[PATCH] change SAM DB (files,tdb,ldap,nisplus) in smb.conf +
add ldap parameter referral, scope ,tls ...
Stefan Metzmacher
stefan.metzmacher at metzemix.de
Thu Dec 20 14:57:02 GMT 2001
Hello,
Here are the SAMDB patch and the ldap parameter patch together
patch is for samba-2.2.2
--------------------------------------------------------------------------------------------------------------------
diff -urN samba-2.2.2/source/configure samba-2.2.2-MX/source/configure
--- samba-2.2.2/source/configure Sat Oct 13 23:09:16 2001
+++ samba-2.2.2-MX/source/configure Wed Oct 31 00:00:38 2001
@@ -11375,7 +11375,7 @@
#define WITH_TDB_SAM 1
EOF
- with_smbpasswd_sam=no
+ with_smbpasswd_sam=yes
;;
*)
echo "$ac_t""no" 1>&6
@@ -11402,7 +11402,7 @@
EOF
LIBS="-lldap -llber -lresolv $LIBS"
- with_smbpasswd_sam=no
+ with_smbpasswd_sam=yes
;;
*)
echo "$ac_t""no" 1>&6
@@ -11428,7 +11428,7 @@
#define WITH_NISPLUS_SAM 1
EOF
- with_smbpasswd_sam=no
+ with_smbpasswd_sam=yes
;;
*)
echo "$ac_t""no" 1>&6
diff -urN samba-2.2.2/source/configure.in samba-2.2.2-MX/source/configure.in
--- samba-2.2.2/source/configure.in Sat Oct 13 23:09:16 2001
+++ samba-2.2.2-MX/source/configure.in Wed Oct 31 00:00:38 2001
@@ -1029,92 +1029,7 @@
fi
AC_CACHE_CHECK([for ut_time in utmp],samba_cv_HAVE_UT_UT_TIME,[
-AC_TRY_COMPILE([#include <sys/types.h>
-#include <utmp.h>],
-[struct utmp ut; time_t t; ut.ut_time = t;],
-samba_cv_HAVE_UT_UT_TIME=yes,samba_cv_HAVE_UT_UT_TIME=no,samba_cv_HAVE_UT_UT_TIME=cross)])
-if test x"$samba_cv_HAVE_UT_UT_TIME" = x"yes"; then
- AC_DEFINE(HAVE_UT_UT_TIME)
-fi
-
-AC_CACHE_CHECK([for ut_tv in utmp],samba_cv_HAVE_UT_UT_TV,[
-AC_TRY_COMPILE([#include <sys/types.h>
-#include <utmp.h>],
-[struct utmp ut; struct timeval tv; ut.ut_tv = tv;],
-samba_cv_HAVE_UT_UT_TV=yes,samba_cv_HAVE_UT_UT_TV=no,samba_cv_HAVE_UT_UT_TV=cross)])
-if test x"$samba_cv_HAVE_UT_UT_TV" = x"yes"; then
- AC_DEFINE(HAVE_UT_UT_TV)
-fi
-
-AC_CACHE_CHECK([for ut_type in utmp],samba_cv_HAVE_UT_UT_TYPE,[
-AC_TRY_COMPILE([#include <sys/types.h>
-#include <utmp.h>],
-[struct utmp ut; ut.ut_type = 0;],
-samba_cv_HAVE_UT_UT_TYPE=yes,samba_cv_HAVE_UT_UT_TYPE=no,samba_cv_HAVE_UT_UT_TYPE=cross)])
-if test x"$samba_cv_HAVE_UT_UT_TYPE" = x"yes"; then
- AC_DEFINE(HAVE_UT_UT_TYPE)
-fi
-
-AC_CACHE_CHECK([for ut_pid in utmp],samba_cv_HAVE_UT_UT_PID,[
-AC_TRY_COMPILE([#include <sys/types.h>
-#include <utmp.h>],
-[struct utmp ut; ut.ut_pid = 0;],
-samba_cv_HAVE_UT_UT_PID=yes,samba_cv_HAVE_UT_UT_PID=no,samba_cv_HAVE_UT_UT_PID=cross)])
-if test x"$samba_cv_HAVE_UT_UT_PID" = x"yes"; then
- AC_DEFINE(HAVE_UT_UT_PID)
-fi
-
-AC_CACHE_CHECK([for ut_exit in utmp],samba_cv_HAVE_UT_UT_EXIT,[
-AC_TRY_COMPILE([#include <sys/types.h>
-#include <utmp.h>],
-[struct utmp ut; ut.ut_exit.e_exit = 0;],
-samba_cv_HAVE_UT_UT_EXIT=yes,samba_cv_HAVE_UT_UT_EXIT=no,samba_cv_HAVE_UT_UT_EXIT=cross)])
-if test x"$samba_cv_HAVE_UT_UT_EXIT" = x"yes"; then
- AC_DEFINE(HAVE_UT_UT_EXIT)
-fi
-
-AC_CACHE_CHECK([for ut_addr in utmp],samba_cv_HAVE_UT_UT_ADDR,[
-AC_TRY_COMPILE([#include <sys/types.h>
-#include <utmp.h>],
-[struct utmp ut; ut.ut_addr = 0;],
-samba_cv_HAVE_UT_UT_ADDR=yes,samba_cv_HAVE_UT_UT_ADDR=no,samba_cv_HAVE_UT_UT_ADDR=cross)])
-if test x"$samba_cv_HAVE_UT_UT_ADDR" = x"yes"; then
- AC_DEFINE(HAVE_UT_UT_ADDR)
-fi
-
-if test x$ac_cv_func_pututline = xyes ; then
- AC_CACHE_CHECK([whether pututline returns pointer],samba_cv_PUTUTLINE_RETURNS_UTMP,[
- AC_TRY_COMPILE([#include <sys/types.h>
-#include <utmp.h>],
- [struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);],
- samba_cv_PUTUTLINE_RETURNS_UTMP=yes,samba_cv_PUTUTLINE_RETURNS_UTMP=no)])
- if test x"$samba_cv_PUTUTLINE_RETURNS_UTMP" = x"yes"; then
- AC_DEFINE(PUTUTLINE_RETURNS_UTMP)
- fi
-fi
-
-AC_CACHE_CHECK([for ut_syslen in utmpx],samba_cv_HAVE_UX_UT_SYSLEN,[
-AC_TRY_COMPILE([#include <sys/types.h>
-#include <utmpx.h>],
-[struct utmpx ux; ux.ut_syslen = 0;],
-samba_cv_HAVE_UX_UT_SYSLEN=yes,samba_cv_HAVE_UX_UT_SYSLEN=no,samba_cv_HAVE_UX_UT_SYSLEN=cross)])
-if test x"$samba_cv_HAVE_UX_UT_SYSLEN" = x"yes"; then
- AC_DEFINE(HAVE_UX_UT_SYSLEN)
-fi
-
-AC_CACHE_CHECK([for Linux kernel oplocks],samba_cv_HAVE_KERNEL_OPLOCKS_LINUX,[
-AC_TRY_RUN([
-#include <sys/types.h>
-#include <fcntl.h>
-#ifndef F_GETLEASE
-#define F_GETLEASE 1025
-#endif
-main() {
- int fd = open("/dev/null", O_RDONLY);
- return fcntl(fd, F_GETLEASE, 0) == -1;
-}
-],
-samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes,samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=no,samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=cross)])
+AC_TRY_COMPILE([#include samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=no,samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=cross)])
if test x"$samba_cv_HAVE_KERNEL_OPLOCKS_LINUX" = x"yes"; then
AC_DEFINE(HAVE_KERNEL_OPLOCKS_LINUX)
fi
@@ -1778,7 +1693,6 @@
yes)
AC_MSG_RESULT(yes)
AC_DEFINE(WITH_TDB_SAM)
- with_smbpasswd_sam=no
;;
*)
AC_MSG_RESULT(no)
@@ -1797,7 +1711,6 @@
AC_MSG_RESULT(yes)
AC_DEFINE(WITH_LDAP_SAM)
LIBS="-lldap -llber -lresolv $LIBS"
- with_smbpasswd_sam=no
;;
*)
AC_MSG_RESULT(no)
@@ -1815,7 +1728,6 @@
yes)
AC_MSG_RESULT(yes)
AC_DEFINE(WITH_NISPLUS_SAM)
- with_smbpasswd_sam=no
;;
*)
AC_MSG_RESULT(no)
@@ -1828,15 +1740,18 @@
# This test should come last because the
# smbpasswd SAM is only used if another format
# has not been defined
+with_smbpasswd_sam=yes
+#smbpasswd SAM is always compiled
+#Use : sam database = ldap ... to Change the SAM Database /*MX*/
AC_MSG_CHECKING(whether to use traditional smbpasswd file)
-if test $with_smbpasswd_sam = yes; then
+#if test $with_smbpasswd_sam = yes; then
AC_MSG_RESULT(yes)
AC_DEFINE(WITH_SMBPASSWD_SAM)
- PDBEDIT=""
-else
- AC_MSG_RESULT(no)
- PDBEDIT=bin/pdbedit
-fi
+# PDBEDIT=""
+#else
+# AC_MSG_RESULT(no)
+# PDBEDIT=bin/pdbedit
+#fi
########################################################################################
##
diff -urN samba-2.2.2/source/include/proto.h samba-2.2.2-MX/source/include/proto.h
--- samba-2.2.2/source/include/proto.h Sat Oct 13 23:09:22 2001
+++ samba-2.2.2-MX/source/include/proto.h Mon Nov 5 14:39:32 2001
@@ -1724,6 +1724,7 @@
void lp_talloc_free(void);
char *lp_logfile(void);
char *lp_configfile(void);
+int lp_samdb(void);
char *lp_tdb_passwd_file(void);
char *lp_smb_passwd_file(void);
char *lp_serverstring(void);
@@ -1775,12 +1776,27 @@
BOOL lp_winbind_enum_users(void);
BOOL lp_winbind_enum_groups(void);
char *lp_codepagedir(void);
+/*WITH_LDAP_SAM*/
char *lp_ldap_server(void);
char *lp_ldap_suffix(void);
char *lp_ldap_filter(void);
char *lp_ldap_admin_dn(void);
int lp_ldap_port(void);
+int lp_ldap_version(void);
+int lp_ldap_scope(void);
+int lp_ldap_deref(void);
+int lp_ldap_timelimit(void);
+int lp_ldap_bindtimelimit(void);
+BOOL lp_ldap_tls_referrals(void);
+BOOL lp_ldap_tls_restart();
int lp_ldap_ssl(void);
+BOOL lp_ldap_tls_checkpeer(void);
+char *lp_ldap_tls_cacertfile(void);
+char *lp_ldap_tls_cacertdir(void);
+char *lp_ldap_tls_ciphers(void);
+char *lp_ldap_tls_certfile(void);
+char *lp_ldap_tls_keyfile(void);
+/*end WITH_LDAP_SAM*/
char *lp_add_share_cmd(void);
char *lp_change_share_cmd(void);
char *lp_delete_share_cmd(void);
diff -urN samba-2.2.2/source/include/samdb.h samba-2.2.2-MX/source/include/samdb.h
--- samba-2.2.2/source/include/samdb.h Thu Jan 1 01:00:00 1970
+++ samba-2.2.2-MX/source/include/samdb.h Wed Oct 31 00:00:38 2001
@@ -0,0 +1,84 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 1.0.
