Re: password API needed

Luke Kenneth Casson Leighton (lkcl@switchboard.net)
Mon, 18 May 1998 11:46:31 +0000 (GMT)

Date:	Mon, 18 May 1998 11:46:31 +0000 (GMT)
From:	Luke Kenneth Casson Leighton <lkcl@switchboard.net>
To:	Samba Technical List <samba-technical@samba.anu.edu.au>, Samba NT Domains Mailing List <samba-ntdom@samba.anu.edu.au>
Subject: Re: password API needed

notes on the password database api.

1) calling databases from passdb.c
----------------------------------

all these routines in passdb.c have:

some_fn()
{
#ifdef USE_SOMESORTOF_DB
some_db_fn()
#endif

#ifdef USE_SOMEOTHERSORTOF_DB
some_other_db_fn()
#endif
}

2) password api routines
------------------------

note: the sam21 routines (struct sam_passwd) have a user RID search, _not_
a unix uid search. the non-sam21 routines (struct smb_passwd) have a unix
uid search, _not_ a user RID search.

/* The following definitions come from passdb.c */

/* enumeration */

void *startsampwent(BOOL update);
void endsampwent(void *vp);

struct smb_passwd *getsampwent(void *vp);
struct sam_passwd *getsam21pwent(void *vp);
struct sam_info getsamdispent(void *vp)

unsigned long getsampwpos(void *vp);
BOOL setsampwpos(void *vp, unsigned long tok);

/* add / modify entries */

BOOL add_sampwd_entry(struct smb_passwd *newpwd);
BOOL add_sam21pwd_entry(struct sam_passwd *newpwd);
BOOL mod_sampwd_entry(struct smb_passwd* pwd, BOOL override);
BOOL mod_sam21pwd_entry(struct sam_passwd* pwd, BOOL override);

/* search */

struct smb_passwd *getsampwnam(char *name);
struct smb_passwd *getsampwuid(uid_t smb_userid);
struct sam_passwd *getsam21pwnam(char *name);
struct sam_passwd *getsam21pwrid(uint32 rid);

add

---

add should return False without modifying the database if an entry with the same name exists, in the case of both the add_sam21pwd_entry and add_sampwd_entry routines.

add should return False without modifying the database if an entry with the same rid or the same name exists, in the case of the add_sam21pwd_entry routine.

search ------

inside passdb.c, there are _getsampwxxx and _getsam21pwxxx routines. these implement linear search by calling the enumeration routines, and can be used if the database engine being used does not have search capability, or if the implementor does not wish to write one straight away.

4) supporting both struct smb_passwd and sam_passwd ---------------------------------------------------

for the sam21 (struct sam_passwd not smb_passwd) routines, databases are expected to create default entries for fields if either:

- the underlying database does not support all the sam21 fields (which is bad)

- the underlying database has a blank entry for a particular field.

detailed example. in smbpass.c, private/smbpasswd only has user, unix uid, NTLM hashes, acb info, password last set time. therefore:

- lp_profile_path(), lp_homedir() etc shall be read from smb.conf. if fields do not exist they shall be set to "".

- all times except password last set time shall be set to -1

- the NT user RID shall be filled in by calling uid_to_user_rid().

- the NT group RID shall be filled in by doing getpwent(unix uid), obtaining the unix gid and calling gid_to_group_rid().

future versions of smbpass.c will also have a private/samdb file, which shall contain the missing struct sam_passwd fields. if any of those fields are empty in the samdb file for a given user, the above defaults shall be used.

5) query display info ---------------------

a future API routine to be added soon (oh, i seem to have just added it) will be:

struct sam_info getsamdispent(void *vp)

struct sam_info { char *smb_name; char *smb_full_name; uint32 rid; };

a first pass at this may hide the necessity for its specific implementation in all databases by calling getsampwent and dragging the three key member variables out of struct sam_passwd. in fact, i think i'll do that now :-)

this function is expected to be called for the "display" side of USRMGR.EXE and SRVMGR.EXE support (lib/rpc/server/srv_samr.c - SamrQueryDispInfo).