1 /* smbk5pwd.c - Overlay for managing Samba and Heimdal passwords */
4 * Copyright 2004-2005 by Howard Chu, Symas Corp.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
16 * Support for sambaPwdMustChange added by Marco D'Ettorre.
17 * Support for table-driven configuration added by Pierangelo Masarati.
19 * The conditions of the OpenLDAP Public License apply.
24 #ifndef SLAPD_OVER_SMBK5PWD
25 #define SLAPD_OVER_SMBK5PWD SLAPD_MOD_DYNAMIC
28 #ifdef SLAPD_OVER_SMBK5PWD
32 #include <ac/string.h>
41 /* make ASN1_MALLOC_ENCODE use our allocator */
42 #define malloc ch_malloc
45 #include <kadm5/admin.h>
48 #ifndef HDB_INTERFACE_VERSION
49 #define HDB_MASTER_KEY_SET master_key_set
51 #define HDB_MASTER_KEY_SET hdb_master_key_set
54 static krb5_context context;
55 static void *kadm_context;
56 static kadm5_config_params conf;
59 static AttributeDescription *ad_krb5Key;
60 static AttributeDescription *ad_krb5KeyVersionNumber;
61 static AttributeDescription *ad_krb5PrincipalName;
62 static ObjectClass *oc_krb5KDCEntry;
66 #include <openssl/des.h>
67 #include <openssl/md4.h>
68 #include "ldap_utf8.h"
70 static AttributeDescription *ad_sambaLMPassword;
71 static AttributeDescription *ad_sambaNTPassword;
72 static AttributeDescription *ad_sambaPwdLastSet;
73 static AttributeDescription *ad_sambaPwdMustChange;
74 static ObjectClass *oc_sambaSamAccount;
77 /* Per-instance configuration information */
78 typedef struct smbk5pwd_t {
80 #define SMBK5PWD_F_KRB5 (0x1U)
81 #define SMBK5PWD_F_SAMBA (0x2U)
83 #define SMBK5PWD_DO_KRB5(pi) ((pi)->mode & SMBK5PWD_F_KRB5)
84 #define SMBK5PWD_DO_SAMBA(pi) ((pi)->mode & SMBK5PWD_F_SAMBA)
91 /* How many seconds before forcing a password change? */
92 time_t smb_must_change;
96 static const unsigned SMBK5PWD_F_ALL =
106 static int smbk5pwd_modules_init( smbk5pwd_t *pi );
109 static const char hex[] = "0123456789abcdef";
111 /* From liblutil/passwd.c... */
112 static void lmPasswd_to_key(
113 const char *lmPasswd,
116 const unsigned char *lpw = (const unsigned char *)lmPasswd;
117 unsigned char *k = (unsigned char *)key;
119 /* make room for parity bits */
121 k[1] = ((lpw[0]&0x01)<<7) | (lpw[1]>>1);
122 k[2] = ((lpw[1]&0x03)<<6) | (lpw[2]>>2);
123 k[3] = ((lpw[2]&0x07)<<5) | (lpw[3]>>3);
124 k[4] = ((lpw[3]&0x0F)<<4) | (lpw[4]>>4);
125 k[5] = ((lpw[4]&0x1F)<<3) | (lpw[5]>>5);
126 k[6] = ((lpw[5]&0x3F)<<2) | (lpw[6]>>6);
127 k[7] = ((lpw[6]&0x7F)<<1);
129 des_set_odd_parity( key );
132 #define MAX_PWLEN 256
136 const char in[HASHLEN],
144 out->bv_val = ch_malloc(HASHLEN*2 + 1);
145 out->bv_len = HASHLEN*2;
148 b = (unsigned char *)in;
149 for (i=0; i<HASHLEN; i++) {
151 *a++ = hex[*b++ & 0x0f];
157 struct berval *passwd,
161 char UcasePassword[15];
163 des_key_schedule schedule;
164 des_cblock StdText = "KGS!@#$%";
167 strncpy( UcasePassword, passwd->bv_val, 14 );
168 UcasePassword[14] = '\0';
169 ldap_pvt_str2upper( UcasePassword );
171 lmPasswd_to_key( UcasePassword, &key );
172 des_set_key_unchecked( &key, schedule );
173 des_ecb_encrypt( &StdText, &hbuf[0], schedule , DES_ENCRYPT );
175 lmPasswd_to_key( &UcasePassword[7], &key );
176 des_set_key_unchecked( &key, schedule );
177 des_ecb_encrypt( &StdText, &hbuf[1], schedule , DES_ENCRYPT );
179 hexify( (char *)hbuf, hash );
183 struct berval *passwd,
187 /* Windows currently only allows 14 character passwords, but
188 * may support up to 256 in the future. We assume this means
189 * 256 UCS2 characters, not 256 bytes...
