></DL
+></DD
+></DL
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="samba-howto-collection.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="samba-howto-collection.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="install.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>SAMBA Project Documentation</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>How to Install and Test SAMBA</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file
diff --git a/docs/htmldocs/p3106.html b/docs/htmldocs/p3106.html
new file mode 100644
index 0000000000..9967d8fb59
--- /dev/null
+++ b/docs/htmldocs/p3106.html
@@ -0,0 +1,391 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>Appendixes</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK
+REL="HOME"
+TITLE="SAMBA Project Documentation"
+HREF="samba-howto-collection.html"><LINK
+REL="PREVIOUS"
+TITLE="Samba performance issues"
+HREF="speed.html"><LINK
+REL="NEXT"
+TITLE="Portability"
+HREF="portability.html"></HEAD
+><BODY
+CLASS="PART"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>SAMBA Project Documentation</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="speed.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="portability.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
+><DIV
+CLASS="PART"
+><A
+NAME="AEN3106"
+></A
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+>IV. Appendixes</H1
+><DIV
+CLASS="TOC"
+><DL
+><DT
+><B
+>Table of Contents</B
+></DT
+><DT
+>23. <A
+HREF="portability.html"
+>Portability</A
+></DT
+><DD
+><DL
+><DT
+>23.1. <A
+HREF="portability.html#AEN3115"
+>HPUX</A
+></DT
+><DT
+>23.2. <A
+HREF="portability.html#AEN3121"
+>SCO Unix</A
+></DT
+><DT
+>23.3. <A
+HREF="portability.html#AEN3125"
+>DNIX</A
+></DT
+><DT
+>23.4. <A
+HREF="portability.html#AEN3154"
+>RedHat Linux Rembrandt-II</A
+></DT
+></DL
+></DD
+><DT
+>24. <A
+HREF="other-clients.html"
+>Samba and other CIFS clients</A
+></DT
+><DD
+><DL
+><DT
+>24.1. <A
+HREF="other-clients.html#AEN3175"
+>Macintosh clients?</A
+></DT
+><DT
+>24.2. <A
+HREF="other-clients.html#AEN3184"
+>OS2 Client</A
+></DT
+><DD
+><DL
+><DT
+>24.2.1. <A
+HREF="other-clients.html#AEN3186"
+>How can I configure OS/2 Warp Connect or
+ OS/2 Warp 4 as a client for Samba?</A
+></DT
+><DT
+>24.2.2. <A
+HREF="other-clients.html#AEN3201"
+>How can I configure OS/2 Warp 3 (not Connect),
+ OS/2 1.2, 1.3 or 2.x for Samba?</A
+></DT
+><DT
+>24.2.3. <A
+HREF="other-clients.html#AEN3210"
+>Are there any other issues when OS/2 (any version)
+ is used as a client?</A
+></DT
+><DT
+>24.2.4. <A
+HREF="other-clients.html#AEN3214"
+>How do I get printer driver download working
+ for OS/2 clients?</A
+></DT
+></DL
+></DD
+><DT
+>24.3. <A
+HREF="other-clients.html#AEN3224"
+>Windows for Workgroups</A
+></DT
+><DD
+><DL
+><DT
+>24.3.1. <A
+HREF="other-clients.html#AEN3226"
+>Use latest TCP/IP stack from Microsoft</A
+></DT
+><DT
+>24.3.2. <A
+HREF="other-clients.html#AEN3231"
+>Delete .pwl files after password change</A
+></DT
+><DT
+>24.3.3. <A
+HREF="other-clients.html#AEN3236"
+>Configure WfW password handling</A
+></DT
+><DT
+>24.3.4. <A
+HREF="other-clients.html#AEN3240"
+>Case handling of passwords</A
+></DT
+></DL
+></DD
+><DT
+>24.4. <A
+HREF="other-clients.html#AEN3245"
+>Windows '95/'98</A
+></DT
+><DT
+>24.5. <A
+HREF="other-clients.html#AEN3261"
+>Windows 2000 Service Pack 2</A
+></DT
+></DL
+></DD
+><DT
+>25. <A
+HREF="bugreport.html"
+>Reporting Bugs</A
+></DT
+><DD
+><DL
+><DT
+>25.1. <A
+HREF="bugreport.html#AEN3285"
+>Introduction</A
+></DT
+><DT
+>25.2. <A
+HREF="bugreport.html#AEN3295"
+>General info</A
+></DT
+><DT
+>25.3. <A
+HREF="bugreport.html#AEN3301"
+>Debug levels</A
+></DT
+><DT
+>25.4. <A
+HREF="bugreport.html#AEN3318"
+>Internal errors</A
+></DT
+><DT
+>25.5. <A
+HREF="bugreport.html#AEN3328"
+>Attaching to a running process</A
+></DT
+><DT
+>25.6. <A
+HREF="bugreport.html#AEN3331"
+>Patches</A
+></DT
+></DL
+></DD
+><DT
+>26. <A
+HREF="diagnosis.html"
+>Diagnosing your samba server</A
+></DT
+><DD
+><DL
+><DT
+>26.1. <A
+HREF="diagnosis.html#AEN3354"
+>Introduction</A
+></DT
+><DT
+>26.2. <A
+HREF="diagnosis.html#AEN3359"
+>Assumptions</A
+></DT
+><DT
+>26.3. <A
+HREF="diagnosis.html#AEN3369"
+>Tests</A
+></DT
+><DD
+><DL
+><DT
+>26.3.1. <A
+HREF="diagnosis.html#AEN3371"
+>Test 1</A
+></DT
+><DT
+>26.3.2. <A
+HREF="diagnosis.html#AEN3377"
+>Test 2</A
+></DT
+><DT
+>26.3.3. <A
+HREF="diagnosis.html#AEN3383"
+>Test 3</A
+></DT
+><DT
+>26.3.4. <A
+HREF="diagnosis.html#AEN3398"
+>Test 4</A
+></DT
+><DT
+>26.3.5. <A
+HREF="diagnosis.html#AEN3403"
+>Test 5</A
+></DT
+><DT
+>26.3.6. <A
+HREF="diagnosis.html#AEN3409"
+>Test 6</A
+></DT
+><DT
+>26.3.7. <A
+HREF="diagnosis.html#AEN3417"
+>Test 7</A
+></DT
+><DT
+>26.3.8. <A
+HREF="diagnosis.html#AEN3443"
+>Test 8</A
+></DT
+><DT
+>26.3.9. <A
+HREF="diagnosis.html#AEN3460"
+>Test 9</A
+></DT
+><DT
+>26.3.10. <A
+HREF="diagnosis.html#AEN3468"
+>Test 10</A
+></DT
+><DT
+>26.3.11. <A
+HREF="diagnosis.html#AEN3474"
+>Test 11</A
+></DT
+></DL
+></DD
+><DT
+>26.4. <A
+HREF="diagnosis.html#AEN3479"
+>Still having troubles?</A
+></DT
+></DL
+></DD
+></DL
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="speed.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="samba-howto-collection.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="portability.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>Samba performance issues</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>Portability</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file
diff --git a/docs/htmldocs/p544.html b/docs/htmldocs/p544.html
new file mode 100644
index 0000000000..502d978b5f
--- /dev/null
+++ b/docs/htmldocs/p544.html
@@ -0,0 +1,388 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>Type of installation</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK
+REL="HOME"
+TITLE="SAMBA Project Documentation"
+HREF="samba-howto-collection.html"><LINK
+REL="PREVIOUS"
+TITLE="LanMan and NT Password Encryption in Samba"
+HREF="pwencrypt.html"><LINK
+REL="NEXT"
+TITLE="How to Configure Samba as a NT4 Primary Domain Controller"
+HREF="samba-pdc.html"></HEAD
+><BODY
+CLASS="PART"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>SAMBA Project Documentation</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="pwencrypt.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="samba-pdc.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
+><DIV
+CLASS="PART"
+><A
+NAME="AEN544"
+></A
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+>II. Type of installation</H1
+><DIV
+CLASS="PARTINTRO"
+><A
+NAME="AEN546"
+></A
+><H1
+>Introduction</H1
+><P
+>This part contains information on using samba in a (NT 4 or ADS) domain.
