sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-07-29 15:42:04 +03:00
Code Activity

s3-account_policy: add pdb_policy_type enum.

Browse Source 
Guenther
This commit is contained in:
Günther Deschner
2009-07-13 23:53:49 +02:00
parent 39fa9468c6
commit 9f15ef11bd
16 changed files with 179 additions and 166 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
source3/include/passdb.h
View File

@ -205,6 +205,22 @@ struct pdb_domain_info {
struct GUID guid;
};
/*
* Types of account policy.
*/
enum pdb_policy_type {
PDB_POLICY_MIN_PASSWORD_LEN = 1,
PDB_POLICY_PASSWORD_HISTORY = 2,
PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS = 3,
PDB_POLICY_MAX_PASSWORD_AGE = 4,
PDB_POLICY_MIN_PASSWORD_AGE = 5,
PDB_POLICY_LOCK_ACCOUNT_DURATION = 6,
PDB_POLICY_RESET_COUNT_TIME = 7,
PDB_POLICY_BAD_ATTEMPT_LOCKOUT = 8,
PDB_POLICY_TIME_TO_LOGOUT = 9,
PDB_POLICY_REFUSE_MACHINE_PW_CHANGE = 10
};
#define PDB_CAP_STORE_RIDS 0x0001
#define PDB_CAP_ADS 0x0002
@ -351,10 +367,12 @@ struct pdb_methods
enum lsa_SidType *attrs);
NTSTATUS (*get_account_policy)(struct pdb_methods *methods,
int policy_index, uint32 *value);
enum pdb_policy_type type,
uint32_t *value);
NTSTATUS (*set_account_policy)(struct pdb_methods *methods,
int policy_index, uint32 value);
enum pdb_policy_type type,
uint32_t value);
NTSTATUS (*get_seq_num)(struct pdb_methods *methods, time_t *seq_num);

22
source3/include/proto.h
View File

@ -290,16 +290,16 @@ bool check_access(int sock, const char **allow_list, const char **deny_list);
/* The following definitions come from lib/account_pol.c */
void account_policy_names_list(const char ***names, int *num_names);
const char *decode_account_policy_name(int field);
const char *get_account_policy_attr(int field);
const char *account_policy_get_desc(int field);
int account_policy_name_to_fieldnum(const char *name);
bool account_policy_get_default(int account_policy, uint32 *val);
const char *decode_account_policy_name(enum pdb_policy_type type);
const char *get_account_policy_attr(enum pdb_policy_type type);
const char *account_policy_get_desc(enum pdb_policy_type type);
enum pdb_policy_type account_policy_name_to_typenum(const char *name);
bool account_policy_get_default(enum pdb_policy_type type, uint32_t *val);
bool init_account_policy(void);
bool account_policy_get(int field, uint32 *value);
bool account_policy_set(int field, uint32 value);
bool cache_account_policy_set(int field, uint32 value);
bool cache_account_policy_get(int field, uint32 *value);
bool account_policy_get(enum pdb_policy_type type, uint32_t *value);
bool account_policy_set(enum pdb_policy_type type, uint32_t value);
bool cache_account_policy_set(enum pdb_policy_type type, uint32_t value);
bool cache_account_policy_get(enum pdb_policy_type type, uint32_t *value);
struct db_context *get_account_pol_db( void );
/* The following definitions come from lib/adt_tree.c */
@ -4595,8 +4595,8 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
const char **names,
uint32 *rids,
enum lsa_SidType *attrs);
bool pdb_get_account_policy(int policy_index, uint32 *value);
bool pdb_set_account_policy(int policy_index, uint32 value);
bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value);
bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value);
bool pdb_get_seq_num(time_t *seq_num);
bool pdb_uid_to_rid(uid_t uid, uint32 *rid);
bool pdb_uid_to_sid(uid_t uid, DOM_SID *sid);