+ SMB parameters and setup
+ Copyright (C) Stefan Metzmacher 2001
+
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*MX : Change SAM Database in /etc/smb.conf */
+
+#define SAM_Files 0
+BOOL files_pdb_setsampwent(BOOL update);
+void files_pdb_endsampwent(void);
+BOOL files_pdb_getsampwent(SAM_ACCOUNT * user);
+BOOL files_pdb_getsampwnam(SAM_ACCOUNT * user, char *sname);
+BOOL files_pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid);
+BOOL files_pdb_getsampwuid(SAM_ACCOUNT * user, uid_t uid);
+BOOL files_pdb_delete_sam_account(char *sname);
+BOOL files_pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override);
+BOOL files_pdb_add_sam_account(SAM_ACCOUNT * newpwd);
+
+#ifdef WITH_LDAP_SAM
+#define SAM_LDAP 2
+BOOL ldap_pdb_setsampwent(BOOL update);
+void ldap_pdb_endsampwent(void);
+BOOL ldap_pdb_getsampwent(SAM_ACCOUNT * user);
+BOOL ldap_pdb_getsampwnam(SAM_ACCOUNT * user, char *sname);
+BOOL ldap_pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid);
+BOOL ldap_pdb_getsampwuid(SAM_ACCOUNT * user, uid_t uid);
+BOOL ldap_pdb_delete_sam_account(char *sname);
+BOOL ldap_pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override);
+BOOL ldap_pdb_add_sam_account(SAM_ACCOUNT * newpwd);
+#endif
+
+#ifdef WITH_NISPLUS_SAM
+#define SAM_NISPLUS 3
+BOOL nisplus_pdb_setsampwent(BOOL update);
+void nisplus_pdb_endsampwent(void);
+BOOL nisplus_pdb_getsampwent(SAM_ACCOUNT * user);
+BOOL nisplus_pdb_getsampwnam(SAM_ACCOUNT * user, char *sname);
+BOOL nisplus_pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid);
+BOOL nisplus_pdb_getsampwuid(SAM_ACCOUNT * user, uid_t uid);
+BOOL nisplus_pdb_delete_sam_account(char *sname);
+BOOL nisplus_pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override);
+BOOL nisplus_pdb_add_sam_account(SAM_ACCOUNT * newpwd);
+#endif
+
+#ifdef WITH_TDB_SAM
+#define SAM_TDB 1
+BOOL tdb_pdb_setsampwent(BOOL update);
+void tdb_pdb_endsampwent(void);
+BOOL tdb_pdb_getsampwent(SAM_ACCOUNT * user);
+BOOL tdb_pdb_getsampwnam(SAM_ACCOUNT * user, char *sname);
+BOOL tdb_pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid);
+BOOL tdb_pdb_getsampwuid(SAM_ACCOUNT * user, uid_t uid);
+BOOL tdb_pdb_delete_sam_account(char *sname);
+BOOL tdb_pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override);
+BOOL tdb_pdb_add_sam_account(SAM_ACCOUNT * newpwd);
+#endif
+
+/*
+BOOL pdb_setsampwent(BOOL update);
+void pdb_endsampwent(void);
+BOOL pdb_getsampwent(SAM_ACCOUNT * user);
+BOOL pdb_getsampwnam(SAM_ACCOUNT * user, char *sname);
+BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid);
+BOOL pdb_getsampwuid(SAM_ACCOUNT * user, uid_t uid);
+BOOL pdb_delete_sam_account(char *sname);
+BOOL pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override);
+BOOL pdb_add_sam_account(SAM_ACCOUNT * newpwd);*/
diff -urN samba-2.2.2/source/param/loadparm.c samba-2.2.2-MX/source/param/loadparm.c
--- samba-2.2.2/source/param/loadparm.c Sat Oct 13 23:09:31 2001
+++ samba-2.2.2-MX/source/param/loadparm.c Mon Nov 5 14:15:24 2001
@@ -96,6 +96,7 @@
static BOOL defaults_saved = False;
+#include "samdb.h"
/*
* This structure describes global (ie., server-wide) parameters.
*/
@@ -118,11 +119,11 @@
char *szPasswdChat;
char *szLogFile;
char *szConfigFile;
+ int SAMDB;
#ifdef WITH_TDB_SAM
char *szTDBPasswdFile;
-#else
- char *szSMBPasswdFile;
#endif
+ char *szSMBPasswdFile;
char *szPasswordServer;
char *szSocketOptions;
char *szValidChars;
@@ -208,12 +209,39 @@
int oplock_break_wait_time;
int winbind_cache_time;
#ifdef WITH_LDAP_SAM
+#define LDAP_NO_LIMIT 0
+
+#define LDAP_VERSION1 1
+#define LDAP_VERSION2 2
+#define LDAP_VERSION3 3
+
+#define LDAP_DEREF_NEVER 0x00
+#define LDAP_DEREF_SEARCHING 0x01
+#define LDAP_DEREF_FINDING 0x02
+#define LDAP_DEREF_ALWAYS 0x03
+
+#define LDAP_SCOPE_BASE 0x0000
+#define LDAP_SCOPE_ONELEVEL 0x0001
+#define LDAP_SCOPE_SUBTREE 0x0002
int ldap_port;
int ldap_ssl;
+ int ldap_scope;
+ int ldap_deref;
+ int ldap_version;
+ int ldap_timelimit;
+ int ldap_bindtimelimit;
+ BOOL bldap_referrals;
+ BOOL bldap_restart;
+ BOOL bldap_tls_checkpeer;
char *szLdapServer;
char *szLdapSuffix;
- char *szLdapFilter;
- char *szLdapAdminDn;
+ char *szLdapFilter; /*scope deref version timelimit bind_timelimit referrals restart tls_checkpeer */
+ char *szLdapAdminDn; /*tls_cacertfile tls_cacertdir tls_ciphers tls_certfile tls_keyfile*/
+ char *szLdapTls_cacertfile;
+ char *szLdapTls_cacertdir;
+ char *szLdapTls_ciphers;
+ char *szLdapTls_certfile;
+ char *szLdapTls_keyfile;
#endif /* WITH_LDAP */
#ifdef WITH_SSL
@@ -563,6 +591,20 @@
{-1, NULL}
};
+static struct enum_list enum_samdb[] = {
+ {SAM_Files, "files"},
+#ifdef WITH_TDB_SAM
+ {SAM_TDB, "tdb"},
+#endif
+#ifdef WITH_LDAP_SAM
+ {SAM_LDAP, "ldap"},
+#endif
+#ifdef WITH_NISPLUS_SAM
+ {SAM_NISPLUS, "nisplus"},
+#endif
+ {-1, NULL}
+};
+
static struct enum_list enum_printing[] = {
{PRINT_SYSV, "sysv"},
{PRINT_AIX, "aix"},
@@ -595,6 +637,25 @@
{LDAP_SSL_START_TLS, "start tls"},
{-1, NULL}
};
+static struct enum_list enum_ldap_version[] = {
+ {LDAP_VERSION1, "1"},
+ {LDAP_VERSION2, "2"},
+ {LDAP_VERSION3, "3"},
+ {-1,NULL}
+};
+static struct enum_list enum_ldap_scope[] = {
+ {LDAP_SCOPE_BASE, "base"},
+ {LDAP_SCOPE_ONELEVEL, "one"},
+ {LDAP_SCOPE_SUBTREE, "sub"},
+ {-1,NULL}
+};
+static struct enum_list enum_ldap_deref[] = {
+ {LDAP_DEREF_NEVER, "never"},
+ {LDAP_DEREF_SEARCHING, "searching"},
+ {LDAP_DEREF_FINDING, "finding"},
+ {LDAP_DEREF_ALWAYS, "always"},
+ {-1,NULL}
+};
#endif
/* Types of machine we can announce as. */
@@ -629,7 +690,7 @@
{-1, NULL}
};
-/*
+/*
Do you want session setups at user level security with a invalid
password to be rejected or allowed in as guest? WinNT rejects them
but it can be a pain as it means "net view" needs to use a password
@@ -670,7 +731,7 @@
/* note that we do not initialise the defaults union - it is not allowed in ANSI C */
static struct parm_struct parm_table[] = {
{"Base Options", P_SEP, P_SEPARATOR},
-
+
{"coding system", P_STRING, P_GLOBAL, &Globals.szCodingSystem, handle_coding_system, NULL, 0},
{"client code page", P_INTEGER, P_GLOBAL, &Globals.client_code_page, handle_client_code_page, NULL, 0},
{"code page directory", P_STRING, P_GLOBAL, &Globals.szCodePageDir, NULL, NULL, 0},
@@ -686,7 +747,7 @@
{"bind interfaces only", P_BOOL, P_GLOBAL, &Globals.bBindInterfacesOnly, NULL, NULL, 0},
{"Security Options", P_SEP, P_SEPARATOR},
-
+
{"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC},
{"encrypt passwords", P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC},
{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC},
@@ -699,15 +760,15 @@
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0},
{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, 0},
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0},
+ {"sam database", P_ENUM, P_GLOBAL, &Globals.SAMDB, NULL, enum_samdb, 0},
#ifdef WITH_TDB_SAM
{"tdb passwd file", P_STRING, P_GLOBAL, &Globals.szTDBPasswdFile, NULL, NULL, 0},
-#else