+If you wish to run samba as a domain member or DC, read the appropriate chapter in
+this part.</P
+></DIV
+><DIV
+CLASS="TOC"
+><DL
+><DT
+><B
+>Table of Contents</B
+></DT
+><DT
+>6. <A
+HREF="samba-pdc.html"
+>How to Configure Samba as a NT4 Primary Domain Controller</A
+></DT
+><DD
+><DL
+><DT
+>6.1. <A
+HREF="samba-pdc.html#AEN566"
+>Prerequisite Reading</A
+></DT
+><DT
+>6.2. <A
+HREF="samba-pdc.html#AEN572"
+>Background</A
+></DT
+><DT
+>6.3. <A
+HREF="samba-pdc.html#AEN611"
+>Configuring the Samba Domain Controller</A
+></DT
+><DT
+>6.4. <A
+HREF="samba-pdc.html#AEN654"
+>Creating Machine Trust Accounts and Joining Clients to the
+Domain</A
+></DT
+><DD
+><DL
+><DT
+>6.4.1. <A
+HREF="samba-pdc.html#AEN673"
+>Manual Creation of Machine Trust Accounts</A
+></DT
+><DT
+>6.4.2. <A
+HREF="samba-pdc.html#AEN714"
+>"On-the-Fly" Creation of Machine Trust Accounts</A
+></DT
+><DT
+>6.4.3. <A
+HREF="samba-pdc.html#AEN723"
+>Joining the Client to the Domain</A
+></DT
+></DL
+></DD
+><DT
+>6.5. <A
+HREF="samba-pdc.html#AEN738"
+>Common Problems and Errors</A
+></DT
+><DT
+>6.6. <A
+HREF="samba-pdc.html#AEN786"
+>System Policies and Profiles</A
+></DT
+><DT
+>6.7. <A
+HREF="samba-pdc.html#AEN830"
+>What other help can I get?</A
+></DT
+><DT
+>6.8. <A
+HREF="samba-pdc.html#AEN944"
+>Domain Control for Windows 9x/ME</A
+></DT
+><DD
+><DL
+><DT
+>6.8.1. <A
+HREF="samba-pdc.html#AEN970"
+>Configuration Instructions: Network Logons</A
+></DT
+><DT
+>6.8.2. <A
+HREF="samba-pdc.html#AEN989"
+>Configuration Instructions: Setting up Roaming User Profiles</A
+></DT
+></DL
+></DD
+><DT
+>6.9. <A
+HREF="samba-pdc.html#AEN1082"
+>DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
+></DT
+></DL
+></DD
+><DT
+>7. <A
+HREF="samba-bdc.html"
+>How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
+></DT
+><DD
+><DL
+><DT
+>7.1. <A
+HREF="samba-bdc.html#AEN1118"
+>Prerequisite Reading</A
+></DT
+><DT
+>7.2. <A
+HREF="samba-bdc.html#AEN1122"
+>Background</A
+></DT
+><DT
+>7.3. <A
+HREF="samba-bdc.html#AEN1130"
+>What qualifies a Domain Controller on the network?</A
+></DT
+><DD
+><DL
+><DT
+>7.3.1. <A
+HREF="samba-bdc.html#AEN1133"
+>How does a Workstation find its domain controller?</A
+></DT
+><DT
+>7.3.2. <A
+HREF="samba-bdc.html#AEN1136"
+>When is the PDC needed?</A
+></DT
+></DL
+></DD
+><DT
+>7.4. <A
+HREF="samba-bdc.html#AEN1139"
+>Can Samba be a Backup Domain Controller?</A
+></DT
+><DT
+>7.5. <A
+HREF="samba-bdc.html#AEN1143"
+>How do I set up a Samba BDC?</A
+></DT
+><DD
+><DL
+><DT
+>7.5.1. <A
+HREF="samba-bdc.html#AEN1160"
+>How do I replicate the smbpasswd file?</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>8. <A
+HREF="ads.html"
+>Samba as a ADS domain member</A
+></DT
+><DD
+><DL
+><DT
+>8.1. <A
+HREF="ads.html#AEN1178"
+>Installing the required packages for Debian</A
+></DT
+><DT
+>8.2. <A
+HREF="ads.html#AEN1184"
+>Installing the required packages for RedHat</A
+></DT
+><DT
+>8.3. <A
+HREF="ads.html#AEN1193"
+>Compile Samba</A
+></DT
+><DT
+>8.4. <A
+HREF="ads.html#AEN1205"
+>Setup your /etc/krb5.conf</A
+></DT
+><DT
+>8.5. <A
+HREF="ads.html#AEN1215"
+>Create the computer account</A
+></DT
+><DD
+><DL
+><DT
+>8.5.1. <A
+HREF="ads.html#AEN1219"
+>Possible errors</A
+></DT
+></DL
+></DD
+><DT
+>8.6. <A
+HREF="ads.html#AEN1231"
+>Test your server setup</A
+></DT
+><DT
+>8.7. <A
+HREF="ads.html#AEN1236"
+>Testing with smbclient</A
+></DT
+><DT
+>8.8. <A
+HREF="ads.html#AEN1239"
+>Notes</A
+></DT
+></DL
+></DD
+><DT
+>9. <A
+HREF="domain-security.html"
+>Samba as a NT4 domain member</A
+></DT
+><DD
+><DL
+><DT
+>9.1. <A
+HREF="domain-security.html#AEN1261"
+>Joining an NT Domain with Samba 2.2</A
+></DT
+><DT
+>9.2. <A
+HREF="domain-security.html#AEN1325"
+>Samba and Windows 2000 Domains</A
+></DT
+><DT
+>9.3. <A
+HREF="domain-security.html#AEN1330"
+>Why is this better than security = server?</A
+></DT
+></DL
+></DD
+></DL
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="pwencrypt.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="samba-howto-collection.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="samba-pdc.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>LanMan and NT Password Encryption in Samba</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+>&nbsp;</TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>How to Configure Samba as a NT4 Primary Domain Controller</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file
diff --git a/source3/include/libsmb_internal.h b/source3/include/libsmb_internal.h
new file mode 100644
index 0000000000..21fe47d4b2
--- /dev/null
+++ b/source3/include/libsmb_internal.h
@@ -0,0 +1,67 @@
+#ifndef _LIBSMB_INTERNAL_H_
+#define _LIBSMB_INTERNAL_H_
+
+#define SMBC_MAX_NAME 1023
+#define SMBC_FILE_MODE (S_IFREG | 0444)
+#define SMBC_DIR_MODE (S_IFDIR | 0555)
+
+
+#include "../include/libsmbclient.h"
+
+
+struct _SMBCSRV {
+ struct cli_state cli;
+ dev_t dev;
+ BOOL no_pathinfo2;
+ int server_fd;
+
+ SMBCSRV *next, *prev;
+
+};
+
+/*
+ * Keep directory entries in a list
+ */
+struct smbc_dir_list {
+ struct smbc_dir_list *next;
+ struct smbc_dirent *dirent;
+};
+
+
+/*
+ * Structure for open file management
+ */
+struct _SMBCFILE {
+ int cli_fd;
+ char *fname;
+ off_t offset;
+ struct _SMBCSRV *srv;
+ BOOL file;
+ struct smbc_dir_list *dir_list, *dir_end, *dir_next;
+ int dir_type, dir_error;
+
+ SMBCFILE *next, *prev;
+};
+
+
+struct smbc_internal_data {
+
+ /** INTERNAL: is this handle initialized ?
+ */
+ int _initialized;
+
+ /** INTERNAL: dirent pointer location
+ */
+ char _dirent[512];
+
+ /** INTERNAL: server connection list
+ */
+ SMBCSRV * _servers;
+
+ /** INTERNAL: open file/dir list
+ */
+ SMBCFILE * _files;
+};
+
+
+#endif
diff --git a/source3/passdb/pdb_mysql.c b/source3/passdb/pdb_mysql.c
new file mode 100644
index 0000000000..0df630d1ee
--- /dev/null
+++ b/source3/passdb/pdb_mysql.c
@@ -0,0 +1,1032 @@
+
+/*
+ * MySQL password backend for samba
+ * Copyright (C) Jelmer Vernooij 2002
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+#include <mysql/mysql.h>
+
+#define CONFIG_TABLE_DEFAULT "user"
+#define CONFIG_LOGON_TIME_DEFAULT "logon_time"
+#define CONFIG_LOGOFF_TIME_DEFAULT "logoff_time"
+#define CONFIG_KICKOFF_TIME_DEFAULT "kickoff_time"
+#define CONFIG_PASS_LAST_SET_TIME_DEFAULT "pass_last_set_time"
+#define CONFIG_PASS_CAN_CHANGE_TIME_DEFAULT "pass_can_change_time"
+#define CONFIG_PASS_MUST_CHANGE_TIME_DEFAULT "pass_must_change_time"
+#define CONFIG_USERNAME_DEFAULT "username"
+#define CONFIG_DOMAIN_DEFAULT "domain"
+#define CONFIG_NT_USERNAME_DEFAULT "nt_username"
+#define CONFIG_FULLNAME_DEFAULT "nt_fullname"
+#define CONFIG_HOME_DIR_DEFAULT "home_dir"
+#define CONFIG_DIR_DRIVE_DEFAULT "dir_drive"
+#define CONFIG_LOGON_SCRIPT_DEFAULT "logon_script"
+#define CONFIG_PROFILE_PATH_DEFAULT "profile_path"
+#define CONFIG_ACCT_DESC_DEFAULT "acct_desc"
+#define CONFIG_WORKSTATIONS_DEFAULT "workstations"
+#define CONFIG_UNKNOWN_STR_DEFAULT "unknown_str"
+#define CONFIG_MUNGED_DIAL_DEFAULT "munged_dial"
+#define CONFIG_UID_DEFAULT "uid"
+#define CONFIG_GID_DEFAULT "gid"
+#define CONFIG_USER_SID_DEFAULT "user_sid"
+#define CONFIG_GROUP_SID_DEFAULT "group_sid"
+#define CONFIG_LM_PW_DEFAULT "lm_pw"
+#define CONFIG_NT_PW_DEFAULT "nt_pw"
+#define CONFIG_PLAIN_PW_DEFAULT "NULL"
+#define CONFIG_ACCT_CTRL_DEFAULT "acct_ctrl"
+#define CONFIG_UNKNOWN_3_DEFAULT "unknown_3"
+#define CONFIG_LOGON_DIVS_DEFAULT "logon_divs"
+#define CONFIG_HOURS_LEN_DEFAULT "hours_len"
+#define CONFIG_UNKNOWN_5_DEFAULT "unknown_5"
+#define CONFIG_UNKNOWN_6_DEFAULT "unknown_6"
+#define CONFIG_HOST_DEFAULT "localhost"
+#define CONFIG_USER_DEFAULT "samba"
+#define CONFIG_PASS_DEFAULT ""
+#define CONFIG_PORT_DEFAULT "3306"
+#define CONFIG_DB_DEFAULT "samba"
+
+static int mysqlsam_debug_level = DBGC_ALL;
+
+#undef DBGC_CLASS
+#define DBGC_CLASS mysqlsam_debug_level
+
+PDB_MODULE_VERSIONING_MAGIC
+
+typedef struct pdb_mysql_data {
+ MYSQL *handle;
+ MYSQL_RES *pwent;
+ char *location;
+} pdb_mysql_data;
+
+/* Used to construct insert and update queries */
+
+typedef struct pdb_mysql_query {
+ char update;
+ TALLOC_CTX *mem_ctx;
+ char *part1;
+ char *part2;
+} pdb_mysql_query;
+#define SET_DATA(data,methods) { \
+ if(!methods){ \
+ DEBUG(0, ("invalid methods!\n")); \
+ return NT_STATUS_INVALID_PARAMETER; \
+ } \
+ data = (struct pdb_mysql_data *)methods->private_data; \
+ if(!data || !(data->handle)){ \