14
source3/include/smb.h
View File

@ -833,20 +833,6 @@ struct pipe_open_rec {
#define PW_HISTORY_ENTRY_LEN (PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN)
#define MAX_PW_HISTORY_LEN 24
/*
* Flags for account policy.
*/
#define AP_MIN_PASSWORD_LEN 1
#define AP_PASSWORD_HISTORY 2
#define AP_USER_MUST_LOGON_TO_CHG_PASS 3
#define AP_MAX_PASSWORD_AGE 4
#define AP_MIN_PASSWORD_AGE 5
#define AP_LOCK_ACCOUNT_DURATION 6
#define AP_RESET_COUNT_TIME 7
#define AP_BAD_ATTEMPT_LOCKOUT 8
#define AP_TIME_TO_LOGOUT 9
#define AP_REFUSE_MACHINE_PW_CHANGE 10
/*
* Flags for local user manipulation.
*/

88
source3/lib/account_pol.c
View File

@ -31,7 +31,7 @@ static struct db_context *db;
struct ap_table {
int field;
enum pdb_policy_type type;
const char *string;
uint32 default_val;
const char *description;
@ -39,43 +39,43 @@ struct ap_table {
};
static const struct ap_table account_policy_names[] = {
{AP_MIN_PASSWORD_LEN, "min password length", MINPASSWDLENGTH,
{PDB_POLICY_MIN_PASSWORD_LEN, "min password length", MINPASSWDLENGTH,
"Minimal password length (default: 5)",
"sambaMinPwdLength" },
{AP_PASSWORD_HISTORY, "password history", 0,
{PDB_POLICY_PASSWORD_HISTORY, "password history", 0,
"Length of Password History Entries (default: 0 => off)",
"sambaPwdHistoryLength" },
{AP_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password", 0,
{PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password", 0,
"Force Users to logon for password change (default: 0 => off, 2 => on)",
"sambaLogonToChgPwd" },
{AP_MAX_PASSWORD_AGE, "maximum password age", (uint32) -1,
{PDB_POLICY_MAX_PASSWORD_AGE, "maximum password age", (uint32) -1,
"Maximum password age, in seconds (default: -1 => never expire passwords)",
"sambaMaxPwdAge" },
{AP_MIN_PASSWORD_AGE,"minimum password age", 0,
{PDB_POLICY_MIN_PASSWORD_AGE,"minimum password age", 0,
"Minimal password age, in seconds (default: 0 => allow immediate password change)",
"sambaMinPwdAge" },
{AP_LOCK_ACCOUNT_DURATION, "lockout duration", 30,
{PDB_POLICY_LOCK_ACCOUNT_DURATION, "lockout duration", 30,
"Lockout duration in minutes (default: 30, -1 => forever)",
"sambaLockoutDuration" },
{AP_RESET_COUNT_TIME, "reset count minutes", 30,
{PDB_POLICY_RESET_COUNT_TIME, "reset count minutes", 30,
"Reset time after lockout in minutes (default: 30)",
"sambaLockoutObservationWindow" },
{AP_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt", 0,
{PDB_POLICY_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt", 0,
"Lockout users after bad logon attempts (default: 0 => off)",
"sambaLockoutThreshold" },
{AP_TIME_TO_LOGOUT, "disconnect time", (uint32) -1,
{PDB_POLICY_TIME_TO_LOGOUT, "disconnect time", (uint32) -1,
"Disconnect Users outside logon hours (default: -1 => off, 0 => on)",
"sambaForceLogoff" },
{AP_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change", 0,
{PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change", 0,
"Allow Machine Password changes (default: 0 => off)",
"sambaRefuseMachinePwdChange" },
@ -106,11 +106,11 @@ void account_policy_names_list(const char ***names, int *num_names)
Get the account policy name as a string from its #define'ed number
****************************************************************************/
const char *decode_account_policy_name(int field)
const char *decode_account_policy_name(enum pdb_policy_type type)
{
int i;
for (i=0; account_policy_names[i].string; i++) {
if (field == account_policy_names[i].field) {
if (type == account_policy_names[i].type) {
return account_policy_names[i].string;
}
}
@ -121,11 +121,11 @@ const char *decode_account_policy_name(int field)
Get the account policy LDAP attribute as a string from its #define'ed number
****************************************************************************/
const char *get_account_policy_attr(int field)
const char *get_account_policy_attr(enum pdb_policy_type type)
{
int i;
for (i=0; account_policy_names[i].field; i++) {
if (field == account_policy_names[i].field) {
for (i=0; account_policy_names[i].type; i++) {
if (type == account_policy_names[i].type) {
return account_policy_names[i].ldap_attr;
}
}
@ -136,11 +136,11 @@ const char *get_account_policy_attr(int field)
Get the account policy description as a string from its #define'ed number
****************************************************************************/
const char *account_policy_get_desc(int field)
const char *account_policy_get_desc(enum pdb_policy_type type)
{
int i;
for (i=0; account_policy_names[i].string; i++) {
if (field == account_policy_names[i].field) {
if (type == account_policy_names[i].type) {
return account_policy_names[i].description;
}
}
@ -151,12 +151,12 @@ const char *account_policy_get_desc(int field)
Get the account policy name as a string from its #define'ed number
****************************************************************************/
int account_policy_name_to_fieldnum(const char *name)
enum pdb_policy_type account_policy_name_to_typenum(const char *name)
{
int i;
for (i=0; account_policy_names[i].string; i++) {
if (strcmp(name, account_policy_names[i].string) == 0) {
return account_policy_names[i].field;
return account_policy_names[i].type;
}
}
