Age | Commit message (Collapse) | Author | Files | Lines |
|
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
|
|
backtrace. Will break on many machines, but we're already crashed in
this case.
(This used to be commit f0878f19eb729d70cc96f450b4b0d2c180498a35)
|
|
little while. This should give us a bit more coverage.
Andrew Bartlett
(This used to be commit 9e5a1d1623872a598c936e596270abe519c36e97)
|
|
and push it to 10 when we fail (we redo the test).
Also disable the server-level security testing till it know what it does
Andrew Bartlett
(This used to be commit 805c20452e98c5e3d3fb24537ce722d4318ffa90)
|
|
Andrew Bartlett
(This used to be commit 584a14a2163a22d6a532c926040f4f9bcc34463d)
|
|
(This used to be commit 0d112d7960353b33e9c5015c39a107a47e6f690d)
|
|
We now test security=share, security=user, security=server for both the
positive and negitive case (good/bad pw) and check that guest shares work for
share level security.
The server level security stuff seems to test positive without actualy
contating a server (another LIBSMB_PROG based smbd) - I will need to look into that...
Andrew Bartlett
(This used to be commit 19fdc553d6ab06e53c21425468f86da56f4d9153)
|
|
Andrew Bartlett
(This used to be commit 56a881b2b4957912055fdf053ef37ca2ea3606b8)
|
|
This works with the new build farm system
Andrew Bartlett
(This used to be commit 542977bc4323e041512e91d7a38422e7abc4e5ae)
|