2009-07-14 01:42:57 +04:00
/*
2002-01-30 09:08:46 +03:00
* Unix SMB / CIFS implementation .
2001-12-03 20:14:23 +03:00
* account policy storage
2018-05-07 15:04:17 +03:00
* Copyright ( C ) Jean François Micouleau 1998 - 2001
2002-08-17 21:00:51 +04:00
* Copyright ( C ) Andrew Bartlett 2002
2005-09-30 21:13:37 +04:00
* Copyright ( C ) Guenther Deschner 2004 - 2005
2009-07-14 01:42:57 +04:00
*
2001-12-03 20:14:23 +03:00
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
* the Free Software Foundation ; either version 3 of the License , or
2001-12-03 20:14:23 +03:00
* ( at your option ) any later version .
2009-07-14 01:42:57 +04:00
*
2001-12-03 20:14:23 +03:00
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
2009-07-14 01:42:57 +04:00
*
2001-12-03 20:14:23 +03:00
* You should have received a copy of the GNU General Public License
2007-07-10 09:23:25 +04:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2001-12-03 20:14:23 +03:00
*/
# include "includes.h"
2011-02-26 01:20:06 +03:00
# include "system/filesys.h"
2011-03-18 20:58:37 +03:00
# include "passdb.h"
2011-07-07 19:42:08 +04:00
# include "dbwrap/dbwrap.h"
2011-07-06 18:40:21 +04:00
# include "dbwrap/dbwrap_open.h"
2010-10-12 08:27:50 +04:00
# include "../libcli/security/security.h"
2011-03-25 13:56:52 +03:00
# include "lib/privileges.h"
2018-10-18 22:53:36 +03:00
# include "lib/gencache.h"
2011-03-25 13:56:52 +03:00
2008-03-28 14:09:56 +03:00
static struct db_context * db ;
2001-12-03 20:14:23 +03:00
2005-09-30 21:13:37 +04:00
/* cache all entries for 60 seconds for to save ldap-queries (cache is updated
* after this period if admins do not use pdbedit or usermanager but manipulate
* ldap directly ) - gd */
2005-01-10 21:29:52 +03:00
2005-09-30 21:13:37 +04:00
# define DATABASE_VERSION 3
# define AP_TTL 60
2005-02-12 03:51:31 +03:00
2005-09-30 21:13:37 +04:00
struct ap_table {
2009-07-14 01:53:49 +04:00
enum pdb_policy_type type ;
2005-09-30 21:13:37 +04:00
const char * string ;
2015-05-09 23:34:31 +03:00
uint32_t default_val ;
2005-09-30 21:13:37 +04:00
const char * description ;
const char * ldap_attr ;
} ;
2005-02-12 03:51:31 +03:00
2005-09-30 21:13:37 +04:00
static const struct ap_table account_policy_names [ ] = {
2009-07-14 01:53:49 +04:00
{ PDB_POLICY_MIN_PASSWORD_LEN , " min password length " , MINPASSWDLENGTH ,
2009-07-14 01:42:57 +04:00
" Minimal password length (default: 5) " ,
2005-09-30 21:13:37 +04:00
" sambaMinPwdLength " } ,
2005-02-12 03:51:31 +03:00
2009-07-14 01:53:49 +04:00
{ PDB_POLICY_PASSWORD_HISTORY , " password history " , 0 ,
2009-07-14 01:42:57 +04:00
" Length of Password History Entries (default: 0 => off) " ,
2005-09-30 21:13:37 +04:00
" sambaPwdHistoryLength " } ,
2009-07-14 01:42:57 +04:00
2009-07-14 01:53:49 +04:00
{ PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS , " user must logon to change password " , 0 ,
2005-09-30 21:13:37 +04:00
" Force Users to logon for password change (default: 0 => off, 2 => on) " ,
" sambaLogonToChgPwd " } ,
2009-07-14 01:42:57 +04:00
2015-05-09 23:34:31 +03:00
{ PDB_POLICY_MAX_PASSWORD_AGE , " maximum password age " , ( uint32_t ) - 1 ,
2009-07-14 01:42:57 +04:00
" Maximum password age, in seconds (default: -1 => never expire passwords) " ,
2005-09-30 21:13:37 +04:00
" sambaMaxPwdAge " } ,
2009-07-14 01:42:57 +04:00
2009-07-14 01:53:49 +04:00
