summaryrefslogtreecommitdiff
path: root/source3/passdb/passdb.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb/passdb.c')
-rw-r--r--source3/passdb/passdb.c259
1 files changed, 238 insertions, 21 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index acc8d1c609..d7ba8479bf 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -35,6 +35,19 @@ DOM_SID global_machine_sid;
/*
* NOTE. All these functions are abstracted into a structure
* that points to the correct function for the selected database. JRA.
+ *
+ * NOTE. for the get/mod/add functions, there are two sets of functions.
+ * one supports struct sam_passwd, the other supports struct smb_passwd.
+ * for speed optimisation it is best to support both these sets.
+ *
+ * it is, however, optional to support one set but not the other: there
+ * is conversion-capability built in to passdb.c, and run-time error
+ * detection for when neither are supported.
+ *
+ * password database writers are recommended to implement the sam_passwd
+ * functions in a first pass, as struct sam_passwd contains more
+ * information, needed by the NT Domain support. lkcl.
+ *
*/
static struct passdb_ops *pdb_ops;
@@ -115,8 +128,10 @@ struct smb_passwd *iterate_getsmbpwnam(char *name)
BOOL initialize_password_db(void)
{
- if(pdb_ops)
+ if (pdb_ops)
+ {
return True;
+ }
#ifdef USE_NISPLUS_DB
pdb_ops = nisplus_initialize_password_db();
@@ -141,6 +156,7 @@ BOOL initialize_password_db(void)
from this function may be used to enumerate struct sam_passwd
entries as well as struct smb_passwd entries. This may need
to change. JRA.
+
****************************************************************/
void *startsmbpwent(BOOL update)
@@ -169,7 +185,19 @@ void endsmbpwent(void *vp)
struct smb_passwd *getsmbpwent(void *vp)
{
- return pdb_ops->getsmbpwent(vp);
+ if (pdb_ops->getsmbpwent == NULL && pdb_ops->getsam21pwent == NULL)
+ {
+ /* must have one or the other: this is an error by the password
+ database implementor for the back-end you are using.
+ */
+ DEBUG(0,("getsmbpwent: getsmbpwent() and getsam21pwent() not supported!\n"));
+ return NULL;
+ }
+ if (pdb_ops->getsmbpwent != NULL)
+ {
+ return pdb_ops->getsmbpwent(vp);
+ }
+ return pdb_sam_to_smb(pdb_ops->getsam21pwent(vp));
}
/*************************************************************************
@@ -210,7 +238,19 @@ BOOL setsmbpwpos(void *vp, unsigned long tok)
BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
{
- return pdb_ops->add_smbpwd_entry(newpwd);
+ if (pdb_ops->add_smbpwd_entry == NULL && pdb_ops->add_sam21pwd_entry == NULL)
+ {
+ /* must have one or the other: this is an error by the password
+ database implementor for the back-end you are using.
+ */
+ DEBUG(0,("add_smbpwd_entry: add_smbpwd_entry() and add_sam21pwd_entry() not supported!\n"));
+ return False;
+ }
+ if (pdb_ops->add_smbpwd_entry != NULL)
+ {
+ return pdb_ops->add_smbpwd_entry(newpwd);
+ }
+ return pdb_ops->add_sam21pwd_entry(pdb_smb_to_sam(newpwd));
}
/************************************************************************
@@ -224,7 +264,19 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
{
- return pdb_ops->mod_smbpwd_entry(pwd, override);
+ if (pdb_ops->mod_smbpwd_entry == NULL && pdb_ops->mod_sam21pwd_entry == NULL)
+ {
+ /* must have one or the other: this is an error by the password
+ database implementor for the back-end you are using.
