lookups in smbpasswd file
Todd Pfaff
todd at edge.cis.mcmaster.ca
Wed Mar 4 18:57:06 GMT 1998
On Thu, 5 Mar 1998, Jeremy Allison wrote:
> Gerald W. Carter wrote:
> >
> > If this is a limitation, a possible solution would be to keep the
> > standard smbpasswd file but translate it to a DBM hash ( *.dir & *.pag
> > files ) similiar to NIS maps. Smbpasswd could be modified to interface
> > directly iwith the DBM files. Also add an option to dump the map to a
> > flat ASCII file.
> >
>
> That's a very good idea, and one I've been wanting
> to do for a while. Issues you will need to consider :
>
> 1). Concurrent updates - as I recall, most dbm hash
> libraries don't allow record locking for concurrent
> updates. smbpasswd will need this I think.
>
> 2). Transaction security - losing your password
> file due to a smbd/smbpasswd crash won't be popular.
> This may be solvable by keeping a ascii snapshot also
> but we should have some method of dealing with this.
>
> 3). Setuid security. smbpasswd is a setuid root
> program - adding dbm libraries to it means that
> the dbm libraries must also pass the strict
> security requirements for such a program. Do they ?
>
> These problems are why I haven't done the code
> work yet, I don't have good answers to them.
>
> Just my 2 cents worth....
>
> Jeremy Allison,
> Samba Team.
a quick solution that bypasses some or all of these concerns...
just use the dbm file for lookups. the only code that has to be modified
is function get_smbpwd_entry() in smbpass.c. it could even be conditional
on whether or not smbpasswd.dir exists.
continue applying changes to the text file and rebuild the dbm files
whenever a change occurs. this can be accomplished with (under sunos
anyway): system("makedbm smbpasswd smbpasswd").
this is similar to how the nis yppasswdd stuff works in sunos. yppasswd
receives updates, applies them to passwd file, and then runs a yp make to
rebuild the passwd map. mind you, this makedbm can take a long time for
large passwd files. but at least it improves the lookup time.
--
Todd Pfaff \ Email: pfaff at mcmaster.ca
Computing and Information Services \ Voice: (905) 525-9140 x22920
ABB 132 \ FAX: (905) 528-3773
McMaster University \
Hamilton, Ontario, Canada L8S 4M1 \
More information about the samba-ntdom
mailing list