+ DEBUG(0, ("invalid handle!\n")); \
+ return NT_STATUS_INVALID_HANDLE; \
+ } \
+}
+
+static void pdb_mysql_int_field(struct pdb_methods *m,
+ struct pdb_mysql_query *q, char *name, int value)
+{
+ if (!name || strchr(name, '\''))
+ return; /* This field shouldn't be set by us */
+
+ if (q->update) {
+ q->part1 =
+ talloc_asprintf_append(q->mem_ctx, q->part1,
+ "%s = %d,", name, value);
+ } else {
+ q->part1 =
+ talloc_asprintf_append(q->mem_ctx, q->part1, "%s,", name);
+ q->part2 =
+ talloc_asprintf_append(q->mem_ctx, q->part2, "%d,", value);
+ }
+}
+
+static NTSTATUS pdb_mysql_string_field(struct pdb_methods *methods,
+ struct pdb_mysql_query *q,
+ char *name, const char *value)
+{
+ char *esc_value;
+ struct pdb_mysql_data *data;
+ char *tmp_value;
+
+ SET_DATA(data, methods);
+
+ if (!name || !value || !strcmp(value, "") || strchr(name, '\''))
+ return NT_STATUS_INVALID_PARAMETER; /* This field shouldn't be set by module */
+
+ esc_value = malloc(strlen(value) * 2 + 1);
+
+ tmp_value = smb_xstrdup(value);
+ mysql_real_escape_string(data->handle, esc_value, tmp_value,
+ strlen(tmp_value));
+ SAFE_FREE(tmp_value);
+
+ if (q->update) {
+ q->part1 =
+ talloc_asprintf_append(q->mem_ctx, q->part1,
+ "%s = '%s',", name, esc_value);
+ } else {
+ q->part1 =
+ talloc_asprintf_append(q->mem_ctx, q->part1, "%s,", name);
+ q->part2 =
+ talloc_asprintf_append(q->mem_ctx, q->part2, "'%s',",
+ esc_value);
+ }
+
+ SAFE_FREE(esc_value);
+
+ return NT_STATUS_OK;
+}
+
+static char * config_value(pdb_mysql_data * data, char *name, char *default_value)
+{
+ if (lp_parm_string(NULL, data->location, name))
+ return lp_parm_string(NULL, data->location, name);
+
+ return default_value;
+}
+
+static char * config_value_write(pdb_mysql_data * data, char *name, char *default_value) {
+ char *v = config_value(data, name, NULL);
+ char *swrite;
+
+ if (!v)
+ return default_value;
+
+ swrite = strchr(v, ':');
+
+ /* Default to the same field as read field */
+ if (!swrite)
+ return v;
+
+ swrite++;
+
+ /* If the field is 0 chars long, we shouldn't write to it */
+ if (!strlen(swrite) || !strcmp(swrite, "NULL"))
+ return NULL;
+
+ /* Otherwise, use the additionally specified */
+ return swrite;
+}
+
+static const char * config_value_read(pdb_mysql_data * data, char *name, char *default_value)
+{
+ char *v = config_value(data, name, NULL);
+ char *swrite;
+
+ if (!v)
+ return default_value;
+
+ swrite = strchr(v, ':');
+
+ /* If no write is specified, there are no problems */
+ if (!swrite) {
+ if (strlen(v) == 0)
+ return "NULL";
+ return v;
+ }
+
+ /* Otherwise, we have to cut the ':write_part' */
+ *swrite = '\0';
+ if (strlen(v) == 0)
+ return "NULL";
+
+ return v;
+}
+
+/* Wrapper for atol that returns 0 if 'a' points to NULL */
+static long xatol(char *a)
+{
+ long ret = 0;
+
+ if (a != NULL)
+ ret = atol(a);
+
+ return ret;
+}
+
+static NTSTATUS row_to_sam_account(MYSQL_RES * r, SAM_ACCOUNT * u)
+{
+ MYSQL_ROW row;
+ pstring temp;
+ unsigned int num_fields;
+ DOM_SID sid;
+
+ num_fields = mysql_num_fields(r);
+ row = mysql_fetch_row(r);
+ if (!row)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ pdb_set_logon_time(u, xatol(row[0]), PDB_SET);
+ pdb_set_logoff_time(u, xatol(row[1]), PDB_SET);
+ pdb_set_kickoff_time(u, xatol(row[2]), PDB_SET);
+ pdb_set_pass_last_set_time(u, xatol(row[3]), PDB_SET);
+ pdb_set_pass_can_change_time(u, xatol(row[4]), PDB_SET);
+ pdb_set_pass_must_change_time(u, xatol(row[5]), PDB_SET);
+ pdb_set_username(u, row[6], PDB_SET);
+ pdb_set_domain(u, row[7], PDB_SET);
+ pdb_set_nt_username(u, row[8], PDB_SET);
+ pdb_set_fullname(u, row[9], PDB_SET);
+ pdb_set_homedir(u, row[10], PDB_SET);
+ pdb_set_dir_drive(u, row[11], PDB_SET);
+ pdb_set_logon_script(u, row[12], PDB_SET);
+ pdb_set_profile_path(u, row[13], PDB_SET);
+ pdb_set_acct_desc(u, row[14], PDB_SET);
+ pdb_set_workstations(u, row[15], PDB_SET);
+ pdb_set_unknown_str(u, row[16], PDB_SET);
+ pdb_set_munged_dial(u, row[17], PDB_SET);
+
+ if (row[18])
+ pdb_set_uid(u, xatol(row[18]), PDB_SET);
+ if (row[19])
+ pdb_set_gid(u, xatol(row[19]), PDB_SET);
+
+ string_to_sid(&sid, row[20]);
+ pdb_set_user_sid(u, &sid, PDB_SET);
+ string_to_sid(&sid, row[21]);
+ pdb_set_group_sid(u, &sid, PDB_SET);
+
+ if (pdb_gethexpwd(row[22], temp), PDB_SET)
+ pdb_set_lanman_passwd(u, temp, PDB_SET);
+ if (pdb_gethexpwd(row[23], temp), PDB_SET)
+ pdb_set_nt_passwd(u, temp, PDB_SET);
+
+ /* Only use plaintext password storage when lanman and nt are
+ * NOT used */
+ if (!row[22] || !row[23])
+ pdb_set_plaintext_passwd(u, row[24]);
+
+ pdb_set_acct_ctrl(u, xatol(row[25]), PDB_SET);
+ pdb_set_unknown_3(u, xatol(row[26]), PDB_SET);
+ pdb_set_logon_divs(u, xatol(row[27]), PDB_SET);
+ pdb_set_hours_len(u, xatol(row[28]), PDB_SET);
+ pdb_set_unknown_5(u, xatol(row[29]), PDB_SET);
+ pdb_set_unknown_6(u, xatol(row[30]), PDB_SET);
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS mysqlsam_setsampwent(struct pdb_methods *methods, BOOL update)
+{
+ struct pdb_mysql_data *data =
+ (struct pdb_mysql_data *) methods->private_data;
+ char *query;
+ int ret;
+
+ if (!data || !(data->handle)) {
+ DEBUG(0, ("invalid handle!\n"));
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ asprintf(&query,
+ "SELECT %s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s FROM %s",
+ config_value_read(data, "logon time column",
+ CONFIG_LOGON_TIME_DEFAULT),
+ config_value_read(data, "logoff time column",
+ CONFIG_LOGOFF_TIME_DEFAULT),
+ config_value_read(data, "kickoff time column",
+ CONFIG_KICKOFF_TIME_DEFAULT),
+ config_value_read(data, "pass last set time column",
+ CONFIG_PASS_LAST_SET_TIME_DEFAULT),
+ config_value_read(data, "pass can change time column",
+ CONFIG_PASS_CAN_CHANGE_TIME_DEFAULT),
+ config_value_read(data, "pass must change time column",
+ CONFIG_PASS_MUST_CHANGE_TIME_DEFAULT),
+ config_value_read(data, "username column",
+ CONFIG_USERNAME_DEFAULT),
+ config_value_read(data, "domain column",
+ CONFIG_DOMAIN_DEFAULT),
+ config_value_read(data, "nt username column",
+ CONFIG_NT_USERNAME_DEFAULT),
+ config_value_read(data, "fullname column",
+ CONFIG_FULLNAME_DEFAULT),
+ config_value_read(data, "home dir column",
+ CONFIG_HOME_DIR_DEFAULT),
+ config_value_read(data, "dir drive column",
+ CONFIG_DIR_DRIVE_DEFAULT),
+ config_value_read(data, "logon script column",
+ CONFIG_LOGON_SCRIPT_DEFAULT),
+ config_value_read(data, "profile path column",
+ CONFIG_PROFILE_PATH_DEFAULT),
+ config_value_read(data, "acct desc column",
+ CONFIG_ACCT_DESC_DEFAULT),
+ config_value_read(data, "workstations column",
+ CONFIG_WORKSTATIONS_DEFAULT),
+ config_value_read(data, "unknown string column",
+ CONFIG_UNKNOWN_STR_DEFAULT),
+ config_value_read(data, "munged dial column",
+ CONFIG_MUNGED_DIAL_DEFAULT),
+ config_value_read(data, "uid column", CONFIG_UID_DEFAULT),
+ config_value_read(data, "gid column", CONFIG_GID_DEFAULT),
+ config_value_read(data, "user sid column",
+ CONFIG_USER_SID_DEFAULT),
+ config_value_read(data, "group sid column",
+ CONFIG_GROUP_SID_DEFAULT),
+ config_value_read(data, "lanman pass column",
+ CONFIG_LM_PW_DEFAULT),
+ config_value_read(data, "nt pass column",
+ CONFIG_NT_PW_DEFAULT),
+ config_value_read(data, "plain pass column",
+ CONFIG_PLAIN_PW_DEFAULT),
+ config_value_read(data, "acct ctrl column",
+ CONFIG_ACCT_CTRL_DEFAULT),
+ config_value_read(data, "unknown 3 column",
+ CONFIG_UNKNOWN_3_DEFAULT),
+ config_value_read(data, "logon divs column",
+ CONFIG_LOGON_DIVS_DEFAULT),
+ config_value_read(data, "hours len column",
+ CONFIG_HOURS_LEN_DEFAULT),
+ config_value_read(data, "unknown 5 column",
+ CONFIG_UNKNOWN_5_DEFAULT),
+ config_value_read(data, "unknown 6 column",
+ CONFIG_UNKNOWN_6_DEFAULT),
+ config_value(data, "table", CONFIG_TABLE_DEFAULT)
+ );
+
+ ret = mysql_query(data->handle, query);
+ SAFE_FREE(query);
+
+ if (ret) {
+ DEBUG(0,
+ ("Error executing query: %s\n", mysql_error(data->handle)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ data->pwent = mysql_store_result(data->handle);
+
+ if (data->pwent == NULL) {
+ DEBUG(0,
+ ("Error storing results: %s\n", mysql_error(data->handle)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ DEBUG(5,
+ ("mysqlsam_setsampwent succeeded(%d results)!\n",
+ mysql_num_fields(data->pwent)));
+
+ return NT_STATUS_OK;
+}
+
+/***************************************************************
+ End enumeration of the passwd list.