- {"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0},
#endif
+ {"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0},
{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
-
+
{"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, 0},
{"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, 0},
{"passwd chat", P_STRING, P_GLOBAL, &Globals.szPasswdChat, NULL, NULL, 0},
@@ -719,11 +780,11 @@
{"restrict anonymous", P_BOOL, P_GLOBAL, &Globals.bRestrictAnonymous, NULL, NULL, 0},
{"lanman auth", P_BOOL, P_GLOBAL, &Globals.bLanmanAuth, NULL, NULL, 0},
{"use rhosts", P_BOOL, P_GLOBAL, &Globals.bUseRhosts, NULL, NULL, 0},
-
+
{"username", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"user", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0},
{"users", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0},
-
+
{"guest account", P_STRING, P_LOCAL, &sDefault.szGuestaccount, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT | FLAG_GLOBAL},
{"invalid users", P_STRING, P_LOCAL, &sDefault.szInvalidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"valid users", P_STRING, P_LOCAL, &sDefault.szValidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
@@ -734,12 +795,12 @@
{"force user", P_STRING, P_LOCAL, &sDefault.force_user, NULL, NULL, FLAG_SHARE},
{"force group", P_STRING, P_LOCAL, &sDefault.force_group, NULL, NULL, FLAG_SHARE},
{"group", P_STRING, P_LOCAL, &sDefault.force_group, NULL, NULL, 0},
-
+
{"read only", P_BOOL, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_BASIC | FLAG_SHARE},
{"write ok", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, 0},
{"writeable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, 0},
{"writable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, 0},
-
+
{"create mask", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL},
{"force create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
@@ -756,7 +817,7 @@
{"guest ok", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
{"public", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, 0},
-
+
{"only user", P_BOOL, P_LOCAL, &sDefault.bOnlyUser, NULL, NULL, FLAG_SHARE},
{"hosts allow", P_STRING, P_LOCAL, &sDefault.szHostsallow, NULL, NULL, FLAG_GLOBAL | FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
{"allow hosts", P_STRING, P_LOCAL, &sDefault.szHostsallow, NULL, NULL, 0},
@@ -766,7 +827,7 @@
#ifdef WITH_SSL
{"Secure Socket Layer Options", P_SEP, P_SEPARATOR},
{"ssl", P_BOOL, P_GLOBAL, &Globals.sslEnabled, NULL, NULL, 0},
-
+
{"ssl hosts", P_STRING, P_GLOBAL, &Globals.sslHostsRequire, NULL, NULL, 0},
{"ssl hosts resign", P_STRING, P_GLOBAL, &Globals.sslHostsResign, NULL, NULL, 0},
{"ssl CA certDir", P_STRING, P_GLOBAL, &Globals.sslCaCertDir, NULL, NULL, 0},
@@ -791,18 +852,18 @@
{"syslog", P_INTEGER, P_GLOBAL, &Globals.syslog, NULL, NULL, 0},
{"syslog only", P_BOOL, P_GLOBAL, &Globals.bSyslogOnly, NULL, NULL, 0},
{"log file", P_STRING, P_GLOBAL, &Globals.szLogFile, NULL, NULL, 0},
-
+
{"max log size", P_INTEGER, P_GLOBAL, &Globals.max_log_size, NULL, NULL, 0},
{"timestamp logs", P_BOOL, P_GLOBAL, &Globals.bTimestampLogs, NULL, NULL, 0},
{"debug timestamp", P_BOOL, P_GLOBAL, &Globals.bTimestampLogs, NULL, NULL, 0},
{"debug hires timestamp", P_BOOL, P_GLOBAL, &Globals.bDebugHiresTimestamp, NULL, NULL, 0},
{"debug pid", P_BOOL, P_GLOBAL, &Globals.bDebugPid, NULL, NULL, 0},
{"debug uid", P_BOOL, P_GLOBAL, &Globals.bDebugUid, NULL, NULL, 0},
-
+
{"status", P_BOOL, P_LOCAL, &sDefault.status, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_PRINT},
{"Protocol Options", P_SEP, P_SEPARATOR},
-
+
{"protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0},
{"large readwrite", P_BOOL, P_GLOBAL, &Globals.bLargeReadwrite, NULL, NULL, 0},
{"max protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0},
@@ -810,7 +871,7 @@
{"read bmpx", P_BOOL, P_GLOBAL, &Globals.bReadbmpx, NULL, NULL, 0},
{"read raw", P_BOOL, P_GLOBAL, &Globals.bReadRaw, NULL, NULL, 0},
{"write raw", P_BOOL, P_GLOBAL, &Globals.bWriteRaw, NULL, NULL, 0},
-
+
{"nt smb support", P_BOOL, P_GLOBAL, &Globals.bNTSmbSupport, NULL, NULL, 0},
{"nt pipe support", P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, 0},
{"nt acl support", P_BOOL, P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, 0},
@@ -818,22 +879,22 @@
{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, 0},
{"max mux", P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, 0},
{"max xmit", P_INTEGER, P_GLOBAL, &Globals.max_xmit, NULL, NULL, 0},
-
+
{"name resolve order", P_STRING, P_GLOBAL, &Globals.szNameResolveOrder, NULL, NULL, 0},
{"max packet", P_INTEGER, P_GLOBAL, &Globals.max_packet, NULL, NULL, 0},
{"packet size", P_INTEGER, P_GLOBAL, &Globals.max_packet, NULL, NULL, 0},
- {"max ttl", P_INTEGER, P_GLOBAL, &Globals.max_ttl, NULL, NULL, 0},
+ {"max ttl", P_INTEGER, P_GLOBAL, &Globals.max_ttl, NULL, NULL, 0},
{"max wins ttl", P_INTEGER, P_GLOBAL, &Globals.max_wins_ttl, NULL, NULL, 0},
{"min wins ttl", P_INTEGER, P_GLOBAL, &Globals.min_wins_ttl, NULL, NULL, 0},
{"time server", P_BOOL, P_GLOBAL, &Globals.bTimeServer, NULL, NULL, 0},
{"Tuning Options", P_SEP, P_SEPARATOR},
-
+
{"change notify timeout", P_INTEGER, P_GLOBAL, &Globals.change_notify_timeout, NULL, NULL, 0},
{"deadtime", P_INTEGER, P_GLOBAL, &Globals.deadtime, NULL, NULL, 0},
{"getwd cache", P_BOOL, P_GLOBAL, &use_getwd_cache, NULL, NULL, 0},
{"keepalive", P_INTEGER, P_GLOBAL, &keepalive, NULL, NULL, 0},
-
+
{"lpq cache time", P_INTEGER, P_GLOBAL, &Globals.lpqcachetime, NULL, NULL, 0},
{"max smbd processes", P_INTEGER, P_GLOBAL, &Globals.iMaxSmbdProcesses, NULL, NULL, 0},
{"max connections", P_INTEGER, P_LOCAL, &sDefault.iMaxConnections, NULL, NULL, FLAG_SHARE},
@@ -841,7 +902,7 @@
{"max open files", P_INTEGER, P_GLOBAL, &Globals.max_open_files, NULL, NULL, 0},
{"min print space", P_INTEGER, P_LOCAL, &sDefault.iMinPrintSpace, NULL, NULL, FLAG_PRINT},
{"read size", P_INTEGER, P_GLOBAL, &Globals.ReadSize, NULL, NULL, 0},
-
+
{"socket options", P_GSTRING, P_GLOBAL, user_socket_options, NULL, NULL, 0},
{"stat cache size", P_INTEGER, P_GLOBAL, &Globals.stat_cache_size, NULL, NULL, 0},
{"strict allocate", P_BOOL, P_LOCAL, &sDefault.bStrictAllocate, NULL, NULL, FLAG_SHARE},
@@ -851,7 +912,7 @@
{"write cache size", P_INTEGER, P_LOCAL, &sDefault.iWriteCacheSize, NULL, NULL, FLAG_SHARE},
{"Printing Options", P_SEP, P_SEPARATOR},
-
+
{"total print jobs", P_INTEGER, P_GLOBAL, &Globals.iTotalPrintJobs, NULL, NULL, FLAG_PRINT},
{"max print jobs", P_INTEGER, P_LOCAL, &sDefault.iMaxPrintJobs, NULL, NULL, FLAG_PRINT},
{"load printers", P_BOOL, P_GLOBAL, &Globals.bLoadPrinters, NULL, NULL, FLAG_PRINT},
@@ -875,7 +936,7 @@
{"deleteprinter command", P_STRING, P_GLOBAL, &Globals.szDeletePrinterCommand, NULL, NULL, 0},
{"show add printer wizard", P_BOOL, P_GLOBAL, &Globals.bMsAddPrinterWizard, NULL, NULL, 0},
{"os2 driver map", P_STRING, P_GLOBAL, &Globals.szOs2DriverMap, NULL, NULL, 0},
-
+