+ */
+ DEBUG(0,("mod_smbpwd_entry: mod_smbpwd_entry() and mod_sam21pwd_entry() not supported!\n"));
+ return False;
+ }
+ if (pdb_ops->mod_smbpwd_entry != NULL)
+ {
+ return pdb_ops->mod_smbpwd_entry(pwd, override);
+ }
+ return pdb_ops->mod_sam21pwd_entry(pdb_smb_to_sam(pwd), override);
}
/************************************************************************
@@ -233,7 +285,19 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
struct smb_passwd *getsmbpwnam(char *name)
{
- return pdb_ops->getsmbpwnam(name);
+ if (pdb_ops->getsmbpwnam == NULL && pdb_ops->getsam21pwnam == NULL)
+ {
+ /* must have one or the other: this is an error by the password
+ database implementor for the back-end you are using.
+ */
+ DEBUG(0,("getsmbpwnam: getsmbpwnam() and getsam21pwnam() not supported!\n"));
+ return NULL;
+ }
+ if (pdb_ops->getsam21pwnam != NULL)
+ {
+ return pdb_ops->getsmbpwnam(name);
+ }
+ return pdb_sam_to_smb(getsam21pwnam(name));
}
/************************************************************************
@@ -242,7 +306,19 @@ struct smb_passwd *getsmbpwnam(char *name)
struct smb_passwd *getsmbpwuid(uid_t smb_userid)
{
- return pdb_ops->getsmbpwuid(smb_userid);
+ if (pdb_ops->getsmbpwuid == NULL && pdb_ops->getsam21pwrid == NULL)
+ {
+ /* must have one or the other: this is an error by the password
+ database implementor for the back-end you are using.
+ */
+ DEBUG(0,("getsmbpwuid: getsmbpwuid() and getsam21pwrid() not supported!\n"));
+ return NULL;
+ }
+ if (pdb_ops->getsmbpwuid != NULL)
+ {
+ return pdb_ops->getsmbpwuid(smb_userid);
+ }
+ return pdb_sam_to_smb(pdb_ops->getsam21pwuid(pdb_uid_to_user_rid(smb_userid)));
}
/*
@@ -285,9 +361,50 @@ struct sam_passwd *iterate_getsam21pwnam(char *name)
/************************************************************************
Utility function to search sam passwd by uid. use this if your database
does not have search facilities.
+
+ search capability by both rid and uid are needed as the rid <-> uid
+ mapping may be non-monotonic.
+
*************************************************************************/
-struct sam_passwd *iterate_getsam21pwuid(uint32 uid)
+struct sam_passwd *iterate_getsam21pwrid(uint32 rid)
+{
+ struct sam_passwd *pwd = NULL;
+ void *fp = NULL;
+
+ DEBUG(10, ("iterate_getsam21pwrid: search by rid: %x\n", rid));
+
+ /* Open the smb password file - not for update. */
+ fp = startsmbpwent(False);
+
+ if (fp == NULL)
+ {
+ DEBUG(0, ("iterate_getsam21pwrid: unable to open sam password database.\n"));
+ return NULL;
+ }
+
+ while ((pwd = getsam21pwent(fp)) != NULL && pwd->user_rid != rid)
+ ;
+
+ if (pwd != NULL)
+ {
+ DEBUG(10, ("iterate_getsam21pwrid: found by user_rid: %x\n", rid));
+ }
+
+ endsmbpwent(fp);
+ return pwd;
+}
+
+/************************************************************************
+ Utility function to search sam passwd by uid. use this if your database
+ does not have search facilities.
+
+ search capability by both rid and uid are needed as the rid <-> uid
+ mapping may be non-monotonic.
+
+*************************************************************************/
+
+struct sam_passwd *iterate_getsam21pwuid(uid_t uid)
{
struct sam_passwd *pwd = NULL;
void *fp = NULL;
@@ -316,12 +433,27 @@ struct sam_passwd *iterate_getsam21pwuid(uint32 uid)
}
/*************************************************************************
- Routine to return the next entry in the sam passwd list.
