[PATCH] change SAM DB (files,tdb,ldap,nisplus) in smb.conf
Stefan (metze) Metzmacher
metze at metzemix.de
Fri Jan 4 00:41:04 GMT 2002
At 11:57 29.12.2001 -0600, you wrote:
>Stefan,
>
>While I like the intent of the patch, I'm not going to apply it.
>The reason is that having to redefine pdb_getsampwXX() to
>handle a large switch() statement in order to deal with all
>of the possible samdb backends is fairly awkward.
>
>We need to move backto to a structure of function pointers and
>then enable the various lookups by adding the structure to a list
>of backend methods. This should be done via shared libraries.
>We just haven't sat down and done it yet.
Hi Jerry,
I thing it could be done like the way the auth methods (samba 3.0)
parameter is done.
What do you thing about it? Is that the right approach?
metze
----------------------------
in smb.conf you can list the backends in the order they should be called.
default:
samdb backends = files
maybe changed in:
samdb backends = ldap tdb
or:
samdb backens = nisplus files
--------------------------
###################
like in auth/auth.c
###################
NTSTATUS check_password(const auth_usersupplied_info *user_info,
const auth_authsupplied_info *auth_info,
auth_serversupplied_info **server_info)
{
...
for (auth_method = auth_info->auth_method_list;auth_method;
auth_method = auth_method->next)
{
mem_ctx = talloc_init_named("%s authentication for user
%s\\%s", auth_method->name,
user_info->domain.str,
user_info->smb_name.str);
nt_status = auth_method->auth(auth_method->private_data,
mem_ctx, user_info, auth_info, server_info);
if (NT_STATUS_IS_OK(nt_status)) {
DEBUG(3, ("check_password: %s authentication for
user [%s] suceeded\n",
auth_method->name,
user_info->smb_name.str));
} else {
DEBUG(5, ("check_password: %s authentication for
user [%s] FAILED with error %s\n",
auth_method->name,
user_info->smb_name.str, get_nt_error_msg(nt_status)));
}
talloc_destroy(mem_ctx);
if (NT_STATUS_IS_OK(nt_status)) {
break;
}
}
....
return nt_status;
}
#####################
Perhaps in this way?:
#####################
-------------------------------------------------------------------------------------------------------------
passdb/passdb.c
------------
/**********************************************************************
Get SAM_ACCOUNT entry by username
*********************************************************************/
BOOL pdb_getsampwnam(SAM_ACCOUNT * user, const char *sname)
{
..............
for (sam_db = sam_info->sam_db_list;sam_db; sam_db = sam_db->next)
{
mem_ctx = talloc_init_named("Use %s samdb backend to do
authentication for user %s", sam_db->name, sname);
nt_status = sam_db->getsampwnam(user,sname);
...
..............
}
----------------------------------------------------------------------------------
include/samdb.h
------------
typedef struct samdb_backends
{
struct samdb_backend *prev, *next;
char *name; /* What name got this module */
BOOL (*setsampwent)(BOOL update);
void (*endsampwent)(void);
BOOL (*getsampwent)(SAM_ACCOUNT * user);
BOOL (*getsampwnam)(SAM_ACCOUNT * user, const char *sname);
BOOL (*getsampwrid)(SAM_ACCOUNT * user, uint32 rid);
BOOL (*delete_sam_account)(const char *sname);
BOOL (*update_sam_account)(const SAM_ACCOUNT * newpwd, BOOL override);
BOOL (*add_sam_account)(const SAM_ACCOUNT * newpwd);
} samdb_backends;
typedef struct sam_init_function {
char *name;
/* Function to create a member of the authmethods list */
BOOL (*init)(struct samdb_backend **sam_db);
} auth_init_function;
------------------------------------------------------------------------------------
passdb/sam_info.c
-----------------
const struct samdb_init_function builtin_samdb_init_functions[] = {
{ "files", samdb_init_files },
{ "tdb", samdb_init_tdb },
{ "ldap", samdb_init_ldap },
{ "nisplus", samdb_init_nisplus },
{ NULL, NULL}
};
...
------------------------------------------------------------------------------------
passdb/pdb_ldap.c
------------------
BOOL samdb_init_ldap(samdb_backends **sam_db)
{
if (!make_samdb_backend(sam_db)) {
return False;
}
(*sam_db)->setsampwent = ldap_pwd_setsampwent;
(*sam_db)->endsampwent = ldap_pwd_endsampwent;
(*sam_db)->getsampwent = ldap_pwd_getsampwent;
(*sam_db)->getsampwnam = ldap_pwd_getsampwnam;
(*sam_db)->getsampwrid = ldap_pwd_getsampwrid;
(*sam_db)->delete_sam_account = ldap_pwd_delete_sam_account;
(*sam_db)->update_sam_account = ldap_pwd_update_sam_account;
(*sam_db)->add_sam_account = ldap_pwd_add_sam_account;
return True;
}
------------------------------------------------------------------------------------
MfG
metze
Stefan "metze" Metzmacher <metze at metzemix.de>
More information about the samba-technical
mailing list