+ ****************************************************************/
+
+static void mysqlsam_endsampwent(struct pdb_methods *methods)
+{
+ struct pdb_mysql_data *data =
+ (struct pdb_mysql_data *) methods->private_data;
+
+ if (data == NULL) {
+ DEBUG(0, ("invalid handle!\n"));
+ return;
+ }
+
+ if (data->pwent != NULL)
+ mysql_free_result(data->pwent);
+
+ data->pwent = NULL;
+
+ DEBUG(5, ("mysql_endsampwent called\n"));
+}
+
+/*****************************************************************
+ Get one SAM_ACCOUNT from the list (next in line)
+ *****************************************************************/
+
+static NTSTATUS mysqlsam_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT * user)
+{
+ struct pdb_mysql_data *data;
+
+ SET_DATA(data, methods);
+
+ if (data->pwent == NULL) {
+ DEBUG(0, ("invalid pwent\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ return row_to_sam_account(data->pwent, user);
+}
+
+static NTSTATUS mysqlsam_select_by_field(struct pdb_methods * methods, SAM_ACCOUNT * user,
+ const char *field, const char *sname)
+{
+ char *esc_sname;
+ char *query;
+ NTSTATUS ret;
+ MYSQL_RES *res;
+ int mysql_ret;
+ struct pdb_mysql_data *data;
+ char *tmp_sname;
+
+ SET_DATA(data, methods);
+
+ esc_sname = malloc(strlen(sname) * 2 + 1);
+ if (!esc_sname) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ DEBUG(5,
+ ("mysqlsam_select_by_field: getting data where %s = %s(nonescaped)\n",
+ field, sname));
+
+ tmp_sname = smb_xstrdup(sname);
+
+ /* Escape sname */
+ mysql_real_escape_string(data->handle, esc_sname, tmp_sname,
+ strlen(tmp_sname));
+
+ SAFE_FREE(tmp_sname);
+
+ if (user == NULL) {
+ DEBUG(0, ("pdb_getsampwnam: SAM_ACCOUNT is NULL.\n"));
+ SAFE_FREE(esc_sname);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ asprintf(&query,
+ "SELECT %s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s FROM %s WHERE %s = '%s'",
+ config_value_read(data, "logon time column",
+ CONFIG_LOGON_TIME_DEFAULT),
+ config_value_read(data, "logoff time column",
+ CONFIG_LOGOFF_TIME_DEFAULT),
+ config_value_read(data, "kickoff time column",
+ CONFIG_KICKOFF_TIME_DEFAULT),
+ config_value_read(data, "pass last set time column",
+ CONFIG_PASS_LAST_SET_TIME_DEFAULT),
+ config_value_read(data, "pass can change time column",
+ CONFIG_PASS_CAN_CHANGE_TIME_DEFAULT),
+ config_value_read(data, "pass must change time column",
+ CONFIG_PASS_MUST_CHANGE_TIME_DEFAULT),
+ config_value_read(data, "username column",
+ CONFIG_USERNAME_DEFAULT),
+ config_value_read(data, "domain column",
+ CONFIG_DOMAIN_DEFAULT),
+ config_value_read(data, "nt username column",
+ CONFIG_NT_USERNAME_DEFAULT),
+ config_value_read(data, "fullname column",
+ CONFIG_FULLNAME_DEFAULT),
+ config_value_read(data, "home dir column",
+ CONFIG_HOME_DIR_DEFAULT),
+ config_value_read(data, "dir drive column",
+ CONFIG_DIR_DRIVE_DEFAULT),
+ config_value_read(data, "logon script column",
+ CONFIG_LOGON_SCRIPT_DEFAULT),
+ config_value_read(data, "profile path column",
+ CONFIG_PROFILE_PATH_DEFAULT),
+ config_value_read(data, "acct desc column",
+ CONFIG_ACCT_DESC_DEFAULT),
+ config_value_read(data, "workstations column",
+ CONFIG_WORKSTATIONS_DEFAULT),
+ config_value_read(data, "unknown string column",
+ CONFIG_UNKNOWN_STR_DEFAULT),
+ config_value_read(data, "munged dial column",
+ CONFIG_MUNGED_DIAL_DEFAULT),
+ config_value_read(data, "uid column", CONFIG_UID_DEFAULT),
+ config_value_read(data, "gid column", CONFIG_GID_DEFAULT),
+ config_value_read(data, "user sid column",
+ CONFIG_USER_SID_DEFAULT),
+ config_value_read(data, "group sid column",
+ CONFIG_GROUP_SID_DEFAULT),
+ config_value_read(data, "lanman pass column",
+ CONFIG_LM_PW_DEFAULT),
+ config_value_read(data, "nt pass column",
+ CONFIG_NT_PW_DEFAULT),
+ config_value_read(data, "plain pass column",
+ CONFIG_PLAIN_PW_DEFAULT),
+ config_value_read(data, "acct ctrl column",
+ CONFIG_ACCT_CTRL_DEFAULT),
+ config_value_read(data, "unknown 3 column",
+ CONFIG_UNKNOWN_3_DEFAULT),
+ config_value_read(data, "logon divs column",
+ CONFIG_LOGON_DIVS_DEFAULT),
+ config_value_read(data, "hours len column",
+ CONFIG_HOURS_LEN_DEFAULT),
+ config_value_read(data, "unknown 5 column",
+ CONFIG_UNKNOWN_5_DEFAULT),
+ config_value_read(data, "unknown 6 column",
+ CONFIG_UNKNOWN_6_DEFAULT),
+ config_value(data, "table", CONFIG_TABLE_DEFAULT), field,
+ esc_sname);
+
+ SAFE_FREE(esc_sname);
+
+ mysql_ret = mysql_query(data->handle, query);
+
+ SAFE_FREE(query);
+
+ if (mysql_ret) {
+ DEBUG(0,
+ ("Error while executing MySQL query: %s\n",
+ mysql_error(data->handle)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ res = mysql_store_result(data->handle);
+ if (res == NULL) {
+ DEBUG(0,
+ ("Error storing results: %s\n", mysql_error(data->handle)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ ret = row_to_sam_account(res, user);
+ mysql_free_result(res);
+
+ return ret;
+}
+
+/******************************************************************
+ Lookup a name in the SAM database
+ ******************************************************************/
+
+static NTSTATUS mysqlsam_getsampwnam(struct pdb_methods *methods, SAM_ACCOUNT * user,
+ const char *sname)
+{
+ struct pdb_mysql_data *data;
+
+ SET_DATA(data, methods);
+
+ if (!sname) {
+ DEBUG(0, ("invalid name specified"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ return mysqlsam_select_by_field(methods, user,
+ config_value_read(data, "username column",
+ CONFIG_USERNAME_DEFAULT), sname);
+}
+
+
+/***************************************************************************
+ Search by sid
+ **************************************************************************/
+
+static NTSTATUS mysqlsam_getsampwsid(struct pdb_methods *methods, SAM_ACCOUNT * user,
+ const DOM_SID * sid)
+{
+ struct pdb_mysql_data *data;
+ fstring sid_str;
+
+ SET_DATA(data, methods);
+
+ sid_to_string(sid_str, sid);
+
+ return mysqlsam_select_by_field(methods, user,
+ config_value_read(data, "user sid column",
+ CONFIG_USER_SID_DEFAULT), sid_str);
+}
+
+/***************************************************************************
+ Delete a SAM_ACCOUNT
+ ****************************************************************************/
+
+static NTSTATUS mysqlsam_delete_sam_account(struct pdb_methods *methods,
+ SAM_ACCOUNT * sam_pass)
+{
+ const char *sname = pdb_get_username(sam_pass);
+ char *esc;
+ char *query;
+ int ret;
+ struct pdb_mysql_data *data;
+ char *tmp_sname;
+
+ SET_DATA(data, methods);
+
+ if (!methods) {