return 0;
@ -166,35 +166,35 @@ int account_policy_name_to_fieldnum(const char *name)
Get default value for account policy
*****************************************************************************/
bool account_policy_get_default(int account_policy, uint32 *val)
bool account_policy_get_default(enum pdb_policy_type type, uint32_t *val)
{
int i;
for (i=0; account_policy_names[i].field; i++) {
if (account_policy_names[i].field == account_policy) {
for (i=0; account_policy_names[i].type; i++) {
if (account_policy_names[i].type == type) {
*val = account_policy_names[i].default_val;
return True;
}
}
DEBUG(0,("no default for account_policy index %d found. This should never happen\n",
account_policy));
type));
return False;
}
/*****************************************************************************
Set default for a field if it is empty
Set default for a type if it is empty
*****************************************************************************/
static bool account_policy_set_default_on_empty(int account_policy)
static bool account_policy_set_default_on_empty(enum pdb_policy_type type)
{
uint32 value;
if (!account_policy_get(account_policy, &value) &&
!account_policy_get_default(account_policy, &value)) {
if (!account_policy_get(type, &value) &&
!account_policy_get_default(type, &value)) {
return False;
}
return account_policy_set(account_policy, value);
return account_policy_set(type, value);
}
/*****************************************************************************
@ -255,9 +255,9 @@ bool init_account_policy(void)
goto cancel;
}
for (i=0; account_policy_names[i].field; i++) {
for (i=0; account_policy_names[i].type; i++) {
if (!account_policy_set_default_on_empty(account_policy_names[i].field)) {
if (!account_policy_set_default_on_empty(account_policy_names[i].type)) {
DEBUG(0,("failed to set default value in account policy tdb\n"));
goto cancel;
}
@ -302,7 +302,7 @@ bool init_account_policy(void)
Get an account policy (from tdb)
*****************************************************************************/
bool account_policy_get(int field, uint32 *value)
bool account_policy_get(enum pdb_policy_type type, uint32_t *value)
{
const char *name;
uint32 regval;
@ -315,14 +315,14 @@ bool account_policy_get(int field, uint32 *value)
*value = 0;
}
name = decode_account_policy_name(field);
name = decode_account_policy_name(type);
if (name == NULL) {
DEBUG(1, ("account_policy_get: Field %d is not a valid account policy type! Cannot get, returning 0.\n", field));
DEBUG(1, ("account_policy_get: Field %d is not a valid account policy type! Cannot get, returning 0.\n", type));
return False;
}
if (!dbwrap_fetch_uint32(db, name, &regval)) {
DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for field %d (%s), returning 0\n", field, name));
DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for type %d (%s), returning 0\n", type, name));
return False;
}
@ -339,7 +339,7 @@ bool account_policy_get(int field, uint32 *value)
Set an account policy (in tdb)
****************************************************************************/
bool account_policy_set(int field, uint32 value)
bool account_policy_set(enum pdb_policy_type type, uint32_t value)
{
const char *name;
NTSTATUS status;
@ -348,16 +348,16 @@ bool account_policy_set(int field, uint32 value)
return False;
}
name = decode_account_policy_name(field);
name = decode_account_policy_name(type);
if (name == NULL) {
DEBUG(1, ("Field %d is not a valid account policy type! Cannot set.\n", field));
DEBUG(1, ("Field %d is not a valid account policy type! Cannot set.\n", type));
return False;
}
status = dbwrap_trans_store_uint32(db, name, value);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("store_uint32 failed for field %d (%s) on value "
"%u: %s\n", field, name, value, nt_errstr(status)));
DEBUG(1, ("store_uint32 failed for type %d (%s) on value "
"%u: %s\n", type, name, value, nt_errstr(status)));
return False;
}
@ -370,14 +370,14 @@ bool account_policy_set(int field, uint32 value)
Set an account policy in the cache
****************************************************************************/
bool cache_account_policy_set(int field, uint32 value)
bool cache_account_policy_set(enum pdb_policy_type type, uint32_t value)
{
const char *policy_name = NULL;
char *cache_key = NULL;
char *cache_value = NULL;
bool ret = False;
policy_name = decode_account_policy_name(field);
policy_name = decode_account_policy_name(type);
if (policy_name == NULL) {
DEBUG(0,("cache_account_policy_set: no policy found\n"));
return False;
@ -407,14 +407,14 @@ bool cache_account_policy_set(int field, uint32 value)
Get an account policy from the cache
*****************************************************************************/
bool cache_account_policy_get(int field, uint32 *value)
bool cache_account_policy_get(enum pdb_policy_type type, uint32_t *value)
{
const char *policy_name = NULL;
char *cache_key = NULL;
char *cache_value = NULL;
bool ret = False;
policy_name = decode_account_policy_name(field);
policy_name = decode_account_policy_name(type);
if (policy_name == NULL) {
DEBUG(0,("cache_account_policy_set: no policy found\n"));
return False;