+ Routine to return a display info structure, by rid
*************************************************************************/
+struct sam_disp_info *getsamdisprid(uint32 rid)
+{
+ if (pdb_ops->getsamdisprid != NULL)
+ {
+ return pdb_ops->getsamdisprid(rid);
+ }
+ return pdb_sam_to_dispinfo(pdb_ops->getsam21pwrid(rid));
+}
+/*************************************************************************
+ Routine to return the next entry in the sam passwd list.
+ *************************************************************************/
struct sam_disp_info *getsamdispent(void *vp)
{
- return pdb_sam_to_dispinfo(pdb_ops->getsam21pwent(vp));
+ if (pdb_ops->getsamdispent != NULL)
+ {
+ return pdb_ops->getsamdispent(vp);
+ }
+ return pdb_sam_to_dispinfo(pdb_ops->getsam21pwent(vp));
}
/*************************************************************************
@@ -330,7 +462,19 @@ struct sam_disp_info *getsamdispent(void *vp)
struct sam_passwd *getsam21pwent(void *vp)
{
- return pdb_ops->getsam21pwent(vp);
+ if (pdb_ops->getsmbpwent == NULL && pdb_ops->getsam21pwent == NULL)
+ {
+ /* must have one or the other: this is an error by the password
+ database implementor for the back-end you are using.
+ */
+ DEBUG(0,("getsmbpwent: getsmbpwent() and getsam21pwent() not supported!\n"));
+ return NULL;
+ }
+ if (pdb_ops->getsam21pwent != NULL)
+ {
+ return pdb_ops->getsam21pwent(vp);
+ }
+ return pdb_smb_to_sam(pdb_ops->getsmbpwent(vp));
}
/************************************************************************
@@ -339,7 +483,19 @@ struct sam_passwd *getsam21pwent(void *vp)
BOOL add_sam21pwd_entry(struct sam_passwd *newpwd)
{
- return pdb_ops->add_sam21pwd_entry(newpwd);
+ if (pdb_ops->add_smbpwd_entry == NULL && pdb_ops->add_sam21pwd_entry == NULL)
+ {
+ /* must have one or the other: this is an error by the password
+ database implementor for the back-end you are using.
+ */
+ DEBUG(0,("add_smbpwd_entry: add_smbpwd_entry() and add_sam21pwd_entry() not supported!\n"));
+ return False;
+ }
+ if (pdb_ops->add_sam21pwd_entry != NULL)
+ {
+ return pdb_ops->add_sam21pwd_entry(newpwd);
+ }
+ return pdb_ops->add_smbpwd_entry(pdb_sam_to_smb(newpwd));
}
/************************************************************************
@@ -353,7 +509,19 @@ BOOL add_sam21pwd_entry(struct sam_passwd *newpwd)
BOOL mod_sam21pwd_entry(struct sam_passwd* pwd, BOOL override)
{
- return pdb_ops->mod_sam21pwd_entry(pwd, override);
+ if (pdb_ops->mod_smbpwd_entry == NULL && pdb_ops->mod_sam21pwd_entry == NULL)
+ {
+ /* must have one or the other: this is an error by the password
+ database implementor for the back-end you are using.
+ */
+ DEBUG(0,("mod_smbpwd_entry: mod_smbpwd_entry() and mod_sam21pwd_entry() not supported!\n"));
+ return False;
+ }
+ if (pdb_ops->mod_sam21pwd_entry != NULL)
+ {
+ return pdb_ops->mod_sam21pwd_entry(pwd, override);
+ }
+ return pdb_ops->mod_smbpwd_entry(pdb_sam_to_smb(pwd), override);
}
@@ -363,16 +531,61 @@ BOOL mod_sam21pwd_entry(struct sam_passwd* pwd, BOOL override)
struct sam_passwd *getsam21pwnam(char *name)
{
- return pdb_ops->getsam21pwnam(name);
+ if (pdb_ops->getsmbpwnam == NULL && pdb_ops->getsam21pwnam == NULL)
+ {
+ /* must have one or the other: this is an error by the password
+ database implementor for the back-end you are using.