{ PDB_POLICY_MIN_PASSWORD_AGE , " minimum password age " , 0 ,
2009-07-14 01:42:57 +04:00
" Minimal password age, in seconds (default: 0 => allow immediate password change) " ,
2005-09-30 21:13:37 +04:00
" sambaMinPwdAge " } ,
2009-07-14 01:42:57 +04:00
2009-07-14 01:53:49 +04:00
{ PDB_POLICY_LOCK_ACCOUNT_DURATION , " lockout duration " , 30 ,
2005-09-30 21:13:37 +04:00
" Lockout duration in minutes (default: 30, -1 => forever) " ,
" sambaLockoutDuration " } ,
2009-07-14 01:42:57 +04:00
2009-07-14 01:53:49 +04:00
{ PDB_POLICY_RESET_COUNT_TIME , " reset count minutes " , 30 ,
2009-07-14 01:42:57 +04:00
" Reset time after lockout in minutes (default: 30) " ,
2005-09-30 21:13:37 +04:00
" sambaLockoutObservationWindow " } ,
2009-07-14 01:42:57 +04:00
2009-07-14 01:53:49 +04:00
{ PDB_POLICY_BAD_ATTEMPT_LOCKOUT , " bad lockout attempt " , 0 ,
2009-07-14 01:42:57 +04:00
" Lockout users after bad logon attempts (default: 0 => off) " ,
2005-09-30 21:13:37 +04:00
" sambaLockoutThreshold " } ,
2009-07-14 01:42:57 +04:00
2015-05-09 23:34:31 +03:00
{ PDB_POLICY_TIME_TO_LOGOUT , " disconnect time " , ( uint32_t ) - 1 ,
2009-07-14 01:42:57 +04:00
" Disconnect Users outside logon hours (default: -1 => off, 0 => on) " ,
" sambaForceLogoff " } ,
2009-07-14 01:53:49 +04:00
{ PDB_POLICY_REFUSE_MACHINE_PW_CHANGE , " refuse machine password change " , 0 ,
2005-09-30 21:13:37 +04:00
" Allow Machine Password changes (default: 0 => off) " ,
" sambaRefuseMachinePwdChange " } ,
2009-07-14 01:42:57 +04:00
2005-09-30 21:13:37 +04:00
{ 0 , NULL , 0 , " " , NULL }
2002-08-17 21:00:51 +04:00
} ;
2011-08-15 11:12:46 +04:00
void account_policy_names_list ( TALLOC_CTX * mem_ctx , const char * * * names , int * num_names )
2009-07-14 01:42:57 +04:00
{
2006-12-01 17:54:31 +03:00
const char * * nl ;
2011-08-15 11:12:46 +04:00
int i , count = ARRAY_SIZE ( account_policy_names ) ;
2004-07-09 01:01:30 +04:00
2011-08-15 11:12:46 +04:00
nl = talloc_array ( mem_ctx , const char * , count ) ;
2004-07-09 01:01:30 +04:00
if ( ! nl ) {
2006-12-01 17:54:31 +03:00
* num_names = 0 ;
return ;
2004-07-09 01:01:30 +04:00
}
2011-08-15 11:12:46 +04:00
for ( i = 0 ; i < count ; i + + ) {
2006-12-01 17:54:31 +03:00
nl [ i ] = account_policy_names [ i ] . string ;
2004-07-09 01:01:30 +04:00
}
2011-08-15 11:12:46 +04:00
/* Do not return the last null entry */
* num_names = count - 1 ;
2006-12-01 17:54:31 +03:00
* names = nl ;
return ;
2004-07-09 01:01:30 +04:00
}
2002-08-17 21:00:51 +04:00
/****************************************************************************
Get the account policy name as a string from its # define ' ed number
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-07-14 01:53:49 +04:00
const char * decode_account_policy_name ( enum pdb_policy_type type )
2002-08-17 21:00:51 +04:00
{
int i ;
for ( i = 0 ; account_policy_names [ i ] . string ; i + + ) {
2009-07-14 01:53:49 +04:00
if ( type = = account_policy_names [ i ] . type ) {
2002-08-17 21:00:51 +04:00
return account_policy_names [ i ] . string ;
2005-12-20 18:10:41 +03:00
}
2002-08-17 21:00:51 +04:00
}
return NULL ;
2005-09-30 21:13:37 +04:00
}
/****************************************************************************
Get the account policy LDAP attribute as a string from its # define ' ed number
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-08-17 21:00:51 +04:00
2009-07-14 01:53:49 +04:00