{"printer name", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, FLAG_PRINT|FLAG_DOS_STRING},
{"printer", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, FLAG_DOS_STRING},
{"use client driver", P_BOOL, P_LOCAL, &sDefault.bUseClientDriver, NULL, NULL, FLAG_PRINT},
@@ -885,7 +946,7 @@
{"Filename Handling", P_SEP, P_SEPARATOR},
{"strip dot", P_BOOL, P_GLOBAL, &Globals.bStripDot, NULL, NULL, 0},
-
+
{"character set", P_STRING, P_GLOBAL, &Globals.szCharacterSet, handle_character_set, NULL, 0},
{"mangled stack", P_INTEGER, P_GLOBAL, &Globals.mangled_stack, NULL, NULL, 0},
{"default case", P_ENUM, P_LOCAL, &sDefault.iDefaultCase, NULL, enum_case, FLAG_SHARE},
@@ -909,18 +970,18 @@
{"stat cache", P_BOOL, P_GLOBAL, &Globals.bStatCache, NULL, NULL, 0},
{"Domain Options", P_SEP, P_SEPARATOR},
-
+
{"domain admin group", P_STRING, P_GLOBAL, &Globals.szDomainAdminGroup, NULL, NULL, 0},
{"domain guest group", P_STRING, P_GLOBAL, &Globals.szDomainGuestGroup, NULL, NULL, 0},
#ifdef USING_GROUPNAME_MAP
-
+
{"groupname map", P_STRING, P_GLOBAL, &Globals.szGroupnameMap, NULL, NULL, 0},
#endif /* USING_GROUPNAME_MAP */
-
+
{"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0},
{"Logon Options", P_SEP, P_SEPARATOR},
-
+
{"add user script", P_STRING, P_GLOBAL, &Globals.szAddUserScript, NULL, NULL, 0},
{"delete user script", P_STRING, P_GLOBAL, &Globals.szDelUserScript, NULL, NULL, 0},
{"logon script", P_STRING, P_GLOBAL, &Globals.szLogonScript, NULL, NULL, FLAG_DOS_STRING},
@@ -930,7 +991,7 @@
{"domain logons", P_BOOL, P_GLOBAL, &Globals.bDomainLogons, NULL, NULL, 0},
{"Browse Options", P_SEP, P_SEPARATOR},
-
+
{"os level", P_INTEGER, P_GLOBAL, &Globals.os_level, NULL, NULL, FLAG_BASIC},
{"lm announce", P_ENUM, P_GLOBAL, &Globals.lm_announce, NULL, enum_bool_auto, 0},
{"lm interval", P_INTEGER, P_GLOBAL, &Globals.lm_interval, NULL, NULL, 0},
@@ -946,18 +1007,18 @@
{"WINS Options", P_SEP, P_SEPARATOR},
{"dns proxy", P_BOOL, P_GLOBAL, &Globals.bDNSproxy, NULL, NULL, 0},
{"wins proxy", P_BOOL, P_GLOBAL, &Globals.bWINSproxy, NULL, NULL, 0},
-
+
{"wins server", P_STRING, P_GLOBAL, &Globals.szWINSserver, handle_wins_server_list, NULL, FLAG_BASIC},
{"wins support", P_BOOL, P_GLOBAL, &Globals.bWINSsupport, NULL, NULL, FLAG_BASIC},
{"wins hook", P_STRING, P_GLOBAL, &Globals.szWINSHook, NULL, NULL, 0},
{"Locking Options", P_SEP, P_SEPARATOR},
-
+
{"blocking locks", P_BOOL, P_LOCAL, &sDefault.bBlockingLocks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"fake oplocks", P_BOOL, P_LOCAL, &sDefault.bFakeOplocks, NULL, NULL, FLAG_SHARE},
{"kernel oplocks", P_BOOL, P_GLOBAL, &Globals.bKernelOplocks, NULL, NULL, FLAG_GLOBAL},
{"locking", P_BOOL, P_LOCAL, &sDefault.bLocking, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
-
+
{"oplocks", P_BOOL, P_LOCAL, &sDefault.bOpLocks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"level2 oplocks", P_BOOL, P_LOCAL, &sDefault.bLevel2OpLocks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"oplock break wait time", P_INTEGER, P_GLOBAL, &Globals.oplock_break_wait_time, NULL, NULL, FLAG_GLOBAL},
@@ -967,31 +1028,44 @@
#ifdef WITH_LDAP_SAM
{"Ldap Options", P_SEP, P_SEPARATOR},
-
+
{"ldap server", P_STRING, P_GLOBAL, &Globals.szLdapServer, NULL, NULL, 0},
- {"ldap port", P_INTEGER, P_GLOBAL, &Globals.ldap_port, NULL, NULL, 0},
+ {"ldap port", P_INTEGER, P_GLOBAL, &Globals.ldap_port, NULL, NULL, 0},
+ {"ldap version", P_ENUM, P_GLOBAL, &Globals.ldap_version, NULL, enum_ldap_version, 0},
+ {"ldap scope", P_ENUM, P_GLOBAL, &Globals.ldap_scope, NULL, enum_ldap_scope, 0},
+ {"ldap deref", P_ENUM, P_GLOBAL, &Globals.ldap_deref, NULL, enum_ldap_deref, 0},
+ {"ldap referrals", P_BOOL, P_GLOBAL, &Globals.bldap_referrals, NULL, NULL, 0},
+ {"ldap restart", P_BOOL, P_GLOBAL, &Globals.bldap_restart, NULL, NULL, 0},
+ {"ldap timelimit", P_INTEGER, P_GLOBAL, &Globals.ldap_timelimit, NULL, NULL, 0},
+ {"ldap bindtimelimit", P_INTEGER, P_GLOBAL, &Globals.ldap_bindtimelimit, NULL, NULL, 0},
{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, NULL, NULL, 0},
{"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, 0},
{"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, 0},
{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, 0},
+ {"ldap tls checkpeer", P_BOOL, P_GLOBAL, &Globals.bldap_tls_checkpeer, NULL, NULL, 0},
+ {"ldap tls cacertfile", P_STRING, P_GLOBAL, &Globals.szLdapTls_cacertfile, NULL, NULL, 0},
+ {"ldap tls cacertdir", P_STRING, P_GLOBAL, &Globals.szLdapTls_cacertdir, NULL, NULL, 0},
+ {"ldap tls ciphers", P_STRING, P_GLOBAL, &Globals.szLdapTls_ciphers, NULL, NULL, 0},
+ {"ldap tls certfile", P_STRING, P_GLOBAL, &Globals.szLdapTls_certfile, NULL, NULL, 0},
+ {"ldap tls keyfile", P_STRING, P_GLOBAL, &Globals.szLdapTls_keyfile, NULL, NULL, 0},
#endif /* WITH_LDAP_SAM */
{"Miscellaneous Options", P_SEP, P_SEPARATOR},
{"add share command", P_STRING, P_GLOBAL, &Globals.szAddShareCommand, NULL, NULL, 0},
{"change share command", P_STRING, P_GLOBAL, &Globals.szChangeShareCommand, NULL, NULL, 0},
{"delete share command", P_STRING, P_GLOBAL, &Globals.szDeleteShareCommand, NULL, NULL, 0},
-
+
{"config file", P_STRING, P_GLOBAL, &Globals.szConfigFile, NULL, NULL, FLAG_HIDE},
{"preload", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, FLAG_DOS_STRING},
{"auto services", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, FLAG_DOS_STRING},
- {"lock dir", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, 0},
+ {"lock dir", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, 0},
{"lock directory", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, 0},
#ifdef WITH_UTMP
{"utmp directory", P_STRING, P_GLOBAL, &Globals.szUtmpDir, NULL, NULL, 0},
{"wtmp directory", P_STRING, P_GLOBAL, &Globals.szWtmpDir, NULL, NULL, 0},
{"utmp", P_BOOL, P_GLOBAL, &Globals.bUtmp, NULL, NULL, 0},
#endif
-
+
{"default service", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, FLAG_DOS_STRING},
{"default", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, FLAG_DOS_STRING},
{"message command", P_STRING, P_GLOBAL, &Globals.szMsgCommand, NULL, NULL, 0},
@@ -1004,7 +1078,7 @@
{"time offset", P_INTEGER, P_GLOBAL, &extra_time_offset, NULL, NULL, 0},
{"NIS homedir", P_BOOL, P_GLOBAL, &Globals.bNISHomeMap, NULL, NULL, 0},
{"-valid", P_BOOL, P_LOCAL, &sDefault.valid, NULL, NULL, FLAG_HIDE},
-
+
{"copy", P_STRING, P_LOCAL, &sDefault.szCopy, handle_copy, NULL, FLAG_HIDE},
{"include", P_STRING, P_LOCAL, &sDefault.szInclude, handle_include, NULL, FLAG_HIDE},
{"exec", P_STRING, P_LOCAL, &sDefault.szPreExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
@@ -1207,11 +1281,13 @@
DEBUG(3, ("Initialising global parameters\n"));
+
+ Globals.SAMDB = SAM_Files;
#ifdef WITH_TDB_SAM
string_set(&Globals.szTDBPasswdFile, TDB_PASSWD_FILE);
-#else
- string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE);
#endif
+ string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE);
+
/*
* Allow the default PASSWD_CHAT to be overridden in local.h.