194 if (passwd->bv_len > MAX_PWLEN*2)
195 passwd->bv_len = MAX_PWLEN*2;
198 MD4_Update( &ctx, passwd->bv_val, passwd->bv_len );
199 MD4_Final( (unsigned char *)hbuf, &ctx );
201 hexify( hbuf, hash );
203 #endif /* DO_SAMBA */
207 static int smbk5pwd_op_cleanup(
213 /* clear out the current key */
214 ldap_pvt_thread_pool_setkey( op->o_threadctx, smbk5pwd_op_cleanup,
217 /* free the callback */
219 op->o_callback = cb->sc_next;
220 op->o_tmpfree( cb, op->o_tmpmemctx );
224 static int smbk5pwd_op_bind(
228 /* If this is a simple Bind, stash the Op pointer so our chk
229 * function can find it. Set a cleanup callback to clear it
230 * out when the Bind completes.
232 if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE ) {
234 ldap_pvt_thread_pool_setkey( op->o_threadctx, smbk5pwd_op_cleanup, op,
236 cb = op->o_tmpcalloc( 1, sizeof(slap_callback), op->o_tmpmemctx );
237 cb->sc_cleanup = smbk5pwd_op_cleanup;
238 cb->sc_next = op->o_callback;
241 return SLAP_CB_CONTINUE;
244 static LUTIL_PASSWD_CHK_FUNC k5key_chk;
245 static LUTIL_PASSWD_HASH_FUNC k5key_hash;
246 static const struct berval k5key_scheme = BER_BVC("{K5KEY}");
248 /* This password scheme stores no data in the userPassword attribute
249 * other than the scheme name. It assumes the invoking entry is a
250 * krb5KDCentry and compares the passed-in credentials against the
251 * krb5Key attribute. The krb5Key may be multi-valued, but they are
252 * simply multiple keytypes generated from the same input string, so
253 * only the first value needs to be compared here.
255 * Since the lutil_passwd API doesn't pass the Entry object in, we
256 * have to fetch it ourselves in order to get access to the other
257 * attributes. We accomplish this with the help of the overlay's Bind
258 * function, which stores the current Operation pointer in thread-specific
259 * storage so we can retrieve it here. The Operation provides all
260 * the necessary context for us to get Entry from the database.
262 static int k5key_chk(
263 const struct berval *sc,
264 const struct berval *passwd,
265 const struct berval *cred,
278 /* Find our thread context, find our Operation */
279 ctx = ldap_pvt_thread_pool_context();
281 if ( ldap_pvt_thread_pool_getkey( ctx, smbk5pwd_op_cleanup, (void **)&op, NULL ) ||
283 return LUTIL_PASSWD_ERR;
285 rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
286 if ( rc != LDAP_SUCCESS ) return LUTIL_PASSWD_ERR;
288 rc = LUTIL_PASSWD_ERR;
293 a = attr_find( e->e_attrs, ad_krb5PrincipalName );
296 memset( &ent, 0, sizeof(ent) );
297 ret = krb5_parse_name(context, a->a_vals[0].bv_val, &ent.principal);
299 krb5_get_pw_salt( context, ent.principal, &salt );
300 krb5_free_principal( context, ent.principal );
302 a = attr_find( e->e_attrs, ad_krb5Key );
306 ent.keys.val = &ekey;
307 decode_Key((unsigned char *) a->a_vals[0].bv_val,
308 (size_t) a->a_vals[0].bv_len, &ent.keys.val[0], &l);
309 if ( db->HDB_MASTER_KEY_SET )
310 hdb_unseal_keys( context, db, &ent );
312 krb5_string_to_key_salt( context, ekey.key.keytype, cred->bv_val,
315 krb5_free_salt( context, salt );
317 if ( memcmp( ekey.key.keyvalue.data, key.keyvalue.data,
318 key.keyvalue.length ) == 0 ) rc = LUTIL_PASSWD_OK;
320 krb5_free_keyblock_contents( context, &key );
