lookups in smbpasswd file

Todd Pfaff todd at edge.cis.mcmaster.ca
Wed Mar 4 18:57:06 GMT 1998 

On Thu, 5 Mar 1998, Jeremy Allison wrote:

> Gerald W. Carter wrote:
> > 
> > If this is a limitation, a possible solution would be to keep the
> > standard smbpasswd file  but translate it to a DBM hash ( *.dir & *.pag
> > files ) similiar to NIS maps.  Smbpasswd could be modified to interface
> > directly iwith the DBM files.  Also add an option to dump the map to a
> > flat ASCII file.
> > 
> 
> That's a very good idea, and one I've been wanting
> to do for a while. Issues you will need to consider :
> 
> 1). Concurrent updates - as I recall, most dbm hash
> libraries don't allow record locking for concurrent
> updates. smbpasswd will need this I think.
> 
> 2). Transaction security - losing your password
> file due to a smbd/smbpasswd crash won't be popular.
> This may be solvable by keeping a ascii snapshot also
> but we should have some method of dealing with this.
> 
> 3). Setuid security. smbpasswd is a setuid root
> program - adding dbm libraries to it means that
> the dbm libraries must also pass the strict
> security requirements for such a program. Do they ?
> 
> These problems are why I haven't done the code
> work yet, I don't have good answers to them.
> 
> Just my 2 cents worth....
> 
> Jeremy Allison,
> Samba Team.

a quick solution that bypasses some or all of these concerns...

just use the dbm file for lookups.  the only code that has to be modified
is function get_smbpwd_entry() in smbpass.c.  it could even be conditional
on whether or not smbpasswd.dir exists.

continue applying changes to the text file and rebuild the dbm files
whenever a change occurs.  this can be accomplished with (under sunos
anyway): system("makedbm smbpasswd smbpasswd").

this is similar to how the nis yppasswdd stuff works in sunos.  yppasswd
receives updates, applies them to passwd file, and then runs a yp make to
rebuild the passwd map.  mind you, this makedbm can take a long time for
large passwd files.  but at least it improves the lookup time.

--
Todd Pfaff                         \  Email: pfaff at mcmaster.ca
Computing and Information Services  \ Voice: (905) 525-9140 x22920
ABB 132                              \  FAX: (905) 528-3773
McMaster University                   \
Hamilton, Ontario, Canada  L8S 4M1     \

More information about the samba-ntdom mailing list