23
source3/libnet/libnet_samsync_passdb.c
View File

@ -676,21 +676,24 @@ static NTSTATUS fetch_domain_info(TALLOC_CTX *mem_ctx,
}
if (!pdb_set_account_policy(AP_PASSWORD_HISTORY,
if (!pdb_set_account_policy(PDB_POLICY_PASSWORD_HISTORY,
r->password_history_length))
return nt_status;
if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN,
if (!pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
r->min_password_length))
return nt_status;
if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age))
if (!pdb_set_account_policy(PDB_POLICY_MAX_PASSWORD_AGE,
(uint32)u_max_age))
return nt_status;
if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age))
if (!pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_AGE,
(uint32)u_min_age))
return nt_status;
if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout))
if (!pdb_set_account_policy(PDB_POLICY_TIME_TO_LOGOUT,
(uint32)u_logout))
return nt_status;
if (lockstr) {
@ -699,21 +702,23 @@ static NTSTATUS fetch_domain_info(TALLOC_CTX *mem_ctx,
u_lockoutreset = uint64s_nt_time_to_unix_abs(&lockstr->reset_count);
u_lockouttime = uint64s_nt_time_to_unix_abs((uint64_t *)&lockstr->lockout_duration);
if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT,
if (!pdb_set_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT,
lockstr->bad_attempt_lockout))
return nt_status;
if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32_t)u_lockoutreset/60))
if (!pdb_set_account_policy(PDB_POLICY_RESET_COUNT_TIME,
(uint32_t)u_lockoutreset/60))
return nt_status;
if (u_lockouttime != -1)
u_lockouttime /= 60;
if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32_t)u_lockouttime))
if (!pdb_set_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION,
(uint32_t)u_lockouttime))
return nt_status;
}
if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
if (!pdb_set_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
r->logon_to_chgpass))
return nt_status;