*/
@@ -1342,7 +1418,20 @@
string_set(&Globals.szLdapFilter, "(&(uid=%u)(objectclass=sambaAccount))");
string_set(&Globals.szLdapAdminDn, "");
Globals.ldap_port = 389;
+ Globals.ldap_version = LDAP_VERSION3;
+ Globals.ldap_scope = LDAP_SCOPE_SUBTREE;
+ Globals.ldap_deref = LDAP_DEREF_NEVER;
+ Globals.bldap_referrals = True;
+ Globals.bldap_restart = True;
+ Globals.ldap_timelimit = LDAP_NO_LIMIT;
+ Globals.ldap_bindtimelimit = 10;
Globals.ldap_ssl = LDAP_SSL_OFF;
+ Globals.bldap_tls_checkpeer = True;
+ string_set(&Globals.szLdapTls_cacertfile, "");
+ string_set(&Globals.szLdapTls_cacertdir, "");
+ string_set(&Globals.szLdapTls_ciphers, "");
+ string_set(&Globals.szLdapTls_certfile, "");
+ string_set(&Globals.szLdapTls_keyfile, "");
#endif /* WITH_LDAP_SAM */
/* these parameters are set to defaults that are more appropriate
for the increasing samba install base:
@@ -1457,11 +1546,11 @@
FN_GLOBAL_STRING(lp_logfile, &Globals.szLogFile)
FN_GLOBAL_STRING(lp_configfile, &Globals.szConfigFile)
+FN_GLOBAL_INTEGER(lp_samdb, &Globals.SAMDB)
#ifdef WITH_TDB_SAM
FN_GLOBAL_STRING(lp_tdb_passwd_file, &Globals.szTDBPasswdFile)
-#else
-FN_GLOBAL_STRING(lp_smb_passwd_file, &Globals.szSMBPasswdFile)
#endif
+FN_GLOBAL_STRING(lp_smb_passwd_file, &Globals.szSMBPasswdFile)
FN_GLOBAL_STRING(lp_serverstring, &Globals.szServerString)
FN_GLOBAL_STRING(lp_printcapname, &Globals.szPrintcapname)
FN_GLOBAL_STRING(lp_enumports_cmd, &Globals.szEnumPortsCommand)
@@ -1522,7 +1611,20 @@
FN_GLOBAL_STRING(lp_ldap_filter, &Globals.szLdapFilter)
FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
FN_GLOBAL_INTEGER(lp_ldap_port, &Globals.ldap_port)
+FN_GLOBAL_INTEGER(lp_ldap_version, &Globals.ldap_version)
+FN_GLOBAL_INTEGER(lp_ldap_scope, &Globals.ldap_scope)
+FN_GLOBAL_INTEGER(lp_ldap_deref, &Globals.ldap_deref)
+FN_GLOBAL_INTEGER(lp_ldap_timelimit, &Globals.ldap_timelimit)
+FN_GLOBAL_INTEGER(lp_ldap_bindtimelimit, &Globals.ldap_bindtimelimit)
+FN_GLOBAL_BOOL(lp_ldap_tls_referrals, &Globals.bldap_referrals)
+FN_GLOBAL_BOOL(lp_ldap_tls_restart, &Globals.bldap_restart)
FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
+FN_GLOBAL_BOOL(lp_ldap_tls_checkpeer, &Globals.bldap_tls_checkpeer)
+FN_GLOBAL_STRING(lp_ldap_tls_cacertfile, &Globals.szLdapTls_cacertfile)
+FN_GLOBAL_STRING(lp_ldap_tls_cacertdir, &Globals.szLdapTls_cacertdir)
+FN_GLOBAL_STRING(lp_ldap_tls_ciphers, &Globals.szLdapTls_ciphers)
+FN_GLOBAL_STRING(lp_ldap_tls_certfile, &Globals.szLdapTls_certfile)
+FN_GLOBAL_STRING(lp_ldap_tls_keyfile, &Globals.szLdapTls_keyfile)
#endif /* WITH_LDAP_SAM */
FN_GLOBAL_STRING(lp_add_share_cmd, &Globals.szAddShareCommand)
FN_GLOBAL_STRING(lp_change_share_cmd, &Globals.szChangeShareCommand)
@@ -3680,9 +3782,9 @@
#ifdef WITH_TDB_SAM
pstrcpy(priv_dir, lp_tdb_passwd_file());
-#else
- pstrcpy(priv_dir, lp_smb_passwd_file());
#endif
+ pstrcpy(priv_dir, lp_smb_passwd_file());
+
p = strrchr(priv_dir, '/');
if (p) *p = 0;
diff -urN samba-2.2.2/source/passdb/passdb.c samba-2.2.2-MX/source/passdb/passdb.c
--- samba-2.2.2/source/passdb/passdb.c Sat Oct 13 23:09:31 2001
+++ samba-2.2.2-MX/source/passdb/passdb.c Wed Oct 31 00:01:26 2001
@@ -33,6 +33,8 @@
extern DOM_SID global_sam_sid;
+#include "samdb.h"
+
struct passdb_ops *pdb_ops;
#if 0 /* JERRY */
@@ -1666,3 +1668,239 @@
return True;
}
+
+/*MX: Change SAM Database in /etc/smb.conf : sam database = files */
+
+
+BOOL pdb_setsampwent(BOOL update)
+{
+ DEBUG(2,("SAM_DB: %i\n",lp_samdb()));
+ switch(lp_samdb()){
+#ifdef WITH_LDAP_SAM
+ case SAM_LDAP:
+ return ldap_pdb_setsampwent(update);
+ break;
+#endif
+#ifdef WITH_TDB_SAM
+ case SAM_TDB:
+ return tdb_pdb_setsampwent(update);
+ break;
+#endif
+#ifdef WITH_NISPLUS_SAM
+ case SAM_NISPLUS:
+ return nisplus_pdb_setsampwent(update);
+ break;
+#endif
+ default:
+ return files_pdb_setsampwent(update);
+ break;
+ };
+};
+
+
+void pdb_endsampwent(void)
+{
+ DEBUG(2,("SAM_DB: %i\n",lp_samdb()));
+ switch(lp_samdb()){
+#ifdef WITH_LDAP_SAM
+ case SAM_LDAP:
+ ldap_pdb_endsampwent();
+ break;
+#endif
+#ifdef WITH_TDB_SAM
+ case SAM_TDB:
+ tdb_pdb_endsampwent();
+ break;
+#endif
+#ifdef WITH_NISPLUS_SAM
+ case SAM_NISPLUS:
+ nisplus_pdb_endsampwent();
+ break;
+#endif
+ default:
+ files_pdb_endsampwent();
+ break;
+ };
+};
+
+
+BOOL pdb_getsampwent(SAM_ACCOUNT * user)
+{
+ DEBUG(2,("SAM_DB: %i\n",lp_samdb()));
+ switch(lp_samdb()){
+#ifdef WITH_LDAP_SAM
+ case SAM_LDAP:
+ return ldap_pdb_getsampwent(user);
+ break;
+#endif
+#ifdef WITH_TDB_SAM
+ case SAM_TDB:
+ return tdb_pdb_getsampwent(user);
+ break;
+#endif
+#ifdef WITH_NISPLUS_SAM
+ case SAM_NISPLUS:
+ return nisplus_pdb_getsampwent(user);
+ break;
+#endif
+ default:
+ return files_pdb_getsampwent(user);
+ break;
+ };
+};
+
+
+BOOL pdb_getsampwnam(SAM_ACCOUNT * user, char *sname)
+{
+ DEBUG(2,("SAM_DB: %i\n",lp_samdb()));
+ switch(lp_samdb()){
+#ifdef WITH_LDAP_SAM
+ case SAM_LDAP:
+ return ldap_pdb_getsampwnam(user,sname);
+ break;
+#endif
+#ifdef WITH_TDB_SAM
+ case SAM_TDB:
+ return tdb_pdb_getsampwnam(user,sname);
+ break;
+#endif
+#ifdef WITH_NISPLUS_SAM
+ case SAM_NISPLUS:
+ return nisplus_pdb_getsampwnam(user,sname);
+ break;
+#endif
+ default:
+ return files_pdb_getsampwnam(user,sname);
+ break;
+ };
+};
+
+
+BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid)
+{
+ DEBUG(2,("SAM_DB: %i\n",lp_samdb()));
+ switch(lp_samdb()){
+#ifdef WITH_LDAP_SAM
+ case SAM_LDAP:
+ return ldap_pdb_getsampwrid(user,rid);
+ break;
+#endif
+#ifdef WITH_TDB_SAM
+ case SAM_TDB:
+ return tdb_pdb_getsampwrid(user,rid);
+ break;
+#endif
+#ifdef WITH_NISPLUS_SAM
+ case SAM_NISPLUS:
+ return nisplus_pdb_getsampwrid(user,rid);
+ break;
+#endif
+ default:
+ return files_pdb_getsampwrid(user,rid);
+ break;
+ };
+};
+
+
+BOOL pdb_getsampwuid(SAM_ACCOUNT * user, uid_t uid)
+{
+ DEBUG(2,("SAM_DB: %i\n",lp_samdb()));
+ switch(lp_samdb()){
+#ifdef WITH_LDAP_SAM
+ case SAM_LDAP:
+ return ldap_pdb_getsampwuid(user,uid);
+ break;
+#endif
+#ifdef WITH_TDB_SAM
+ case SAM_TDB:
+ return tdb_pdb_getsampwuid(user,uid);
+ break;
+#endif
+#ifdef WITH_NISPLUS_SAM
+ case SAM_NISPLUS:
+ return nisplus_pdb_getsampwuid(user,uid);
+ break;
+#endif
+ default:
+ return files_pdb_getsampwuid(user,uid);
+ break;
+ };
+};
+
+
+BOOL pdb_delete_sam_account(char *sname)
+{
+ DEBUG(2,("SAM_DB: %i\n",lp_samdb()));
+ switch(lp_samdb()){
+#ifdef WITH_LDAP_SAM
+ case SAM_LDAP:
+ return ldap_pdb_delete_sam_account(sname);
+ break;
+#endif
+#ifdef WITH_TDB_SAM
+ case SAM_TDB:
+ return tdb_pdb_delete_sam_account(sname);
+ break;
+#endif
+#ifdef WITH_NISPLUS_SAM
+ case SAM_NISPLUS:
+ return nisplus_pdb_delete_sam_account(sname);
+ break;
+#endif
+ default:
+ return files_pdb_delete_sam_account(sname);
+ break;
+ };
+};
+
+
+BOOL pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override)
+{
+ DEBUG(2,("SAM_DB: %i\n",lp_samdb()));
+ switch(lp_samdb()){
+#ifdef WITH_LDAP_SAM
+ case SAM_LDAP:
+ return ldap_pdb_update_sam_account(newpwd,override);
+ break;
+#endif
+#ifdef WITH_TDB_SAM
+ case SAM_TDB:
+ return tdb_pdb_update_sam_account(newpwd,override);
+ break;
+#endif
+#ifdef WITH_NISPLUS_SAM
+ case SAM_NISPLUS:
+ return nisplus_pdb_update_sam_account(newpwd,override);
+ break;
+#endif
+ default:
+ return files_pdb_update_sam_account(newpwd,override);
+ break;
+ };
+};
+
+
+BOOL pdb_add_sam_account(SAM_ACCOUNT * newpwd)
+{
+ DEBUG(2,("SAM_DB: %i\n",lp_samdb()));
+ switch(lp_samdb()){
+#ifdef WITH_LDAP_SAM
+ case SAM_LDAP:
+ return ldap_pdb_add_sam_account(newpwd);
+ break;
+#endif
+#ifdef WITH_TDB_SAM
+ case SAM_TDB:
+ return tdb_pdb_add_sam_account(newpwd);
+ break;
+#endif
+#ifdef WITH_NISPLUS_SAM
+ case SAM_NISPLUS:
+ return nisplus_pdb_add_sam_account(newpwd);
+ break;
+#endif
+ default:
+ return files_pdb_add_sam_account(newpwd);
+ break;
+ };
+};
diff -urN samba-2.2.2/source/passdb/pdb_ldap.c samba-2.2.2-MX/source/passdb/pdb_ldap.c
--- samba-2.2.2/source/passdb/pdb_ldap.c Thu Oct 11 11:40:00 2001
+++ samba-2.2.2-MX/source/passdb/pdb_ldap.c Mon Nov 5 16:40:38 2001
@@ -62,6 +62,168 @@
static struct ldap_enum_info global_ldap_ent;
+/*******************************************************************
+ Some global TLS-specific options need to be set before we create our
+ session context, so we set them here.
+******************************************************************/
+static int
+set_tls_default_options (LDAP ** ldap_struct)
+{
+ int rc;
+
+ /* ca cert file */
+ if (strcmp(lp_ldap_tls_cacertfile(),"") != NULL)
+ {
+ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE,
+ lp_ldap_tls_cacertfile());
+ if (rc != LDAP_SUCCESS)
+ {
+ DEBUG(0,(
+ "ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE): %s\n",
+ ldap_err2string (rc)));
+ return LDAP_OPERATIONS_ERROR;
+ }
+ }
+
+ if (strcmp(lp_ldap_tls_cacertdir(),"") != NULL)
+ {
+ /* ca cert directory */
+ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR,
+ lp_ldap_tls_cacertdir());
+ if (rc != LDAP_SUCCESS)
+ {
+ DEBUG(0,(
+ "ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR): %s\n",
+ ldap_err2string (rc)));
+ return LDAP_OPERATIONS_ERROR;
+ }
+ }
+
+ /* require cert? */
+{ int checkpeer = lp_ldap_tls_checkpeer();
+
+ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
+ &checkpeer);
+
+ if (rc != LDAP_SUCCESS)
+ {
+ DEBUG(0,(
+ "ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT): %s\n",
+ ldap_err2string (rc)));
+ return LDAP_OPERATIONS_ERROR;
+ }
+}
+ if (strcmp(lp_ldap_tls_ciphers(),"") != NULL)
+ {
+ /* set cipher suite, certificate and private key: */
+ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
+ lp_ldap_tls_ciphers());
+ if (rc != LDAP_SUCCESS)
+ {
+ DEBUG(0,(
+ "ldap_set_option(LDAP_OPT_X_TLS_CIPHER_SUITE): %s\n",
+ ldap_err2string (rc)));
+ return LDAP_OPERATIONS_ERROR;
+ }
+ }
+
+ if (strcmp(lp_ldap_tls_certfile(),"") != NULL)
+ {
+ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE,
+ lp_ldap_tls_certfile());
+ if (rc != LDAP_SUCCESS)
+ {
+ DEBUG(0,(
+ "ldap_set_option(LDAP_OPT_X_TLS_CERTFILE): %s\n",
+ ldap_err2string (rc)));
+ return LDAP_OPERATIONS_ERROR;
+ }
+ }
+
+ if (strcmp(lp_ldap_tls_keyfile(),"") != NULL)
+ {
+ rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE,
+ lp_ldap_tls_keyfile());
+ if (rc != LDAP_SUCCESS)
+ {
+ DEBUG(0,(
+ "ldap_set_option(LDAP_OPT_X_TLS_KEYFILE): %s\n",
+ ldap_err2string (rc)));
+ return LDAP_OPERATIONS_ERROR;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/*******************************************************************
+ Now we can set the per-context TLS-specific options.
+******************************************************************/
+static int
+set_tls_options (LDAP ** ldap_struct)
+{
+ return LDAP_SUCCESS;
+}
+
+/*******************************************************************
+ Now we can set the per-context TLS-specific options.
+******************************************************************/
+static int
+set_connection_options (LDAP ** ldap_struct)
+{
+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_PROTOCOL_VERSION)
+ (void) ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, lp_ldap_version());
+#endif
+
+/*#if LDAP_SET_REBIND_PROC_ARGS == 3
+ ldap_set_rebind_proc (session->ld, _rebind_proc, (void *) session);
+#elif LDAP_SET_REBIND_PROC_ARGS == 2
+ ldap_set_rebind_proc (session->ld, _rebind_proc);
+#endif */
+
+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_DEREF)
+ (void) ldap_set_option (*ldap_struct, LDAP_OPT_DEREF, lp_ldap_deref());
+#endif
+
+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_TIMELIMIT)
+ (void) ldap_set_option (*ldap_struct, LDAP_OPT_TIMELIMIT, lp_ldap_timelimit());
+#endif
+
+
+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_X_OPT_CONNECT_TIMEOUT)
+ /*
+ * This is a new option in the Netscape SDK which sets
+ * the TCP connect timeout. For want of a better value,
+ * we use the bind_timelimit to control this.
+ */
+ {
+ int timeout;
+ timeout = lp_ldap_bind_timelimit() * 1000;
+ (void) ldap_set_option (*ldap_struct, LDAP_X_OPT_CONNECT_TIMEOUT, &timeout);
+ }
+#endif
+
+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_NETWORK_TIMEOUT)
+ {
+ struct timeval tv;
+ tv.tv_sec = lp_ldap_bind_timelimit();
+ tv.tv_usec = 0;
+ (void) ldap_set_option (*ldap_struct, LDAP_OPT_NETWORK_TIMEOUT, &tv);
+ }
+#endif
+
+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_REFERRALS)
+ (void) ldap_set_option (*ldap_struct, LDAP_OPT_REFERRALS,
+ lp_ldap_referrals() ? LDAP_OPT_ON : LDAP_OPT_OFF);
+#endif
+
+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_RESTART)
+ (void) ldap_set_option (*ldap_struct, LDAP_OPT_RESTART,
+ lp_ldap_restart() ? LDAP_OPT_ON : LDAP_OPT_OFF);
+#endif
+
+ return LDAP_SUCCESS;
+}
/*******************************************************************
open a connection to the ldap server.