const char * get_account_policy_attr ( enum pdb_policy_type type )
2005-09-30 21:13:37 +04:00
{
int i ;
2009-07-14 01:53:49 +04:00
for ( i = 0 ; account_policy_names [ i ] . type ; i + + ) {
if ( type = = account_policy_names [ i ] . type ) {
2005-09-30 21:13:37 +04:00
return account_policy_names [ i ] . ldap_attr ;
2005-12-20 18:10:41 +03:00
}
2005-09-30 21:13:37 +04:00
}
return NULL ;
}
/****************************************************************************
Get the account policy description as a string from its # define ' ed number
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-07-14 01:53:49 +04:00
const char * account_policy_get_desc ( enum pdb_policy_type type )
2005-09-30 21:13:37 +04:00
{
int i ;
for ( i = 0 ; account_policy_names [ i ] . string ; i + + ) {
2009-07-14 01:53:49 +04:00
if ( type = = account_policy_names [ i ] . type ) {
2005-09-30 21:13:37 +04:00
return account_policy_names [ i ] . description ;
2005-12-20 18:10:41 +03:00
}
2005-09-30 21:13:37 +04:00
}
return NULL ;
2002-08-17 21:00:51 +04:00
}
2001-12-03 20:14:23 +03:00
/****************************************************************************
2002-08-17 21:00:51 +04:00
Get the account policy name as a string from its # define ' ed number
2001-12-03 20:14:23 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-07-14 01:53:49 +04:00
enum pdb_policy_type account_policy_name_to_typenum ( const char * name )
2001-12-03 20:14:23 +03:00
{
2002-08-17 21:00:51 +04:00
int i ;
for ( i = 0 ; account_policy_names [ i ] . string ; i + + ) {
2005-12-20 18:10:41 +03:00
if ( strcmp ( name , account_policy_names [ i ] . string ) = = 0 ) {
2009-07-14 01:53:49 +04:00
return account_policy_names [ i ] . type ;
2005-12-20 18:10:41 +03:00
}
2001-12-03 20:14:23 +03:00
}
2002-08-17 21:00:51 +04:00
return 0 ;
2005-09-30 21:13:37 +04:00
}
/*****************************************************************************
Get default value for account policy
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-07-14 01:53:49 +04:00
bool account_policy_get_default ( enum pdb_policy_type type , uint32_t * val )
2005-09-30 21:13:37 +04:00
{
int i ;
2009-07-14 01:53:49 +04:00
for ( i = 0 ; account_policy_names [ i ] . type ; i + + ) {
if ( account_policy_names [ i ] . type = = type ) {
2005-09-30 21:13:37 +04:00
* val = account_policy_names [ i ] . default_val ;
return True ;
}
}
2009-07-14 01:42:57 +04:00
DEBUG ( 0 , ( " no default for account_policy index %d found. This should never happen \n " ,
2009-07-14 01:53:49 +04:00
type ) ) ;
2005-09-30 21:13:37 +04:00
return False ;
}
/*****************************************************************************
2009-07-14 01:53:49 +04:00
Set default for a type if it is empty
2005-09-30 21:13:37 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-07-14 01:53:49 +04:00
static bool account_policy_set_default_on_empty ( enum pdb_policy_type type )
2005-09-30 21:13:37 +04:00
{
2015-05-09 23:34:31 +03:00
uint32_t value ;
2005-09-30 21:13:37 +04:00
2009-07-14 01:53:49 +04:00
if ( ! account_policy_get ( type , & value ) & &
! account_policy_get_default ( type , & value ) ) {
2005-09-30 21:13:37 +04:00
return False ;
}
2009-07-14 01:53:49 +04:00
return account_policy_set ( type , value ) ;
2005-09-30 21:13:37 +04:00
}
/*****************************************************************************
Open the account policy tdb .
* * * ` * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-19 04:40:25 +04:00
bool init_account_policy ( void )
2005-09-30 21:13:37 +04:00
{
const char * vstring = " INFO/version " ;
2011-10-06 22:00:17 +04:00
uint32_t version = 0 ;
2005-09-30 21:13:37 +04:00
int i ;
2011-10-06 23:07:27 +04:00
NTSTATUS status ;
2014-11-02 22:21:27 +03:00
char * db_path ;
2005-09-30 21:13:37 +04:00
2008-03-28 14:09:56 +03:00
if ( db ! = NULL ) {
2005-09-30 21:13:37 +04:00
return True ;
2005-12-20 18:10:41 +03:00
}
2005-09-30 21:13:37 +04:00
2018-08-16 11:51:44 +03:00
db_path = state_path ( talloc_tos ( ) , " account_policy.tdb " ) ;
2014-11-02 22:21:27 +03:00
if ( db_path = = NULL ) {
return false ;
}
db = db_open ( NULL , db_path , 0 , TDB_DEFAULT ,
2014-01-27 17:49:12 +04:00
O_RDWR , 0600 , DBWRAP_LOCK_ORDER_1 , DBWRAP_FLAG_NONE ) ;
2008-03-28 14:09:56 +03:00
if ( db = = NULL ) { /* the account policies files does not exist or open
* failed , try to create a new one */
2014-11-02 22:21:27 +03:00
db = db_open ( NULL , db_path , 0 ,
2012-01-06 20:19:54 +04:00
TDB_DEFAULT , O_RDWR | O_CREAT , 0600 ,
2014-01-27 17:49:12 +04:00
DBWRAP_LOCK_ORDER_1 , DBWRAP_FLAG_NONE ) ;
2008-03-28 14:09:56 +03:00
if ( db = = NULL ) {
2006-07-11 22:01:26 +04:00
DEBUG ( 0 , ( " Failed to open account policy database \n " ) ) ;
2014-11-02 22:21:27 +03:00
TALLOC_FREE ( db_path ) ;
2006-07-11 22:01:26 +04:00
return False ;
}
2005-09-30 21:13:37 +04:00
}
2014-11-02 22:21:27 +03:00
TALLOC_FREE ( db_path ) ;
2005-09-30 21:13:37 +04:00
2012-06-14 22:39:27 +04:00
status = dbwrap_fetch_uint32_bystring ( db , vstring , & version ) ;
2011-10-06 23:07:27 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2011-10-06 22:00:17 +04:00
version = 0 ;
}
2008-03-28 14:09:56 +03:00
if ( version = = DATABASE_VERSION ) {
return true ;
}
2005-09-30 21:13:37 +04:00
/* handle a Samba upgrade */
2011-08-25 02:38:51 +04:00
if ( dbwrap_transaction_start ( db ) ! = 0 ) {
2008-03-28 14:09:56 +03:00
DEBUG ( 0 , ( " transaction_start failed \n " ) ) ;
TALLOC_FREE ( db ) ;
return false ;
}
2012-06-14 22:39:27 +04:00
status = dbwrap_fetch_uint32_bystring ( db , vstring , & version ) ;
2011-10-06 23:07:27 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2011-10-06 22:00:17 +04:00
version = 0 ;
}
2008-03-28 14:09:56 +03:00
if ( version = = DATABASE_VERSION ) {
/*
* Race condition
*/
2011-08-25 02:38:51 +04:00
if ( dbwrap_transaction_cancel ( db ) ) {
2008-03-28 14:09:56 +03:00
smb_panic ( " transaction_cancel failed " ) ;
}
return true ;
}
if ( version ! = DATABASE_VERSION ) {
2012-06-15 11:09:57 +04:00
status = dbwrap_store_uint32_bystring ( db , vstring ,
DATABASE_VERSION ) ;
2011-10-06 23:29:04 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2015-05-09 23:34:31 +03:00
DEBUG ( 0 , ( " dbwrap_store_uint32_t failed: %s \n " ,
2011-10-06 23:29:04 +04:00
nt_errstr ( status ) ) ) ;