+ DEBUG(0, ("invalid methods!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ data = (struct pdb_mysql_data *) methods->private_data;
+ if (!data || !(data->handle)) {
+ DEBUG(0, ("invalid handle!\n"));
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ if (!sname) {
+ DEBUG(0, ("invalid name specified\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* Escape sname */
+ esc = malloc(strlen(sname) * 2 + 1);
+ if (!esc) {
+ DEBUG(0, ("Can't allocate memory to store escaped name\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ tmp_sname = smb_xstrdup(sname);
+
+ mysql_real_escape_string(data->handle, esc, tmp_sname,
+ strlen(tmp_sname));
+
+ SAFE_FREE(tmp_sname);
+
+ asprintf(&query, "DELETE FROM %s WHERE %s = '%s'",
+ config_value(data, "table", CONFIG_TABLE_DEFAULT),
+ config_value_read(data, "username column",
+ CONFIG_USERNAME_DEFAULT), esc);
+
+ SAFE_FREE(esc);
+
+ ret = mysql_query(data->handle, query);
+
+ SAFE_FREE(query);
+
+ if (ret) {
+ DEBUG(0,
+ ("Error while executing query: %s\n",
+ mysql_error(data->handle)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ DEBUG(5, ("User '%s' deleted\n", sname));
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS mysqlsam_replace_sam_account(struct pdb_methods *methods,
+ const SAM_ACCOUNT * newpwd, char isupdate)
+{
+ pstring temp;
+ struct pdb_mysql_data *data;
+ pdb_mysql_query query;
+ fstring sid_str;
+
+ if (!methods) {
+ DEBUG(0, ("invalid methods!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ data = (struct pdb_mysql_data *) methods->private_data;
+ if (data == NULL || data->handle == NULL) {
+ DEBUG(0, ("invalid handle!\n"));
+ return NT_STATUS_INVALID_HANDLE;
+ }
+ query.update = isupdate;
+
+ /* I know this is somewhat overkill but only the talloc
+ * functions have asprint_append and the 'normal' asprintf
+ * is a GNU extension */
+ query.mem_ctx = talloc_init();
+ query.part2 = talloc_asprintf(query.mem_ctx, "%s", "");
+ if (query.update) {
+ query.part1 =
+ talloc_asprintf(query.mem_ctx, "UPDATE %s SET ",
+ config_value(data, "table",
+ CONFIG_TABLE_DEFAULT));
+ } else {
+ query.part1 =
+ talloc_asprintf(query.mem_ctx, "INSERT INTO %s (",
+ config_value(data, "table",
+ CONFIG_TABLE_DEFAULT));
+ }
+
+ pdb_mysql_int_field(methods, &query,
+ config_value_write(data, "acct ctrl column",
+ CONFIG_ACCT_CTRL_DEFAULT),
+ pdb_get_acct_ctrl(newpwd));
+
+ if (pdb_get_init_flags(newpwd, PDB_LOGONTIME) != PDB_DEFAULT) {
+ pdb_mysql_int_field(methods, &query,
+ config_value_write(data,
+ "logon time column",
+ CONFIG_LOGON_TIME_DEFAULT),
+ pdb_get_logon_time(newpwd));
+ }
+
+ if (pdb_get_init_flags(newpwd, PDB_LOGOFFTIME) != PDB_DEFAULT) {
+ pdb_mysql_int_field(methods, &query,
+ config_value_write(data,
+ "logoff time column",
+ CONFIG_LOGOFF_TIME_DEFAULT),
+ pdb_get_logoff_time(newpwd));
+ }
+
+ if (pdb_get_init_flags(newpwd, PDB_KICKOFFTIME) != PDB_DEFAULT) {
+ pdb_mysql_int_field(methods, &query,
+ config_value_write(data,
+ "kickoff time column",
+ CONFIG_KICKOFF_TIME_DEFAULT),
+ pdb_get_kickoff_time(newpwd));
+ }
+
+ if (pdb_get_init_flags(newpwd, PDB_CANCHANGETIME) != PDB_DEFAULT) {
+ pdb_mysql_int_field(methods, &query,
+ config_value_write(data,
+ "pass can change time column",
+ CONFIG_PASS_CAN_CHANGE_TIME_DEFAULT),
+ pdb_get_pass_can_change_time(newpwd));
+ }
+
+ if (pdb_get_init_flags(newpwd, PDB_MUSTCHANGETIME) != PDB_DEFAULT) {
+ pdb_mysql_int_field(methods, &query,
+ config_value_write(data,
+ "pass must change time column",
+ CONFIG_PASS_MUST_CHANGE_TIME_DEFAULT),
+ pdb_get_pass_must_change_time(newpwd));
+ }
+
+ if (pdb_get_pass_last_set_time(newpwd)) {
+ pdb_mysql_int_field(methods, &query,
+ config_value_write(data,
+ "pass last set time column",
+ CONFIG_PASS_LAST_SET_TIME_DEFAULT),
+ pdb_get_pass_last_set_time(newpwd));
+ }
+
+ if (pdb_get_hours_len(newpwd)) {
+ pdb_mysql_int_field(methods, &query,
+ config_value_write(data,
+ "hours len column",
+ CONFIG_HOURS_LEN_DEFAULT),
+ pdb_get_hours_len(newpwd));
+ }
+
+ if (pdb_get_logon_divs(newpwd)) {
+ pdb_mysql_int_field(methods, &query,
+ config_value_write(data,
+ "logon divs column",
+ CONFIG_LOGON_DIVS_DEFAULT),
+ pdb_get_logon_divs(newpwd));
+ }
+
+ if (pdb_get_init_flags(newpwd, PDB_UID) != PDB_DEFAULT) {
+ pdb_mysql_int_field(methods, &query,
+ config_value_write(data, "uid column",
+ CONFIG_UID_DEFAULT),
+ pdb_get_uid(newpwd));
+ }
+
+ if (pdb_get_init_flags(newpwd, PDB_GID) != PDB_DEFAULT) {
+ pdb_mysql_int_field(methods, &query,
+ config_value_write(data, "gid column",
+ CONFIG_GID_DEFAULT),
+ pdb_get_gid(newpwd));
+ }
+
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data, "user sid column",
+ CONFIG_USER_SID_DEFAULT),
+ sid_to_string(sid_str,
+ pdb_get_user_sid(newpwd)));
+
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data, "group sid column",
+ CONFIG_GROUP_SID_DEFAULT),
+ sid_to_string(sid_str,
+ pdb_get_group_sid(newpwd)));
+
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data, "username column",
+ CONFIG_USERNAME_DEFAULT),
+ pdb_get_username(newpwd));
+
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data, "domain column",
+ CONFIG_DOMAIN_DEFAULT),
+ pdb_get_domain(newpwd));
+
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data,
+ "nt username column",
+ CONFIG_NT_USERNAME_DEFAULT),
+ pdb_get_nt_username(newpwd));
+
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data, "fullname column",
+ CONFIG_FULLNAME_DEFAULT),
+ pdb_get_fullname(newpwd));
+
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data,
+ "logon script column",
+ CONFIG_LOGON_SCRIPT_DEFAULT),
+ pdb_get_logon_script(newpwd));
+
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data,
+ "profile path column",
+ CONFIG_PROFILE_PATH_DEFAULT),
+ pdb_get_profile_path(newpwd));
+
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data, "dir drive column",
+ CONFIG_DIR_DRIVE_DEFAULT),
+ pdb_get_dir_drive(newpwd));
+
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data, "home dir column",
+ CONFIG_HOME_DIR_DEFAULT),
+ pdb_get_homedir(newpwd));
+
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data,
+ "workstations column",
+ CONFIG_WORKSTATIONS_DEFAULT),
+ pdb_get_workstations(newpwd));
+
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data,
+ "unknown string column",
+ CONFIG_UNKNOWN_STR_DEFAULT),
+ pdb_get_workstations(newpwd));
+
+ pdb_sethexpwd(temp, pdb_get_lanman_passwd(newpwd),
+ pdb_get_acct_ctrl(newpwd));
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data,
+ "lanman pass column",
+ CONFIG_LM_PW_DEFAULT), temp);
+