321 krb5_free_keyblock_contents( context, &ekey.key );
324 be_entry_release_r( op, e );
328 static int k5key_hash(
329 const struct berval *scheme,
330 const struct berval *passwd,
334 ber_dupbv( hash, (struct berval *)&k5key_scheme );
335 return LUTIL_PASSWD_OK;
339 static int smbk5pwd_exop_passwd(
344 req_pwdexop_s *qpw = &op->oq_pwdexop;
347 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
348 smbk5pwd_t *pi = on->on_bi.bi_private;
350 /* Not the operation we expected, pass it on... */
351 if ( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) ) {
352 return SLAP_CB_CONTINUE;
355 op->o_bd->bd_info = (BackendInfo *)on->on_info;
356 rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
357 if ( rc != LDAP_SUCCESS ) return rc;
368 if ( !SMBK5PWD_DO_KRB5( pi ) ) break;
370 if ( !is_entry_objectclass(e, oc_krb5KDCEntry, 0 ) ) break;
372 a = attr_find( e->e_attrs, ad_krb5PrincipalName );
375 memset( &ent, 0, sizeof(ent) );
376 ret = krb5_parse_name(context, a->a_vals[0].bv_val, &ent.principal);
379 a = attr_find( e->e_attrs, ad_krb5KeyVersionNumber );
382 if ( lutil_atoi( &kvno, a->a_vals[0].bv_val ) != 0 ) {
383 Debug( LDAP_DEBUG_ANY, "%s smbk5pwd EXOP: "
384 "dn=\"%s\" unable to parse krb5KeyVersionNumber=\"%s\"\n",
385 op->o_log_prefix, e->e_name.bv_val, a->a_vals[0].bv_val );
389 /* shouldn't happen, this is a required attr */
390 Debug( LDAP_DEBUG_ANY, "%s smbk5pwd EXOP: "
391 "dn=\"%s\" missing krb5KeyVersionNumber\n",
392 op->o_log_prefix, e->e_name.bv_val, 0 );
395 ret = _kadm5_set_keys(kadm_context, &ent, qpw->rs_new.bv_val);
396 hdb_seal_keys(context, db, &ent);
397 krb5_free_principal( context, ent.principal );
399 keys = ch_malloc( (ent.keys.len + 1) * sizeof(struct berval));
401 for (i = 0; i < ent.keys.len; i++) {
405 ASN1_MALLOC_ENCODE(Key, buf, len, &ent.keys.val[i], &len, ret);
409 keys[i].bv_val = (char *)buf;
410 keys[i].bv_len = len;
412 BER_BVZERO( &keys[i] );
414 _kadm5_free_keys(kadm_context, ent.keys.len, ent.keys.val);
416 if ( i != ent.keys.len ) {
417 ber_bvarray_free( keys );
421 ml = ch_malloc(sizeof(Modifications));
422 if (!qpw->rs_modtail) qpw->rs_modtail = &ml->sml_next;
423 ml->sml_next = qpw->rs_mods;
426 ml->sml_desc = ad_krb5Key;
427 ml->sml_op = LDAP_MOD_REPLACE;
428 #ifdef SLAP_MOD_INTERNAL
429 ml->sml_flags = SLAP_MOD_INTERNAL;
431 ml->sml_values = keys;
432 ml->sml_nvalues = NULL;
434 ml = ch_malloc(sizeof(Modifications));
435 ml->sml_next = qpw->rs_mods;
438 ml->sml_desc = ad_krb5KeyVersionNumber;
439 ml->sml_op = LDAP_MOD_REPLACE;
440 #ifdef SLAP_MOD_INTERNAL
441 ml->sml_flags = SLAP_MOD_INTERNAL;
443 ml->sml_values = ch_malloc( 2 * sizeof(struct berval));
444 ml->sml_values[0].bv_val = ch_malloc( 64 );
445 ml->sml_values[0].bv_len = sprintf(ml->sml_values[0].bv_val,
447 BER_BVZERO( &ml->sml_values[1] );
448 ml->sml_nvalues = NULL;
454 if ( SMBK5PWD_DO_SAMBA( pi ) && is_entry_objectclass(e, oc_sambaSamAccount, 0 ) ) {
461 /* Expand incoming UTF8 string to UCS4 */
462 l = ldap_utf8_chars(qpw->rs_new.bv_val);
463 wcs = ch_malloc((l+1) * sizeof(wchar_t));
465 ldap_x_utf8s_to_wcs( wcs, qpw->rs_new.bv_val, l );
467 /* Truncate UCS4 to UCS2 */
469 for (j=0; j<l; j++) {
472 *c++ = (wc >> 8) & 0xff;
475 pwd.bv_val = (char *)wcs;
