password API needed

Luke Kenneth Casson Leighton lkcl at switchboard.net
Mon May 18 11:46:31 GMT 1998


notes on the password database api.

1) calling databases from passdb.c
----------------------------------

all these routines in passdb.c have:

some_fn()
{
#ifdef USE_SOMESORTOF_DB
	some_db_fn()
#endif

#ifdef USE_SOMEOTHERSORTOF_DB
	some_other_db_fn()
#endif
}



2) password api routines
------------------------

note: the sam21 routines (struct sam_passwd) have a user RID search, _not_
a unix uid search.  the non-sam21 routines (struct smb_passwd) have a unix
uid search, _not_ a user RID search. 

 /* The following definitions come from  passdb.c  */

/* enumeration */

void *startsampwent(BOOL update);
void endsampwent(void *vp);

struct smb_passwd *getsampwent(void *vp);
struct sam_passwd *getsam21pwent(void *vp);
struct sam_info getsamdispent(void *vp) 

unsigned long getsampwpos(void *vp);
BOOL setsampwpos(void *vp, unsigned long tok);

/* add / modify entries */

BOOL add_sampwd_entry(struct smb_passwd *newpwd);
BOOL add_sam21pwd_entry(struct sam_passwd *newpwd);
BOOL mod_sampwd_entry(struct smb_passwd* pwd, BOOL override);
BOOL mod_sam21pwd_entry(struct sam_passwd* pwd, BOOL override);

/* search */

struct smb_passwd *getsampwnam(char *name);
struct smb_passwd *getsampwuid(uid_t smb_userid);
struct sam_passwd *getsam21pwnam(char *name);
struct sam_passwd *getsam21pwrid(uint32 rid);


add
---

add should return False without modifying the database if an entry with
the same name exists, in the case of both the add_sam21pwd_entry and
add_sampwd_entry routines.

add should return False without modifying the database if an entry with
the same rid or the same name exists, in the case of the
add_sam21pwd_entry routine.


search
------

inside passdb.c, there are _getsampwxxx and _getsam21pwxxx routines.
these implement linear search by calling the enumeration routines, and can
be used if the database engine being used does not have search capability,
or if the implementor does not wish to write one straight away.



4) supporting both struct smb_passwd and sam_passwd
---------------------------------------------------

for the sam21 (struct sam_passwd not smb_passwd) routines, databases are
expected to create default entries for fields if either: 

- the underlying database does not support all the sam21 fields (which is
bad)

- the underlying database has a blank entry for a particular field.

detailed example.  in smbpass.c, private/smbpasswd only has user, unix
uid, NTLM hashes, acb info, password last set time.  therefore: 

- lp_profile_path(), lp_homedir() etc shall be read from smb.conf.  if
fields do not exist they shall be set to "".

- all times except password last set time shall be set to -1

- the NT user RID shall be filled in by calling uid_to_user_rid().

- the NT group RID shall be filled in by doing getpwent(unix uid),
obtaining the unix gid and calling gid_to_group_rid().

future versions of smbpass.c will also have a private/samdb file, which
shall contain the missing struct sam_passwd fields.  if any of those
fields are empty in the samdb file for a given user, the above defaults
shall be used.


5) query display info
---------------------

a future API routine to be added soon (oh, i seem to have just added it)
will be: 

struct sam_info getsamdispent(void *vp) 

struct sam_info
{
	char *smb_name;
	char *smb_full_name;
	uint32 rid;
};

a first pass at this may hide the necessity for its specific 
implementation in all databases by calling getsampwent and dragging the
three key member variables out of struct sam_passwd.  in fact, i think
i'll do that now :-)

this function is expected to be called for the "display" side of
USRMGR.EXE and SRVMGR.EXE support (lib/rpc/server/srv_samr.c -
SamrQueryDispInfo).




More information about the samba-technical mailing list