+ pdb_sethexpwd(temp, pdb_get_nt_passwd(newpwd),
+ pdb_get_acct_ctrl(newpwd));
+ pdb_mysql_string_field(methods, &query,
+ config_value_write(data, "nt pass column",
+ CONFIG_NT_PW_DEFAULT), temp);
+
+ if (query.update) {
+ query.part1[strlen(query.part1) - 1] = '\0';
+ query.part1 =
+ talloc_asprintf_append(query.mem_ctx, query.part1,
+ " WHERE %s = '%s'",
+ config_value_read(data,
+ "user sid column",
+ CONFIG_USER_SID_DEFAULT),
+ sid_to_string(sid_str, pdb_get_user_sid (newpwd)));
+ } else {
+ query.part2[strlen(query.part2) - 1] = ')';
+ query.part1[strlen(query.part1) - 1] = ')';
+ query.part1 =
+ talloc_asprintf_append(query.mem_ctx, query.part1,
+ " VALUES (%s", query.part2);
+ }
+
+ DEBUG(0, ("%s\n", query.part1));
+ /* Execute the query */
+ if (mysql_query(data->handle, query.part1)) {
+ DEBUG(0,
+ ("Error executing %s, %s\n", query.part1,
+ mysql_error(data->handle)));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ talloc_destroy(query.mem_ctx);
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS mysqlsam_add_sam_account(struct pdb_methods *methods, SAM_ACCOUNT * newpwd)
+{
+ return mysqlsam_replace_sam_account(methods, newpwd, 0);
+}
+
+static NTSTATUS mysqlsam_update_sam_account(struct pdb_methods *methods,
+ SAM_ACCOUNT * newpwd)
+{
+ return mysqlsam_replace_sam_account(methods, newpwd, 1);
+}
+
+static NTSTATUS mysqlsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
+ DOM_SID sid, BOOL with_priv)
+{
+ return get_group_map_from_sid(sid, map, with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS mysqlsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
+ gid_t gid, BOOL with_priv)
+{
+ return get_group_map_from_gid(gid, map, with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS mysqlsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
+ char *name, BOOL with_priv)
+{
+ return get_group_map_from_ntname(name, map, with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS mysqlsam_add_group_mapping_entry(struct pdb_methods *methods,
+ GROUP_MAP *map)
+{
+ return add_mapping_entry(map, TDB_INSERT) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS mysqlsam_update_group_mapping_entry(struct pdb_methods *methods,
+ GROUP_MAP *map)
+{
+ return add_mapping_entry(map, TDB_REPLACE) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS mysqlsam_delete_group_mapping_entry(struct pdb_methods *methods,
+ DOM_SID sid)
+{
+ return group_map_remove(sid) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS mysqlsam_enum_group_mapping(struct pdb_methods *methods,
+ enum SID_NAME_USE sid_name_use,
+ GROUP_MAP **rmap, int *num_entries,
+ BOOL unix_only, BOOL with_priv)
+{
+ return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only,
+ with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+
+NTSTATUS pdb_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method,
+ char *location)
+{
+ NTSTATUS nt_status;
+ struct pdb_mysql_data *data;
+
+ mysqlsam_debug_level = debug_add_class("mysqlsam");
+ if (mysqlsam_debug_level == -1) {
+ mysqlsam_debug_level = DBGC_ALL;
+ DEBUG(0,
+ ("mysqlsam: Couldn't register custom debugging class!\n"));
+ }
+
+ if (!pdb_context) {
+ DEBUG(0, ("invalid pdb_methods specified\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (!NT_STATUS_IS_OK
+ (nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
+ return nt_status;
+ }
+
+ (*pdb_method)->name = "mysqlsam";
+
+ (*pdb_method)->setsampwent = mysqlsam_setsampwent;
+ (*pdb_method)->endsampwent = mysqlsam_endsampwent;
+ (*pdb_method)->getsampwent = mysqlsam_getsampwent;
+ (*pdb_method)->getsampwnam = mysqlsam_getsampwnam;
+ (*pdb_method)->getsampwsid = mysqlsam_getsampwsid;
+ (*pdb_method)->add_sam_account = mysqlsam_add_sam_account;
+ (*pdb_method)->update_sam_account = mysqlsam_update_sam_account;
+ (*pdb_method)->delete_sam_account = mysqlsam_delete_sam_account;
+ (*pdb_method)->getgrsid = mysqlsam_getgrsid;
+ (*pdb_method)->getgrgid = mysqlsam_getgrgid;
+ (*pdb_method)->getgrnam = mysqlsam_getgrnam;
+ (*pdb_method)->add_group_mapping_entry = mysqlsam_add_group_mapping_entry;
+ (*pdb_method)->update_group_mapping_entry = mysqlsam_update_group_mapping_entry;
+ (*pdb_method)->delete_group_mapping_entry = mysqlsam_delete_group_mapping_entry;
+ (*pdb_method)->enum_group_mapping = mysqlsam_enum_group_mapping;
+
+ data = talloc(pdb_context->mem_ctx, sizeof(struct pdb_mysql_data));
+ (*pdb_method)->private_data = data;
+ data->handle = NULL;
+ data->pwent = NULL;
+
+ if (!location) {
+ DEBUG(0, ("No identifier specified. See README for details\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ data->location = smb_xstrdup(location);
+
+ DEBUG(1,
+ ("Connecting to database server, host: %s, user: %s, password: %s, database: %s, port: %ld\n",
+ config_value(data, "mysql host", CONFIG_HOST_DEFAULT),
+ config_value(data, "mysql user", CONFIG_USER_DEFAULT),
+ config_value(data, "mysql password", CONFIG_PASS_DEFAULT),
+ config_value(data, "mysql database", CONFIG_DB_DEFAULT),
+ xatol(config_value(data, "mysql port", CONFIG_PORT_DEFAULT))));
+
+ /* Do the mysql initialization */
+ data->handle = mysql_init(NULL);
+ if (!data->handle) {
+ DEBUG(0, ("Failed to connect to server\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ /* Process correct entry in $HOME/.my.conf */
+ if (!mysql_real_connect(data->handle,
+ config_value(data, "mysql host", CONFIG_HOST_DEFAULT),
+ config_value(data, "mysql user", CONFIG_USER_DEFAULT),
+ config_value(data, "mysql password", CONFIG_PASS_DEFAULT),
+ config_value(data, "mysql database", CONFIG_DB_DEFAULT),
+ xatol(config_value (data, "mysql port", CONFIG_PORT_DEFAULT)),
+ NULL, 0)) {
+ DEBUG(0,
+ ("Failed to connect to mysql database: error: %s\n",
+ mysql_error(data->handle)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ DEBUG(5, ("Connected to mysql db\n"));
+
+ return NT_STATUS_OK;
+}
diff --git a/source3/passdb/pdb_xml.c b/source3/passdb/pdb_xml.c
new file mode 100644
index 0000000000..edf70250e2
--- /dev/null
+++ b/source3/passdb/pdb_xml.c
@@ -0,0 +1,567 @@
+
+/*
+ * XML password backend for samba
+ * Copyright (C) Jelmer Vernooij 2002
+ * Some parts based on the libxml gjobread example by Daniel Veillard
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* FIXME:
+ * - Support stdin input by using '-'
+ * - Be faster. Don't rewrite the whole file when adding a user, but store it in the memory and save it when exiting. Requires changes to samba source.
+ * - Gives the ability to read/write to standard input/output
+ * - Do locking!
+ * - Better names!