478 ml = ch_malloc(sizeof(Modifications));
479 if (!qpw->rs_modtail) qpw->rs_modtail = &ml->sml_next;
480 ml->sml_next = qpw->rs_mods;
483 keys = ch_malloc( 2 * sizeof(struct berval) );
484 BER_BVZERO( &keys[1] );
485 nthash( &pwd, keys );
487 ml->sml_desc = ad_sambaNTPassword;
488 ml->sml_op = LDAP_MOD_REPLACE;
489 #ifdef SLAP_MOD_INTERNAL
490 ml->sml_flags = SLAP_MOD_INTERNAL;
492 ml->sml_values = keys;
493 ml->sml_nvalues = NULL;
495 /* Truncate UCS2 to 8-bit ASCII */
498 for (j=1; j<l; j++) {
503 pwd.bv_val[pwd.bv_len] = '\0';
505 ml = ch_malloc(sizeof(Modifications));
506 ml->sml_next = qpw->rs_mods;
509 keys = ch_malloc( 2 * sizeof(struct berval) );
510 BER_BVZERO( &keys[1] );
511 lmhash( &pwd, keys );
513 ml->sml_desc = ad_sambaLMPassword;
514 ml->sml_op = LDAP_MOD_REPLACE;
515 #ifdef SLAP_MOD_INTERNAL
516 ml->sml_flags = SLAP_MOD_INTERNAL;
518 ml->sml_values = keys;
519 ml->sml_nvalues = NULL;
523 ml = ch_malloc(sizeof(Modifications));
524 ml->sml_next = qpw->rs_mods;
527 keys = ch_malloc( 2 * sizeof(struct berval) );
528 keys[0].bv_val = ch_malloc( STRLENOF( "9223372036854775807L" ) + 1 );
529 keys[0].bv_len = snprintf(keys[0].bv_val,
530 STRLENOF( "9223372036854775807L" ) + 1,
531 "%ld", slap_get_time());
532 BER_BVZERO( &keys[1] );
534 ml->sml_desc = ad_sambaPwdLastSet;
535 ml->sml_op = LDAP_MOD_REPLACE;
536 #ifdef SLAP_MOD_INTERNAL
537 ml->sml_flags = SLAP_MOD_INTERNAL;
539 ml->sml_values = keys;
540 ml->sml_nvalues = NULL;
542 if (pi->smb_must_change)
544 ml = ch_malloc(sizeof(Modifications));
545 ml->sml_next = qpw->rs_mods;
548 keys = ch_malloc( 2 * sizeof(struct berval) );
549 keys[0].bv_val = ch_malloc( STRLENOF( "9223372036854775807L" ) + 1 );
550 keys[0].bv_len = snprintf(keys[0].bv_val,
551 STRLENOF( "9223372036854775807L" ) + 1,
552 "%ld", slap_get_time() + pi->smb_must_change);
553 BER_BVZERO( &keys[1] );
555 ml->sml_desc = ad_sambaPwdMustChange;
556 ml->sml_op = LDAP_MOD_REPLACE;
557 #ifdef SLAP_MOD_INTERNAL
558 ml->sml_flags = SLAP_MOD_INTERNAL;
560 ml->sml_values = keys;
561 ml->sml_nvalues = NULL;
564 #endif /* DO_SAMBA */
565 be_entry_release_r( op, e );
567 return SLAP_CB_CONTINUE;
570 static slap_overinst smbk5pwd;
572 /* back-config stuff */
574 PC_SMB_MUST_CHANGE = 1,
578 static ConfigDriver smbk5pwd_cf_func;
581 * NOTE: uses OID arcs OLcfgOvAt:6 and OLcfgOvOc:6
584 static ConfigTable smbk5pwd_cfats[] = {
585 { "smbk5pwd-enable", "arg",
586 2, 0, 0, ARG_MAGIC|PC_SMB_ENABLE, smbk5pwd_cf_func,
587 "( OLcfgOvAt:6.1 NAME 'olcSmbK5PwdEnable' "
588 "DESC 'Modules to be enabled' "
589 "SYNTAX OMsDirectoryString )", NULL, NULL },
590 { "smbk5pwd-must-change", "time",
591 2, 2, 0, ARG_MAGIC|ARG_INT|PC_SMB_MUST_CHANGE, smbk5pwd_cf_func,
592 "( OLcfgOvAt:6.2 NAME 'olcSmbK5PwdMustChange' "
593 "DESC 'Credentials validity interval' "
594 "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
596 { NULL, NULL, 0, 0, 0, ARG_IGNORED }
599 static ConfigOCs smbk5pwd_cfocs[] = {
601 "NAME 'olcSmbK5PwdConfig' "
602 "DESC 'smbk5pwd overlay configuration' "
603 "SUP olcOverlayConfig "
606 "$ olcSmbK5PwdMustChange "
607 ") )", Cft_Overlay, smbk5pwd_cfats },
613 * add here other functionalities; handle their initialization
614 * as appropriate in smbk5pwd_modules_init().