@@ -72,7 +234,7 @@
int port;
int version, rc;
int tls = LDAP_OPT_X_TLS_HARD;
-
+
if (lp_ldap_ssl() == LDAP_SSL_ON && lp_ldap_port() == 389) {
port = 636;
}
@@ -80,11 +242,23 @@
port = lp_ldap_port();
}
+ if (lp_ldap_ssl() == LDAP_SSL_START_TLS) {
+ if (set_tls_default_options(ldap_struct) != LDAP_SUCCESS) {
+ DEBUG(0, ("Can't set TLS default options!\n"));
+ }
+ }
+
if ((*ldap_struct = ldap_init(lp_ldap_server(), port)) == NULL) {
DEBUG(0, ("The LDAP server is not responding !\n"));
return (False);
}
+ if (set_connection_options(ldap_struct) != LDAP_SUCCESS) {
+ DEBUG(0, ("Can't set default connection options!\n"));
+ return (False);
+ }
+
+
/* Connect to older servers using SSL and V2 rather than Start TLS */
if (ldap_get_option(*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS)
{
@@ -98,7 +272,7 @@
switch (lp_ldap_ssl())
{
case LDAP_SSL_START_TLS:
- if (ldap_get_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION,
+ if (ldap_get_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION,
&version) == LDAP_OPT_SUCCESS)
{
if (version < LDAP_VERSION3)
@@ -108,7 +282,14 @@
&version);
}
}
- if ((rc = ldap_start_tls_s (*ldap_struct, NULL, NULL)) != LDAP_SUCCESS)
+ /* set up TLS context */
+ if (set_tls_options (ldap_struct) != LDAP_SUCCESS)
+ {
+ DEBUG(0,("set_tls_options failed"));
+ }
+
+ rc = ldap_start_tls_s (*ldap_struct, NULL, NULL);
+ if (rc != LDAP_SUCCESS)
{
DEBUG(0,
("Failed to issue the StartTLS instruction: %s\n",
@@ -141,22 +322,22 @@
static pstring ldap_secret;
/* get the password if we don't have it already */
- if (!got_pw && !(got_pw=fetch_ldap_pw(lp_ldap_admin_dn(), ldap_secret, sizeof(pstring))))
+ if (!got_pw && !(got_pw=fetch_ldap_pw(lp_ldap_admin_dn(), ldap_secret, sizeof(pstring))))
{
DEBUG(0, ("ldap_connect_system: Failed to retrieve password for %s from secrets.tdb\n",
lp_ldap_admin_dn()));
return False;
}
- /* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite
+ /* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite
(OpenLDAP) doesnt' seem to support it */
- if ((rc = ldap_simple_bind_s(ldap_struct, lp_ldap_admin_dn(),
+ if ((rc = ldap_simple_bind_s(ldap_struct, lp_ldap_admin_dn(),
ldap_secret)) != LDAP_SUCCESS)
{
DEBUG(0, ("Bind failed: %s\n", ldap_err2string(rc)));
return (False);
}
-
+
DEBUG(2, ("ldap_connect_system: succesful connection to the LDAP server\n"));
return (True);
}
@@ -171,13 +352,13 @@
DEBUG(2, ("ldap_search_one_user: searching for:[%s]\n", filter));
- rc = ldap_search_s (ldap_struct, lp_ldap_suffix (), scope,
+ rc = ldap_search_s (ldap_struct, lp_ldap_suffix (), scope,
filter, NULL, 0, result);
if (rc != LDAP_SUCCESS) {
- DEBUG(0,("ldap_search_one_user: Problem during the LDAP search: %s\n",
+ DEBUG(0,("ldap_search_one_user: Problem during the LDAP search: %s\n",
ldap_err2string (rc)));
- DEBUG(3,("ldap_search_one_user: Query was: %s, %s\n", lp_ldap_suffix(),
+ DEBUG(3,("ldap_search_one_user: Query was: %s, %s\n", lp_ldap_suffix(),
filter));
}
return (rc);
@@ -190,7 +371,7 @@
LDAPMessage ** result)
{
pstring filter;
-
+
/*
in the filter expression, replace %u with the real name
so in ldap filter, %u MUST exist :-)
@@ -599,7 +780,7 @@
/**********************************************************************
Connect to LDAP server for password enumeration
*********************************************************************/
-BOOL pdb_setsampwent(BOOL update)
+BOOL ldap_pdb_setsampwent(BOOL update)
{
int rc;
pstring filter;
@@ -645,7 +826,7 @@
/**********************************************************************
End enumeration of the LDAP password list
*********************************************************************/
-void pdb_endsampwent(void)
+void ldap_pdb_endsampwent(void)
{
if (global_ldap_ent.ldap_struct && global_ldap_ent.result)
{
@@ -659,7 +840,7 @@
/**********************************************************************
Get the next entry in the LDAP password database
*********************************************************************/
-BOOL pdb_getsampwent(SAM_ACCOUNT * user)
+BOOL ldap_pdb_getsampwent(SAM_ACCOUNT * user)
{
if (!global_ldap_ent.entry)
return False;
@@ -678,7 +859,7 @@
/**********************************************************************
Get SAM_ACCOUNT entry from LDAP by username
*********************************************************************/
-BOOL pdb_getsampwnam(SAM_ACCOUNT * user, char *sname)
+BOOL ldap_pdb_getsampwnam(SAM_ACCOUNT * user, char *sname)
{
LDAP *ldap_struct;
LDAPMessage *result;
@@ -724,7 +905,7 @@
/**********************************************************************
Get SAM_ACCOUNT entry from LDAP by rid
*********************************************************************/
-BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid)
+BOOL ldap_pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid)
{
LDAP *ldap_struct;
LDAPMessage *result;
@@ -773,7 +954,7 @@
/**********************************************************************
Get SAM_ACCOUNT entry from LDAP by uid
*********************************************************************/
-BOOL pdb_getsampwuid(SAM_ACCOUNT * user, uid_t uid)
+BOOL ldap_pdb_getsampwuid(SAM_ACCOUNT * user, uid_t uid)
{
LDAP *ldap_struct;
LDAPMessage *result;
@@ -822,7 +1003,7 @@
/**********************************************************************
Delete entry from LDAP for username
*********************************************************************/
-BOOL pdb_delete_sam_account(char *sname)
+BOOL ldap_pdb_delete_sam_account(char *sname)
{
int rc;
char *dn;
@@ -873,7 +1054,7 @@
/**********************************************************************
Update SAM_ACCOUNT
*********************************************************************/
-BOOL pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override)
+BOOL ldap_pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override)
{
int rc;
char *dn;
@@ -934,7 +1115,7 @@
/**********************************************************************
Add SAM_ACCOUNT to LDAP
*********************************************************************/
-BOOL pdb_add_sam_account(SAM_ACCOUNT * newpwd)
+BOOL ldap_pdb_add_sam_account(SAM_ACCOUNT * newpwd)
{
int rc;
pstring filter;
diff -urN samba-2.2.2/source/passdb/pdb_nisplus.c samba-2.2.2-MX/source/passdb/pdb_nisplus.c
--- samba-2.2.2/source/passdb/pdb_nisplus.c Thu Oct 11 11:40:00 2001
+++ samba-2.2.2-MX/source/passdb/pdb_nisplus.c Wed Oct 31 00:01:26 2001
@@ -882,7 +882,7 @@
/***************************************************************
Start to enumerate the nisplus passwd list.
****************************************************************/
-BOOL pdb_setsampwent(BOOL update)
+BOOL nisplus_pdb_setsampwent(BOOL update)
{
char *sp, * p = lp_smb_passwd_file();
pstring pfiletmp;
@@ -902,7 +902,7 @@
/***************************************************************
End enumeration of the nisplus passwd list.
****************************************************************/
-void pdb_endsampwent(void)
+void nisplus_pdb_endsampwent(void)
{
if( global_nisp_ent.result )
nis_freeresult(global_nisp_ent.result);
@@ -913,7 +913,7 @@
/*************************************************************************
Routine to return the next entry in the nisplus passwd list.