+ */
+
+
+#define XML_URL "http://www.samba.org/ns"
+
+#include "includes.h"
+
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+static int xmlsam_debug_level = DBGC_ALL;
+
+#undef DBGC_CLASS
+#define DBGC_CLASS xmlsam_debug_level
+
+PDB_MODULE_VERSIONING_MAGIC
+
+static char * iota(int a) {
+ static char tmp[10];
+
+ snprintf(tmp, 9, "%d", a);
+ return tmp;
+}
+
+BOOL parsePass(xmlDocPtr doc, xmlNsPtr ns, xmlNodePtr cur, SAM_ACCOUNT * u)
+{
+ pstring temp;
+
+ cur = cur->xmlChildrenNode;
+ while (cur != NULL) {
+ if (strcmp(cur->name, "crypt"))
+ DEBUG(0, ("Unknown element %s\n", cur->name));
+ else {
+ if (!strcmp(xmlGetProp(cur, "type"), "nt")
+ &&
+ pdb_gethexpwd(xmlNodeListGetString
+ (doc, cur->xmlChildrenNode, 1), temp))
+ pdb_set_nt_passwd(u, temp, PDB_SET);
+ else if (!strcmp(xmlGetProp(cur, "type"), "lanman")
+ &&
+ pdb_gethexpwd(xmlNodeListGetString
+ (doc, cur->xmlChildrenNode, 1), temp))
+ pdb_set_lanman_passwd(u, temp, PDB_SET);
+ else
+ DEBUG(0,
+ ("Unknown crypt type: %s\n",
+ xmlGetProp(cur, "type")));
+ }
+ cur = cur->next;
+ }
+ return True;
+}
+
+BOOL parseUser(xmlDocPtr doc, xmlNsPtr ns, xmlNodePtr cur, SAM_ACCOUNT * u)
+{
+ char *tmp;
+ DOM_SID sid;
+
+ tmp = xmlGetProp(cur, "sid");
+ if (tmp){
+ string_to_sid(&sid, tmp);
+ pdb_set_user_sid(u, &sid, PDB_SET);
+ }
+ tmp = xmlGetProp(cur, "uid");
+ if (tmp)
+ pdb_set_uid(u, atol(tmp), PDB_SET);
+ pdb_set_username(u, xmlGetProp(cur, "name"), PDB_SET);
+ /* We don't care what the top level element name is */
+ cur = cur->xmlChildrenNode;
+ while (cur != NULL) {
+ if ((!strcmp(cur->name, "group")) && (cur->ns == ns)) {
+ tmp = xmlGetProp(cur, "gid");
+ if (tmp)
+ pdb_set_gid(u, atol(tmp), PDB_SET);
+ tmp = xmlGetProp(cur, "sid");
+ if (tmp){
+ string_to_sid(&sid, tmp);
+ pdb_set_group_sid(u, &sid, PDB_SET);
+ }
+ }
+
+ else if ((!strcmp(cur->name, "domain")) && (cur->ns == ns))
+ pdb_set_domain(u,
+ xmlNodeListGetString(doc, cur->xmlChildrenNode,
+ 1), PDB_SET);
+
+ else if (!strcmp(cur->name, "fullname") && cur->ns == ns)
+ pdb_set_fullname(u,
+ xmlNodeListGetString(doc,
+ cur->xmlChildrenNode,
+ 1), PDB_SET);
+
+ else if (!strcmp(cur->name, "nt_username") && cur->ns == ns)
+ pdb_set_nt_username(u,
+ xmlNodeListGetString(doc,
+ cur->xmlChildrenNode,
+ 1), PDB_SET);
+
+ else if (!strcmp(cur->name, "logon_script") && cur->ns == ns)
+ pdb_set_logon_script(u,
+ xmlNodeListGetString(doc,
+ cur->xmlChildrenNode,
+ 1), PDB_SET);
+
+ else if (!strcmp(cur->name, "profile_path") && cur->ns == ns)
+ pdb_set_profile_path(u,
+ xmlNodeListGetString(doc,
+ cur->xmlChildrenNode,
+ 1), PDB_SET);
+
+ else if (!strcmp(cur->name, "logon_time") && cur->ns == ns)
+ pdb_set_logon_time(u,
+ atol(xmlNodeListGetString
+ (doc, cur->xmlChildrenNode, 1)), PDB_SET);
+
+ else if (!strcmp(cur->name, "logoff_time") && cur->ns == ns)
+ pdb_set_logoff_time(u,
+ atol(xmlNodeListGetString
+ (doc, cur->xmlChildrenNode, 1)),
+ PDB_SET);
+
+ else if (!strcmp(cur->name, "kickoff_time") && cur->ns == ns)
+ pdb_set_kickoff_time(u,
+ atol(xmlNodeListGetString
+ (doc, cur->xmlChildrenNode, 1)),
+ PDB_SET);
+
+ else if (!strcmp(cur->name, "logon_divs") && cur->ns == ns)
+ pdb_set_logon_divs(u,
+ atol(xmlNodeListGetString
+ (doc, cur->xmlChildrenNode, 1)), PDB_SET);
+
+ else if (!strcmp(cur->name, "hours_len") && cur->ns == ns)
+ pdb_set_hours_len(u,
+ atol(xmlNodeListGetString
+ (doc, cur->xmlChildrenNode, 1)), PDB_SET);
+
+ else if (!strcmp(cur->name, "unknown_3") && cur->ns == ns)
+ pdb_set_unknown_3(u,
+ atol(xmlNodeListGetString
+ (doc, cur->xmlChildrenNode, 1)), PDB_SET);
+
+ else if (!strcmp(cur->name, "unknown_5") && cur->ns == ns)
+ pdb_set_unknown_5(u,
+ atol(xmlNodeListGetString
+ (doc, cur->xmlChildrenNode, 1)), PDB_SET);
+
+ else if (!strcmp(cur->name, "unknown_6") && cur->ns == ns)
+ pdb_set_unknown_6(u,
+ atol(xmlNodeListGetString
+ (doc, cur->xmlChildrenNode, 1)), PDB_SET);
+
+ else if (!strcmp(cur->name, "homedir") && cur->ns == ns)
+ pdb_set_homedir(u,
+ xmlNodeListGetString(doc, cur->xmlChildrenNode,
+ 1), PDB_SET);
+
+ else if (!strcmp(cur->name, "unknown_str") && cur->ns == ns)
+ pdb_set_unknown_str(u,
+ xmlNodeListGetString(doc,
+ cur->xmlChildrenNode,
+ 1), PDB_SET);
+
+ else if (!strcmp(cur->name, "dir_drive") && cur->ns == ns)
+ pdb_set_dir_drive(u,
+ xmlNodeListGetString(doc,
+ cur->xmlChildrenNode,
+ 1), PDB_SET);
+
+ else if (!strcmp(cur->name, "munged_dial") && cur->ns == ns)
+ pdb_set_munged_dial(u,
+ xmlNodeListGetString(doc,
+ cur->xmlChildrenNode,
+ 1), PDB_SET);
+
+ else if (!strcmp(cur->name, "acct_desc") && cur->ns == ns)
+ pdb_set_acct_desc(u,
+ xmlNodeListGetString(doc,
+ cur->xmlChildrenNode,
+ 1), PDB_SET);
+
+ else if (!strcmp(cur->name, "acct_ctrl") && cur->ns == ns)
+ pdb_set_acct_ctrl(u,
+ atol(xmlNodeListGetString
+ (doc, cur->xmlChildrenNode, 1)), PDB_SET);
+
+ else if (!strcmp(cur->name, "workstations") && cur->ns == ns)
+ pdb_set_workstations(u,
+ xmlNodeListGetString(doc,
+ cur->xmlChildrenNode,
+ 1), PDB_SET);
+
+ else if ((!strcmp(cur->name, "password")) && (cur->ns == ns)) {
+ tmp = xmlGetProp(cur, "last_set");
+ if (tmp)
+ pdb_set_pass_last_set_time(u, atol(tmp), PDB_SET);
+ tmp = xmlGetProp(cur, "must_change");
+ if (tmp)
+ pdb_set_pass_must_change_time(u, atol(tmp), PDB_SET);
+ tmp = xmlGetProp(cur, "can_change");
+ if (tmp)
+ pdb_set_pass_can_change_time(u, atol(tmp), PDB_SET);
+ parsePass(doc, ns, cur, u);
+ }
+
+ else
+ DEBUG(0, ("Unknown element %s\n", cur->name));
+ cur = cur->next;
+ }
+
+ return True;
+}
+
+typedef struct pdb_xml {
+ char *location;
+ char written;
+ xmlDocPtr doc;
+ xmlNodePtr users;
+ xmlNodePtr pwent;
+ xmlNsPtr ns;
+} pdb_xml;
+
+xmlNodePtr parseSambaXMLFile(struct pdb_xml *data)
+{
+ xmlNodePtr cur;
+
+ data->doc = xmlParseFile(data->location);
+ if (data->doc == NULL)
+ return NULL;
+
+ cur = xmlDocGetRootElement(data->doc);
+ if (!cur) {
+ DEBUG(0, ("empty document\n"));
+ xmlFreeDoc(data->doc);
+ return NULL;
+ }
+ data->ns = xmlSearchNsByHref(data->doc, cur, XML_URL);
+ if (!data->ns) {
+ DEBUG(0,
+ ("document of the wrong type, samba user namespace not found\n"));
+ xmlFreeDoc(data->doc);
+ return NULL;
+ }
+ if (strcmp(cur->name, "samba")) {
+ DEBUG(0, ("document of the wrong type, root node != samba"));
+ xmlFreeDoc(data->doc);
+ return NULL;
+ }
+
+ cur = cur->xmlChildrenNode;
+ while (cur && xmlIsBlankNode(cur)) {
+ cur = cur->next;
+ }
+ if (!cur)
+ return NULL;
+ if ((strcmp(cur->name, "users")) || (cur->ns != data->ns)) {
+ DEBUG(0, ("document of the wrong type, was '%s', users expected",
+ cur->name));
+ DEBUG(0, ("xmlDocDump follows\n"));
+ xmlDocDump(stderr, data->doc);
+ DEBUG(0, ("xmlDocDump finished\n"));
+ xmlFreeDoc(data->doc);
+ return NULL;
+ }
+ data->users = cur;
+ cur = cur->xmlChildrenNode;
+ return cur;
+}
+
+static NTSTATUS xmlsam_setsampwent(struct pdb_methods *methods, BOOL update)
+{
+ pdb_xml *data;
+
+ if (!methods) {
+ DEBUG(0, ("Invalid methods\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ data = (pdb_xml *) methods->private_data;
+ if (!data) {
+ DEBUG(0, ("Invalid pdb_xml_data\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ data->pwent = parseSambaXMLFile(data);
+ if (!data->pwent)
+ return NT_STATUS_UNSUCCESSFUL;
+
+ return NT_STATUS_OK;
+}
+
+/***************************************************************
+ End enumeration of the passwd list.