616 static slap_verbmasks smbk5pwd_modules[] = {
617 { BER_BVC( "krb5" ), SMBK5PWD_F_KRB5 },
618 { BER_BVC( "samba" ), SMBK5PWD_F_SAMBA },
623 smbk5pwd_cf_func( ConfigArgs *c )
625 slap_overinst *on = (slap_overinst *)c->bi;
628 smbk5pwd_t *pi = on->on_bi.bi_private;
630 if ( c->op == SLAP_CONFIG_EMIT ) {
632 case PC_SMB_MUST_CHANGE:
634 c->value_int = pi->smb_must_change;
635 #else /* ! DO_SAMBA */
637 #endif /* ! DO_SAMBA */
641 c->rvalue_vals = NULL;
643 mask_to_verbs( smbk5pwd_modules, pi->mode, &c->rvalue_vals );
644 if ( c->rvalue_vals == NULL ) {
656 } else if ( c->op == LDAP_MOD_DELETE ) {
658 case PC_SMB_MUST_CHANGE:
668 m = verb_to_mask( c->line, smbk5pwd_modules );
681 case PC_SMB_MUST_CHANGE:
683 if ( c->value_int < 0 ) {
684 Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
685 "<%s> invalid negative value \"%d\".",
686 c->log, c->argv[ 0 ], 0 );
689 pi->smb_must_change = c->value_int;
690 #else /* ! DO_SAMBA */
691 Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
692 "<%s> only meaningful "
693 "when compiled with -DDO_SAMBA.\n",
694 c->log, c->argv[ 0 ], 0 );
696 #endif /* ! DO_SAMBA */
699 case PC_SMB_ENABLE: {
700 slap_mask_t mode = pi->mode, m;
702 rc = verbs_to_mask( c->argc, c->argv, smbk5pwd_modules, &m );
704 Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
705 "<%s> unknown module \"%s\".\n",
706 c->log, c->argv[ 0 ], c->argv[ rc ] );
710 /* we can hijack the smbk5pwd_t structure because
711 * from within the configuration, this is the only
716 if ( SMBK5PWD_DO_KRB5( pi ) ) {
717 Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
718 "<%s> module \"%s\" only allowed when compiled with -DDO_KRB5.\n",
719 c->log, c->argv[ 0 ], c->argv[ rc ] );
723 #endif /* ! DO_KRB5 */
726 if ( SMBK5PWD_DO_SAMBA( pi ) ) {
727 Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
728 "<%s> module \"%s\" only allowed when compiled with -DDO_SAMBA.\n",
729 c->log, c->argv[ 0 ], c->argv[ rc ] );
733 #endif /* ! DO_SAMBA */
736 BackendDB db = *c->be;
738 /* Re-initialize the module, because
739 * the configuration might have changed */
740 db.bd_info = (BackendInfo *)on;
741 rc = smbk5pwd_modules_init( pi );
758 smbk5pwd_modules_init( smbk5pwd_t *pi )
762 AttributeDescription **adp;
766 { "krb5Key", &ad_krb5Key },
767 { "krb5KeyVersionNumber", &ad_krb5KeyVersionNumber },
768 { "krb5PrincipalName", &ad_krb5PrincipalName },
774 { "sambaLMPassword", &ad_sambaLMPassword },
775 { "sambaNTPassword", &ad_sambaNTPassword },
776 { "sambaPwdLastSet", &ad_sambaPwdLastSet },
777 { "sambaPwdMustChange", &ad_sambaPwdMustChange },
780 #endif /* DO_SAMBA */
783 /* this is to silence the unused var warning */
784 dummy_ad.name = NULL;
787 if ( SMBK5PWD_DO_KRB5( pi ) && oc_krb5KDCEntry == NULL ) {
789 extern HDB *_kadm5_s_get_db(void *);
793 /* Make sure all of our necessary schema items are loaded */
794 oc_krb5KDCEntry = oc_find( "krb5KDCEntry" );