+ */
+ DEBUG(0,("getsam21pwnam: getsmbpwnam() and getsam21pwnam() not supported!\n"));
+ return NULL;
+ }
+ if (pdb_ops->getsam21pwnam != NULL)
+ {
+ return pdb_ops->getsam21pwnam(name);
+ }
+ return pdb_smb_to_sam(getsmbpwnam(name));
+}
+
+/************************************************************************
+ Routine to search sam passwd by rid.
+*************************************************************************/
+
+struct sam_passwd *getsam21pwrid(uint32 rid)
+{
+ if (pdb_ops->getsmbpwuid == NULL && pdb_ops->getsam21pwrid == NULL)
+ {
+ /* must have one or the other: this is an error by the password
+ database implementor for the back-end you are using.
+ */
+ DEBUG(0,("getsam21pwrid: getsmbpwuid() and getsam21pwrid() not supported!\n"));
+ return NULL;
+ }
+ if (pdb_ops->getsam21pwrid != NULL)
+ {
+ return pdb_ops->getsam21pwrid(rid);
+ }
+ return pdb_smb_to_sam(pdb_ops->getsmbpwuid(pdb_user_rid_to_uid(rid)));
}
/************************************************************************
Routine to search sam passwd by uid.
*************************************************************************/
-struct sam_passwd *getsam21pwuid(uint32 uid)
+struct sam_passwd *getsam21pwuid(uid_t uid)
{
- return pdb_ops->getsam21pwuid(uid);
+ if (pdb_ops->getsmbpwuid == NULL && pdb_ops->getsam21pwrid == NULL)
+ {
+ /* must have one or the other: this is an error by the password
+ database implementor for the back-end you are using.
+ */
+ DEBUG(0,("getsam21pwuid: getsmbpwuid() and getsam21pwrid() not supported!\n"));
+ return NULL;
+ }
+ if (pdb_ops->getsam21pwuid != NULL)
+ {
+ return pdb_ops->getsam21pwuid(uid);
+ }
+ return pdb_smb_to_sam(pdb_ops->getsmbpwuid(uid));
}
@@ -885,25 +1098,25 @@ Error was %s\n", sid_file, strerror(errno) ));
converts NT User RID to a UNIX uid.
********************************************************************/
-uint32 pdb_user_rid_to_uid(uint32 u_rid)
+uid_t pdb_user_rid_to_uid(uint32 u_rid)
{
- return (u_rid - 1000);
+ return (uid_t)(u_rid - 1000);
}
/*******************************************************************
converts NT Group RID to a UNIX uid.
********************************************************************/
-uint32 pdb_group_rid_to_gid(uint32 u_gid)
+gid_t pdb_group_rid_to_gid(uint32 g_rid)
{
- return (u_gid - 1000);
+ return (gid_t)(g_rid - 1000);
}
/*******************************************************************
converts UNIX uid to an NT User RID.
********************************************************************/
-uint32 pdb_uid_to_user_rid(uint32 uid)
+uint32 pdb_uid_to_user_rid(uid_t uid)
{
return (uint32)(uid + 1000);
}
@@ -912,7 +1125,7 @@ uint32 pdb_uid_to_user_rid(uint32 uid)
converts NT Group RID to a UNIX uid.
********************************************************************/
-uint32 pdb_gid_to_group_rid(uint32 gid)
+uint32 pdb_gid_to_group_rid(gid_t gid)
{
return (uint32)(gid + 1000);
}
@@ -924,5 +1137,9 @@ uint32 pdb_gid_to_group_rid(uint32 gid)
BOOL pdb_rid_is_user(uint32 rid)
{
/* Punt for now - we need to look at the encoding here. JRA. */
+ /* lkcl i understand that NT attaches an enumeration to a RID
+ * such that it can be identified as either a user, group etc
+ * type. there are 5 such categories, and they are documented.
+ */
return True;
}