2008-03-28 14:09:56 +03:00
goto cancel ;
}
2005-09-30 21:13:37 +04:00
2009-07-14 01:53:49 +04:00
for ( i = 0 ; account_policy_names [ i ] . type ; i + + ) {
2005-09-30 21:13:37 +04:00
2009-07-14 01:53:49 +04:00
if ( ! account_policy_set_default_on_empty ( account_policy_names [ i ] . type ) ) {
2005-09-30 21:13:37 +04:00
DEBUG ( 0 , ( " failed to set default value in account policy tdb \n " ) ) ;
2008-03-28 14:09:56 +03:00
goto cancel ;
2005-09-30 21:13:37 +04:00
}
}
}
/* These exist by default on NT4 in [HKLM\SECURITY\Policy\Accounts] */
privilege_create_account ( & global_sid_World ) ;
privilege_create_account ( & global_sid_Builtin_Account_Operators ) ;
privilege_create_account ( & global_sid_Builtin_Server_Operators ) ;
privilege_create_account ( & global_sid_Builtin_Print_Operators ) ;
privilege_create_account ( & global_sid_Builtin_Backup_Operators ) ;
2006-03-15 08:50:52 +03:00
/* BUILTIN\Administrators get everything -- *always* */
2006-09-06 19:17:25 +04:00
if ( lp_enable_privileges ( ) ) {
if ( ! grant_all_privileges ( & global_sid_Builtin_Administrators ) ) {
DEBUG ( 1 , ( " init_account_policy: Failed to grant privileges "
" to BUILTIN \\ Administrators! \n " ) ) ;
}
2006-03-15 08:50:52 +03:00
}
2011-08-25 02:38:51 +04:00
if ( dbwrap_transaction_commit ( db ) ! = 0 ) {
2008-03-28 14:09:56 +03:00
DEBUG ( 0 , ( " transaction_commit failed \n " ) ) ;
2008-08-08 05:42:06 +04:00
TALLOC_FREE ( db ) ;
return false ;
2008-03-28 14:09:56 +03:00
}
2005-09-30 21:13:37 +04:00
return True ;
2008-03-28 14:09:56 +03:00
cancel :
2011-08-25 02:38:51 +04:00
if ( dbwrap_transaction_cancel ( db ) ) {
2008-03-28 14:09:56 +03:00
smb_panic ( " transaction_cancel failed " ) ;
}
TALLOC_FREE ( db ) ;
return false ;
2005-09-30 21:13:37 +04:00
}
/*****************************************************************************
2009-07-14 01:42:57 +04:00
Get an account policy ( from tdb )
2005-09-30 21:13:37 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2004-07-09 01:01:30 +04:00
2009-07-14 01:53:49 +04:00
bool account_policy_get ( enum pdb_policy_type type , uint32_t * value )
2001-12-03 20:14:23 +03:00
{
2006-09-10 02:27:06 +04:00
const char * name ;
2015-05-09 23:34:31 +03:00
uint32_t regval ;
2011-10-06 23:07:27 +04:00
NTSTATUS status ;
2001-12-03 20:14:23 +03:00
2005-12-20 18:10:41 +03:00
if ( ! init_account_policy ( ) ) {
2005-09-30 21:13:37 +04:00
return False ;
2005-12-20 18:10:41 +03:00
}
2001-12-04 09:20:39 +03:00
2005-12-20 18:10:41 +03:00
if ( value ) {
2005-01-10 21:29:52 +03:00
* value = 0 ;
2005-12-20 18:10:41 +03:00
}
2002-08-17 21:00:51 +04:00
2009-07-14 01:53:49 +04:00
name = decode_account_policy_name ( type ) ;
2006-09-10 02:27:06 +04:00
if ( name = = NULL ) {
2009-07-14 01:53:49 +04:00
DEBUG ( 1 , ( " account_policy_get: Field %d is not a valid account policy type! Cannot get, returning 0. \n " , type ) ) ;
2002-08-17 21:00:51 +04:00