795 if ( !oc_krb5KDCEntry ) {
796 Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
797 "unable to find \"krb5KDCEntry\" objectClass.\n",
802 for ( i = 0; krb5_ad[ i ].name != NULL; i++ ) {
805 *(krb5_ad[ i ].adp) = NULL;
807 rc = slap_str2ad( krb5_ad[ i ].name, krb5_ad[ i ].adp, &text );
808 if ( rc != LDAP_SUCCESS ) {
809 Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
810 "unable to find \"%s\" attributeType: %s (%d).\n",
811 krb5_ad[ i ].name, text, rc );
812 oc_krb5KDCEntry = NULL;
817 /* Initialize Kerberos context */
818 ret = krb5_init_context(&context);
820 Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
821 "unable to initialize krb5 context.\n",
823 oc_krb5KDCEntry = NULL;
827 /* FIXME: check return code? */
828 ret = kadm5_s_init_with_password_ctx( context,
832 &conf, 0, 0, &kadm_context );
834 /* FIXME: check return code? */
835 db = _kadm5_s_get_db( kadm_context );
840 if ( SMBK5PWD_DO_SAMBA( pi ) && oc_sambaSamAccount == NULL ) {
843 oc_sambaSamAccount = oc_find( "sambaSamAccount" );
844 if ( !oc_sambaSamAccount ) {
845 Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
846 "unable to find \"sambaSamAccount\" objectClass.\n",
851 for ( i = 0; samba_ad[ i ].name != NULL; i++ ) {
854 *(samba_ad[ i ].adp) = NULL;
856 rc = slap_str2ad( samba_ad[ i ].name, samba_ad[ i ].adp, &text );
857 if ( rc != LDAP_SUCCESS ) {
858 Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
859 "unable to find \"%s\" attributeType: %s (%d).\n",
860 samba_ad[ i ].name, text, rc );
861 oc_sambaSamAccount = NULL;
866 #endif /* DO_SAMBA */
872 smbk5pwd_db_init(BackendDB *be)
874 slap_overinst *on = (slap_overinst *)be->bd_info;
877 pi = ch_calloc( 1, sizeof( smbk5pwd_t ) );
881 on->on_bi.bi_private = (void *)pi;
887 smbk5pwd_db_open(BackendDB *be)
889 slap_overinst *on = (slap_overinst *)be->bd_info;
890 smbk5pwd_t *pi = (smbk5pwd_t *)on->on_bi.bi_private;
894 if ( pi->mode == 0 ) {
895 pi->mode = SMBK5PWD_F_ALL;
898 rc = smbk5pwd_modules_init( pi );
907 smbk5pwd_db_destroy(BackendDB *be)
909 slap_overinst *on = (slap_overinst *)be->bd_info;
910 smbk5pwd_t *pi = (smbk5pwd_t *)on->on_bi.bi_private;
920 smbk5pwd_initialize(void)
924 smbk5pwd.on_bi.bi_type = "smbk5pwd";
926 smbk5pwd.on_bi.bi_db_init = smbk5pwd_db_init;
927 smbk5pwd.on_bi.bi_db_open = smbk5pwd_db_open;
928 smbk5pwd.on_bi.bi_db_destroy = smbk5pwd_db_destroy;
930 smbk5pwd.on_bi.bi_extended = smbk5pwd_exop_passwd;
933 smbk5pwd.on_bi.bi_op_bind = smbk5pwd_op_bind;
935 lutil_passwd_add( (struct berval *)&k5key_scheme, k5key_chk, k5key_hash );
938 smbk5pwd.on_bi.bi_cf_ocs = smbk5pwd_cfocs;
940 rc = config_register_schema( smbk5pwd_cfats, smbk5pwd_cfocs );
945 return overlay_register( &smbk5pwd );
948 #if SLAPD_OVER_SMBK5PWD == SLAPD_MOD_DYNAMIC
949 int init_module(int argc, char *argv[]) {
950 return smbk5pwd_initialize();
954 #endif /* defined(SLAPD_OVER_SMBK5PWD) */
projects / openldap / blob