+ ****************************************************************/
+
+static void xmlsam_endsampwent(struct pdb_methods *methods)
+{
+ pdb_xml *data;
+
+ if (!methods) {
+ DEBUG(0, ("Invalid methods\n"));
+ return;
+ }
+
+ data = (pdb_xml *) methods->private_data;
+
+ if (!data) {
+ DEBUG(0, ("Invalid pdb_xml_data\n"));
+ return;
+ }
+
+ xmlFreeDoc(data->doc);
+ data->doc = NULL;
+ data->pwent = NULL;
+}
+
+/*****************************************************************
+ Get one SAM_ACCOUNT from the list (next in line)
+ *****************************************************************/
+
+static NTSTATUS xmlsam_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT * user)
+{
+ pdb_xml *data;
+
+ if (!methods) {
+ DEBUG(0, ("Invalid methods\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ data = (pdb_xml *) methods->private_data;
+
+ if (!data) {
+ DEBUG(0, ("Invalid pdb_xml_data\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ while (data->pwent) {
+ if ((!strcmp(data->pwent->name, "user")) &&
+ (data->pwent->ns == data->ns)) {
+
+ parseUser(data->doc, data->ns, data->pwent, user);
+ data->pwent = data->pwent->next;
+ return NT_STATUS_OK;
+ }
+ data->pwent = data->pwent->next;
+ }
+ return NT_STATUS_UNSUCCESSFUL;
+}
+
+/***************************************************************************
+ Adds an existing SAM_ACCOUNT
+ ****************************************************************************/
+
+static NTSTATUS xmlsam_add_sam_account(struct pdb_methods *methods, SAM_ACCOUNT * u)
+{
+ pstring temp;
+ fstring sid_str;
+ xmlNodePtr cur, user, pass, root;
+ pdb_xml *data;
+
+ DEBUG(10, ("xmlsam_add_sam_account called!\n"));
+
+ if (!methods) {
+ DEBUG(0, ("Invalid methods\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ data = (pdb_xml *) methods->private_data;
+ if (!data) {
+ DEBUG(0, ("Invalid pdb_xml_data\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* Create a new document if we can't open the current one */
+ if (!parseSambaXMLFile(data)) {
+ DEBUG(0, ("Can't load current XML file, creating a new one\n"));
+ data->doc = xmlNewDoc(XML_DEFAULT_VERSION);
+ root = xmlNewDocNode(data->doc, NULL, "samba", NULL);
+ cur = xmlDocSetRootElement(data->doc, root);
+ data->ns = xmlNewNs(root, XML_URL, "samba");
+ data->users = xmlNewChild(root, data->ns, "users", NULL);
+ }
+
+ user = xmlNewChild(data->users, data->ns, "user", NULL);
+ xmlNewProp(user, "sid",
+ sid_to_string(sid_str, pdb_get_user_sid(u)));
+ if (pdb_get_init_flags(u, PDB_UID) != PDB_DEFAULT)
+ xmlNewProp(user, "uid", iota(pdb_get_uid(u)));
+
+ if (pdb_get_username(u) && strcmp(pdb_get_username(u), ""))
+ xmlNewProp(user, "name", pdb_get_username(u));
+
+ cur = xmlNewChild(user, data->ns, "group", NULL);
+
+ xmlNewProp(cur, "sid",
+ sid_to_string(sid_str, pdb_get_group_sid(u)));
+ if (pdb_get_init_flags(u, PDB_GID) != PDB_DEFAULT)
+ xmlNewProp(cur, "gid", iota(pdb_get_gid(u)));
+
+ if (pdb_get_init_flags(u, PDB_LOGONTIME) != PDB_DEFAULT)
+ xmlNewChild(user, data->ns, "login_time",
+ iota(pdb_get_logon_time(u)));
+
+ if (pdb_get_init_flags(u, PDB_LOGOFFTIME) != PDB_DEFAULT)
+ xmlNewChild(user, data->ns, "logoff_time",
+ iota(pdb_get_logoff_time(u)));
+
+ if (pdb_get_init_flags(u, PDB_KICKOFFTIME) != PDB_DEFAULT)
+ xmlNewChild(user, data->ns, "kickoff_time",
+ iota(pdb_get_kickoff_time(u)));
+
+ if (pdb_get_domain(u) && strcmp(pdb_get_domain(u), ""))
+ xmlNewChild(user, data->ns, "domain", pdb_get_domain(u));
+
+ if (pdb_get_nt_username(u) && strcmp(pdb_get_nt_username(u), ""))
+ xmlNewChild(user, data->ns, "nt_username", pdb_get_nt_username(u));
+
+ if (pdb_get_fullname(u) && strcmp(pdb_get_fullname(u), ""))
+ xmlNewChild(user, data->ns, "fullname", pdb_get_fullname(u));
+
+ if (pdb_get_homedir(u) && strcmp(pdb_get_homedir(u), ""))
+ xmlNewChild(user, data->ns, "homedir", pdb_get_homedir(u));
+
+ if (pdb_get_dir_drive(u) && strcmp(pdb_get_dir_drive(u), ""))
+ xmlNewChild(user, data->ns, "dir_drive", pdb_get_dir_drive(u));
+
+ if (pdb_get_logon_script(u) && strcmp(pdb_get_logon_script(u), ""))
+ xmlNewChild(user, data->ns, "logon_script",
+ pdb_get_logon_script(u));
+
+ if (pdb_get_profile_path(u) && strcmp(pdb_get_profile_path(u), ""))
+ xmlNewChild(user, data->ns, "profile_path",
+ pdb_get_profile_path(u));
+
+ if (pdb_get_acct_desc(u) && strcmp(pdb_get_acct_desc(u), ""))
+ xmlNewChild(user, data->ns, "acct_desc", pdb_get_acct_desc(u));
+
+ if (pdb_get_workstations(u) && strcmp(pdb_get_workstations(u), ""))
+ xmlNewChild(user, data->ns, "workstations",
+ pdb_get_workstations(u));
+
+ if (pdb_get_unknown_str(u) && strcmp(pdb_get_unknown_str(u), ""))
+ xmlNewChild(user, data->ns, "unknown_str", pdb_get_unknown_str(u));
+
+ if (pdb_get_munged_dial(u) && strcmp(pdb_get_munged_dial(u), ""))
+ xmlNewChild(user, data->ns, "munged_dial", pdb_get_munged_dial(u));
+
+
+ /* Password stuff */
+ pass = xmlNewChild(user, data->ns, "password", NULL);
+ if (pdb_get_pass_last_set_time(u))
+ xmlNewProp(pass, "last_set", iota(pdb_get_pass_last_set_time(u)));
+ if (pdb_get_init_flags(u, PDB_CANCHANGETIME) != PDB_DEFAULT)
+ xmlNewProp(pass, "can_change",
+ iota(pdb_get_pass_can_change_time(u)));
+
+ if (pdb_get_init_flags(u, PDB_MUSTCHANGETIME) != PDB_DEFAULT)
+ xmlNewProp(pass, "must_change",
+ iota(pdb_get_pass_must_change_time(u)));
+
+
+ if (pdb_get_lanman_passwd(u)) {
+ pdb_sethexpwd(temp, pdb_get_lanman_passwd(u),
+ pdb_get_acct_ctrl(u));
+ cur = xmlNewChild(pass, data->ns, "crypt", temp);
+ xmlNewProp(cur, "type", "lanman");
+ }
+
+ if (pdb_get_nt_passwd(u)) {
+ pdb_sethexpwd(temp, pdb_get_nt_passwd(u), pdb_get_acct_ctrl(u));
+ cur = xmlNewChild(pass, data->ns, "crypt", temp);
+ xmlNewProp(cur, "type", "nt");
+ }
+
+ xmlNewChild(user, data->ns, "acct_ctrl", iota(pdb_get_acct_ctrl(u)));
+ xmlNewChild(user, data->ns, "unknown_3", iota(pdb_get_unknown_3(u)));
+
+ if (pdb_get_logon_divs(u))
+ xmlNewChild(user, data->ns, "logon_divs",
+ iota(pdb_get_logon_divs(u)));
+
+ if (pdb_get_hours_len(u))
+ xmlNewChild(user, data->ns, "hours_len",
+ iota(pdb_get_hours_len(u)));
+
+ xmlNewChild(user, data->ns, "unknown_5", iota(pdb_get_unknown_5(u)));
+ xmlNewChild(user, data->ns, "unknown_6", iota(pdb_get_unknown_6(u)));
+ xmlSaveFile(data->location, data->doc);
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS pdb_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method,
+ const char *location)
+{
+ NTSTATUS nt_status;
+ pdb_xml *data;
+
+ xmlsam_debug_level = debug_add_class("xmlsam");
+ if (xmlsam_debug_level == -1) {
+ xmlsam_debug_level = DBGC_ALL;
+ DEBUG(0, ("xmlsam: Couldn't register custom debugging class!\n"));
+ }
+
+ if (!pdb_context) {
+ DEBUG(0, ("invalid pdb_methods specified\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (!NT_STATUS_IS_OK
+ (nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
+ return nt_status;
+ }
+
+ (*pdb_method)->name = "xmlsam";
+
+ (*pdb_method)->setsampwent = xmlsam_setsampwent;
+ (*pdb_method)->endsampwent = xmlsam_endsampwent;
+ (*pdb_method)->getsampwent = xmlsam_getsampwent;
+ (*pdb_method)->add_sam_account = xmlsam_add_sam_account;
+ (*pdb_method)->getsampwnam = NULL;
+ (*pdb_method)->getsampwsid = NULL;
+ (*pdb_method)->update_sam_account = NULL;
+ (*pdb_method)->delete_sam_account = NULL;
+ (*pdb_method)->getgrsid = NULL;
+ (*pdb_method)->getgrgid = NULL;
+ (*pdb_method)->getgrnam = NULL;
+ (*pdb_method)->add_group_mapping_entry = NULL;
+ (*pdb_method)->update_group_mapping_entry = NULL;
+ (*pdb_method)->delete_group_mapping_entry = NULL;
+ (*pdb_method)->enum_group_mapping = NULL;
+
+ data = talloc(pdb_context->mem_ctx, sizeof(pdb_xml));
+ data->location =
+ (location ? talloc_strdup(pdb_context->mem_ctx, location) : "-");
+ data->pwent = NULL;
+ data->written = 0;
+ (*pdb_method)->private_data = data;
+
+ LIBXML_TEST_VERSION xmlKeepBlanksDefault(0);
+
+ return NT_STATUS_OK;
+}
generated by cgit (git 2.34.1) at 2024-11-13 11:55:08 +0000