return False ;
}
2009-07-14 01:42:57 +04:00
2012-06-14 22:39:27 +04:00
status = dbwrap_fetch_uint32_bystring ( db , name , & regval ) ;
2011-10-06 23:07:27 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2015-05-09 23:34:31 +03:00
DEBUG ( 2 , ( " account_policy_get: tdb_fetch_uint32_t failed for type %d (%s), returning 0 \n " , type , name ) ) ;
2002-08-17 21:00:51 +04:00
return False ;
}
2009-07-14 01:42:57 +04:00
2005-12-20 18:10:41 +03:00
if ( value ) {
2005-01-10 21:29:52 +03:00
* value = regval ;
2005-12-20 18:10:41 +03:00
}
2005-01-10 21:29:52 +03:00
2005-09-30 21:13:37 +04:00
DEBUG ( 10 , ( " account_policy_get: name: %s, val: %d \n " , name , regval ) ) ;
2001-12-03 20:14:23 +03:00
return True ;
}
/****************************************************************************
2009-07-14 01:42:57 +04:00
Set an account policy ( in tdb )
2001-12-03 20:14:23 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-09-30 21:13:37 +04:00
2009-07-14 01:53:49 +04:00
bool account_policy_set ( enum pdb_policy_type type , uint32_t value )
2001-12-03 20:14:23 +03:00
{
2006-09-10 02:27:06 +04:00
const char * name ;
2008-03-28 14:09:56 +03:00
NTSTATUS status ;
2001-12-03 20:14:23 +03:00
2005-12-20 18:10:41 +03:00
if ( ! init_account_policy ( ) ) {
2005-09-30 21:13:37 +04:00
return False ;
2005-12-20 18:10:41 +03:00
}
2001-12-04 09:20:39 +03:00
2009-07-14 01:53:49 +04:00
name = decode_account_policy_name ( type ) ;
2006-09-10 02:27:06 +04:00
if ( name = = NULL ) {
2009-07-14 01:53:49 +04:00
DEBUG ( 1 , ( " Field %d is not a valid account policy type! Cannot set. \n " , type ) ) ;
2001-12-03 20:14:23 +03:00
return False ;
2002-08-17 21:00:51 +04:00
}
2012-06-15 11:51:21 +04:00
status = dbwrap_trans_store_uint32_bystring ( db , name , value ) ;
2008-03-28 14:09:56 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2015-05-09 23:34:31 +03:00
DEBUG ( 1 , ( " store_uint32_t failed for type %d (%s) on value "
2009-07-14 01:53:49 +04:00
" %u: %s \n " , type , name , value , nt_errstr ( status ) ) ) ;
2002-08-17 21:00:51 +04:00
return False ;
}
2005-09-30 21:13:37 +04:00
DEBUG ( 10 , ( " account_policy_set: name: %s, value: %d \n " , name , value ) ) ;
2009-07-14 01:42:57 +04:00
2001-12-03 20:14:23 +03:00
return True ;
}
2005-01-13 21:20:37 +03:00
2005-09-30 21:13:37 +04:00
/****************************************************************************
2009-07-14 01:42:57 +04:00
Set an account policy in the cache
2005-09-30 21:13:37 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-07-14 01:53:49 +04:00
bool cache_account_policy_set ( enum pdb_policy_type type , uint32_t value )
2005-09-30 21:13:37 +04:00
{
const char * policy_name = NULL ;
2006-09-10 02:27:06 +04:00
char * cache_key = NULL ;
char * cache_value = NULL ;
2007-10-19 04:40:25 +04:00
bool ret = False ;
2005-09-30 21:13:37 +04:00
2009-07-14 01:53:49 +04:00