*************************************************************************/
-BOOL pdb_getsampwent(SAM_ACCOUNT *user)
+BOOL nisplus_pdb_getsampwent(SAM_ACCOUNT *user)
{
int enum_entry = (int)(global_nisp_ent.enum_entry);
nis_result *result = global_nisp_ent.result;
@@ -941,7 +941,7 @@
/*************************************************************************
Routine to search the nisplus passwd file for an entry matching the username
*************************************************************************/
-BOOL pdb_getsampwnam(SAM_ACCOUNT * user, char *sname)
+BOOL nisplus_pdb_getsampwnam(SAM_ACCOUNT * user, char *sname)
{
/* Static buffers we will return. */
nis_result *result = NULL;
@@ -977,7 +977,7 @@
/*************************************************************************
Routine to search the nisplus passwd file for an entry matching the username
*************************************************************************/
-BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid)
+BOOL nisplus_pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid)
{
nis_result *result;
char *nisname;
@@ -1017,7 +1017,7 @@
/*************************************************************************
Routine to search the nisplus passwd file for an entry matching the username
*************************************************************************/
-BOOL pdb_getsampwuid(SAM_ACCOUNT * user, uid_t uid)
+BOOL nisplus_pdb_getsampwuid(SAM_ACCOUNT * user, uid_t uid)
{
nis_result *result;
char *nisname;
@@ -1057,7 +1057,7 @@
/*************************************************************************
Routine to remove entry from the nisplus smbpasswd table
*************************************************************************/
-BOOL pdb_delete_sam_account(char *sname)
+BOOL nisplus_pdb_delete_sam_account(char *sname)
{
char *pfile = lp_smb_passwd_file();
pstring nisname;
@@ -1113,7 +1113,7 @@
/************************************************************************
Routine to add an entry to the nisplus passwd file.
*************************************************************************/
-BOOL pdb_add_sam_account(SAM_ACCOUNT * newpwd)
+BOOL nisplus_pdb_add_sam_account(SAM_ACCOUNT * newpwd)
{
int local_user = 0;
char *pfile;
@@ -1308,7 +1308,7 @@
/************************************************************************
Routine to modify the nisplus passwd entry.
************************************************************************/
-BOOL pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override)
+BOOL nisplus_pdb_update_sam_account(SAM_ACCOUNT * newpwd, BOOL override)
{
nis_result *result, *addresult;
nis_object *obj;
diff -urN samba-2.2.2/source/passdb/pdb_smbpasswd.c samba-2.2.2-MX/source/passdb/pdb_smbpasswd.c
--- samba-2.2.2/source/passdb/pdb_smbpasswd.c Thu Oct 11 11:40:01 2001
+++ samba-2.2.2-MX/source/passdb/pdb_smbpasswd.c Wed Oct 31 00:01:26 2001
@@ -1259,7 +1259,7 @@
/*****************************************************************
Functions to be implemented by the new passdb API
****************************************************************/
-BOOL pdb_setsampwent (BOOL update)
+BOOL files_pdb_setsampwent (BOOL update)
{
global_vp = startsmbfilepwent(lp_smb_passwd_file(),
update ? PWF_UPDATE : PWF_READ,
@@ -1287,14 +1287,14 @@
return (global_vp != NULL);
}
-void pdb_endsampwent (void)
+void files_pdb_endsampwent (void)
{
endsmbfilepwent(global_vp, &pw_file_lock_depth);
}
/*****************************************************************
****************************************************************/
-BOOL pdb_getsampwent(SAM_ACCOUNT *user)
+BOOL files_pdb_getsampwent(SAM_ACCOUNT *user)
{
struct smb_passwd *pw_buf=NULL;
BOOL done = False;
@@ -1334,7 +1334,7 @@
call getpwnam() for unix account information until we have found
the correct entry
***************************************************************/
-BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, char *username)
+BOOL files_pdb_getsampwnam(SAM_ACCOUNT *sam_acct, char *username)
{
struct smb_passwd *smb_pw;
void *fp = NULL;
@@ -1403,7 +1403,7 @@
}
-BOOL pdb_getsampwuid (SAM_ACCOUNT *sam_acct, uid_t uid)
+BOOL files_pdb_getsampwuid (SAM_ACCOUNT *sam_acct, uid_t uid)
{
struct smb_passwd *smb_pw;
void *fp = NULL;
@@ -1445,7 +1445,7 @@
return True;
}
-BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct,uint32 rid)
+BOOL files_pdb_getsampwrid(SAM_ACCOUNT *sam_acct,uint32 rid)
{
struct smb_passwd *smb_pw;
void *fp = NULL;
@@ -1488,7 +1488,7 @@
return True;
}
-BOOL pdb_add_sam_account(SAM_ACCOUNT *sampass)
+BOOL files_pdb_add_sam_account(SAM_ACCOUNT *sampass)
{
struct smb_passwd smb_pw;
@@ -1502,7 +1502,7 @@
return True;
}
-BOOL pdb_update_sam_account(SAM_ACCOUNT *sampass, BOOL override)
+BOOL files_pdb_update_sam_account(SAM_ACCOUNT *sampass, BOOL override)
{
struct smb_passwd smb_pw;
@@ -1516,7 +1516,7 @@
return True;
}
-BOOL pdb_delete_sam_account (char* username)
+BOOL files_pdb_delete_sam_account (char* username)
{
return del_smbfilepwd_entry(username);
}
diff -urN samba-2.2.2/source/passdb/pdb_tdb.c samba-2.2.2-MX/source/passdb/pdb_tdb.c
--- samba-2.2.2/source/passdb/pdb_tdb.c Thu Oct 11 11:40:02 2001
+++ samba-2.2.2-MX/source/passdb/pdb_tdb.c Wed Oct 31 00:01:26 2001
@@ -382,7 +382,7 @@
Open the TDB passwd database for SAM account enumeration.
****************************************************************/
-BOOL pdb_setsampwent(BOOL update)
+BOOL tdb_pdb_setsampwent(BOOL update)
{
pstring tdbfile;
@@ -405,7 +405,7 @@
End enumeration of the TDB passwd list.
****************************************************************/
-void pdb_endsampwent(void)
+void tdb_pdb_endsampwent(void)
{
if (global_tdb_ent.passwd_tdb) {
tdb_close(global_tdb_ent.passwd_tdb);
@@ -419,7 +419,7 @@
Get one SAM_ACCOUNT from the TDB (next in line)
*****************************************************************/
-BOOL pdb_getsampwent(SAM_ACCOUNT *user)
+BOOL tdb_pdb_getsampwent(SAM_ACCOUNT *user)
{
TDB_DATA data;
struct passwd *pw;
@@ -489,7 +489,7 @@
Lookup a name in the SAM TDB
******************************************************************/
-BOOL pdb_getsampwnam (SAM_ACCOUNT *user, char *sname)
+BOOL tdb_pdb_getsampwnam (SAM_ACCOUNT *user, char *sname)
{
TDB_CONTEXT *pwd_tdb;
TDB_DATA data, key;
@@ -572,7 +572,7 @@
Search by uid
**************************************************************************/
-BOOL pdb_getsampwuid (SAM_ACCOUNT* user, uid_t uid)
+BOOL tdb_pdb_getsampwuid (SAM_ACCOUNT* user, uid_t uid)
{
struct passwd *pw;
fstring name;
@@ -597,7 +597,7 @@
Search by rid
**************************************************************************/
-BOOL pdb_getsampwrid (SAM_ACCOUNT *user, uint32 rid)
+BOOL tdb_pdb_getsampwrid (SAM_ACCOUNT *user, uint32 rid)
{
TDB_CONTEXT *pwd_tdb;
TDB_DATA data, key;
@@ -645,7 +645,7 @@
Delete a SAM_ACCOUNT
****************************************************************************/
-BOOL pdb_delete_sam_account(char *sname)
+BOOL tdb_pdb_delete_sam_account(char *sname)
{
SAM_ACCOUNT *sam_pass = NULL;
TDB_CONTEXT *pwd_tdb;
@@ -823,7 +823,7 @@
Modifies an existing SAM_ACCOUNT
****************************************************************************/
-BOOL pdb_update_sam_account (SAM_ACCOUNT *newpwd, BOOL override)
+BOOL tdb_pdb_update_sam_account (SAM_ACCOUNT *newpwd, BOOL override)
{
return (tdb_update_sam(newpwd, override, TDB_MODIFY));
}
@@ -832,7 +832,7 @@
Adds an existing SAM_ACCOUNT
****************************************************************************/
-BOOL pdb_add_sam_account (SAM_ACCOUNT *newpwd)
+BOOL tdb_pdb_add_sam_account (SAM_ACCOUNT *newpwd)
{
return (tdb_update_sam(newpwd, True, TDB_INSERT));
}
diff -urN samba-2.2.2/source/utils/smbpasswd.c samba-2.2.2-MX/source/utils/smbpasswd.c
--- samba-2.2.2/source/utils/smbpasswd.c Sat Oct 13 23:09:44 2001
+++ samba-2.2.2-MX/source/utils/smbpasswd.c Wed Oct 31 00:17:03 2001
@@ -21,6 +21,7 @@
#include "includes.h"
+#include "samdb.h"
extern pstring global_myname;
extern int DEBUGLEVEL;
@@ -664,13 +665,16 @@
argv += optind;
#ifdef WITH_LDAP_SAM
- if (local_flags & LOCAL_SET_LDAP_ADMIN_PW)
+ if (lp_samdb()==SAM_LDAP)
{
+ if (local_flags & LOCAL_SET_LDAP_ADMIN_PW)
+ {
printf("Setting stored password for \"%s\" in secrets.tdb\n",
lp_ldap_admin_dn());
if (!store_ldap_admin_pw(ldap_secret))
DEBUG(0,("ERROR: Failed to store the ldap admin password!\n"));
goto done;
+ }
}
#endif
--------------------------------------------------------------------------------------------------------------------
MfG
Stefan Metzmacher
stefan.metzmacher at metzemix.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba-2.2.2-MX-samdb+ldap-tls.patch
Type: application/octet-stream
Size: 59341 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20011220/3b88f329/samba-2.2.2-MX-samdbldap-tls.obj
More information about the samba-technical
mailing list