policy_name = decode_account_policy_name ( type ) ;
2005-09-30 21:13:37 +04:00
if ( policy_name = = NULL ) {
DEBUG ( 0 , ( " cache_account_policy_set: no policy found \n " ) ) ;
return False ;
}
2006-09-10 02:27:06 +04:00
if ( asprintf ( & cache_key , " ACCT_POL/%s " , policy_name ) < 0 ) {
DEBUG ( 0 , ( " asprintf failed \n " ) ) ;
goto done ;
2005-12-20 18:10:41 +03:00
}
2006-09-10 02:27:06 +04:00
if ( asprintf ( & cache_value , " %lu \n " , ( unsigned long ) value ) < 0 ) {
DEBUG ( 0 , ( " asprintf failed \n " ) ) ;
goto done ;
2005-12-20 18:10:41 +03:00
}
2006-09-10 02:27:06 +04:00
DEBUG ( 10 , ( " cache_account_policy_set: updating account pol cache \n " ) ) ;
2005-12-20 18:10:41 +03:00
2006-09-10 02:27:06 +04:00
ret = gencache_set ( cache_key , cache_value , time ( NULL ) + AP_TTL ) ;
2005-12-20 18:10:41 +03:00
2006-09-10 02:27:06 +04:00
done :
SAFE_FREE ( cache_key ) ;
SAFE_FREE ( cache_value ) ;
return ret ;
2005-12-20 18:10:41 +03:00
}
2005-09-30 21:13:37 +04:00
/*****************************************************************************
2009-07-14 01:42:57 +04:00
Get an account policy from the cache
2005-09-30 21:13:37 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-07-14 01:53:49 +04:00
bool cache_account_policy_get ( enum pdb_policy_type type , uint32_t * value )
2005-09-30 21:13:37 +04:00
{
2006-09-10 02:27:06 +04:00
const char * policy_name = NULL ;
char * cache_key = NULL ;
char * cache_value = NULL ;
2007-10-19 04:40:25 +04:00
bool ret = False ;
2005-09-30 21:13:37 +04:00
2009-07-14 01:53:49 +04:00
policy_name = decode_account_policy_name ( type ) ;
2006-09-10 02:27:06 +04:00
if ( policy_name = = NULL ) {
DEBUG ( 0 , ( " cache_account_policy_set: no policy found \n " ) ) ;
2005-09-30 21:13:37 +04:00
return False ;
}
2006-09-10 02:27:06 +04:00
if ( asprintf ( & cache_key , " ACCT_POL/%s " , policy_name ) < 0 ) {
DEBUG ( 0 , ( " asprintf failed \n " ) ) ;
goto done ;
}
2005-09-30 21:13:37 +04:00
2013-09-04 10:57:59 +04:00
if ( gencache_get ( cache_key , talloc_tos ( ) , & cache_value , NULL ) ) {
2015-05-09 23:34:31 +03:00
uint32_t tmp = strtoul ( cache_value , NULL , 10 ) ;
2006-09-10 02:27:06 +04:00
* value = tmp ;
ret = True ;
}
2005-09-30 21:13:37 +04:00
2006-09-10 02:27:06 +04:00
done :
SAFE_FREE ( cache_key ) ;
2013-09-04 10:57:59 +04:00
TALLOC_FREE ( cache_value ) ;
2006-09-10 02:27:06 +04:00
return ret ;
}
2005-09-30 21:13:37 +04:00
2005-01-13 21:20:37 +03:00
/****************************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-03-28 14:09:56 +03:00
struct db_context * get_account_pol_db ( void )
2005-01-13 21:20:37 +03:00
{
2008-07-10 13:11:53 +04:00
if ( db = = NULL ) {
2005-12-20 18:10:41 +03:00
if ( ! init_account_policy ( ) ) {
2005-01-13 21:20:37 +03:00
return NULL ;
2005-12-20 18:10:41 +03:00
}
2005-01-13 21:20:37 +03:00
}
2008-03-28 14:09:56 +03:00
return db ;
2005-01-13 21:20:37 +03:00
}