16
source3/passdb/passdb.c
View File

@ -1439,7 +1439,7 @@ static bool init_samu_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 bu
}
/* Change from V1 is addition of password history field. */
pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen) {
uint8 *pw_hist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN);
if (!pw_hist) {
@ -1674,7 +1674,7 @@ static bool init_samu_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 bu
}
}
pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen) {
uint8 *pw_hist = (uint8 *)SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
if (!pw_hist) {
@ -1879,7 +1879,7 @@ static uint32 init_buffer_from_samu_v3 (uint8 **buf, struct samu *sampass, bool
nt_pw_len = 0;
}
pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
nt_pw_hist = pdb_get_pw_history(sampass, &nt_pw_hist_len);
if (pwHistLen && nt_pw_hist && nt_pw_hist_len) {
nt_pw_hist_len *= PW_HISTORY_ENTRY_LEN;
@ -2085,7 +2085,7 @@ bool pdb_copy_sam_account(struct samu *dst, struct samu *src )
}
/*********************************************************************
Update the bad password count checking the AP_RESET_COUNT_TIME
Update the bad password count checking the PDB_POLICY_RESET_COUNT_TIME
*********************************************************************/
bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
@ -2102,7 +2102,7 @@ bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
}
become_root();
res = pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime);
res = pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &resettime);
unbecome_root();
if (!res) {
@ -2131,7 +2131,7 @@ bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
}
/*********************************************************************
Update the ACB_AUTOLOCK flag checking the AP_LOCK_ACCOUNT_DURATION
Update the ACB_AUTOLOCK flag checking the PDB_POLICY_LOCK_ACCOUNT_DURATION
*********************************************************************/
bool pdb_update_autolock_flag(struct samu *sampass, bool *updated)
@ -2147,7 +2147,7 @@ bool pdb_update_autolock_flag(struct samu *sampass, bool *updated)
}
become_root();
res = pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration);
res = pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, &duration);
unbecome_root();
if (!res) {
@ -2199,7 +2199,7 @@ bool pdb_increment_bad_password_count(struct samu *sampass)
/* Retrieve the account lockout policy */
become_root();
ret = pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout);
ret = pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout);
unbecome_root();
if ( !ret ) {
DEBUG(0, ("pdb_increment_bad_password_count: pdb_get_account_policy failed.\n"));

10
source3/passdb/pdb_ads.c
View File

@ -1706,16 +1706,18 @@ static NTSTATUS pdb_ads_lookup_names(struct pdb_methods *m,
}
static NTSTATUS pdb_ads_get_account_policy(struct pdb_methods *m,
int policy_index, uint32 *value)
enum pdb_policy_type type,
uint32_t *value)
{
return account_policy_get(policy_index, value)
return account_policy_get(type, value)
? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS pdb_ads_set_account_policy(struct pdb_methods *m,
int policy_index, uint32 value)
enum pdb_policy_type type,
uint32_t value)
{
return account_policy_set(policy_index, value)
return account_policy_set(type, value)
? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}

6
source3/passdb/pdb_get_set.c
View File

@ -88,7 +88,7 @@ time_t pdb_get_pass_can_change_time(const struct samu *sampass)
pdb_get_init_flags(sampass, PDB_CANCHANGETIME) == PDB_CHANGED)
return sampass->pass_can_change_time;
if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow))
if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &allow))
allow = 0;
/* in normal cases, just calculate it from policy */
@ -112,7 +112,7 @@ time_t pdb_get_pass_must_change_time(const struct samu *sampass)
if (sampass->acct_ctrl & ACB_PWNOEXP)
return get_time_t_max();
if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire)
|| expire == (uint32)-1 || expire == 0)
return get_time_t_max();
@ -1013,7 +1013,7 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
uchar *pwhistory;
uint32 pwHistLen;
pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen != 0){
uint32 current_history_len;
/* We need to make sure we don't have a race condition here - the

16
source3/passdb/pdb_interface.c
View File

@ -994,25 +994,25 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
}
#endif
bool pdb_get_account_policy(int policy_index, uint32 *value)
bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value)
{
struct pdb_methods *pdb = pdb_get_methods();
NTSTATUS status;
become_root();
status = pdb->get_account_policy(pdb, policy_index, value);
status = pdb->get_account_policy(pdb, type, value);
unbecome_root();
return NT_STATUS_IS_OK(status);
}
bool pdb_set_account_policy(int policy_index, uint32 value)
bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value)
{
struct pdb_methods *pdb = pdb_get_methods();
NTSTATUS status;
become_root();
status = pdb->set_account_policy(pdb, policy_index, value);
status = pdb->set_account_policy(pdb, type, value);
unbecome_root();
return NT_STATUS_IS_OK(status);
@ -1174,14 +1174,14 @@ static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods,
return NT_STATUS_OK;
}
static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value)
{
return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
return account_policy_get(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value)
static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value)
{
return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
return account_policy_set(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num)

40
source3/passdb/pdb_ldap.c
View File

@ -902,7 +902,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
pwHistLen = 0;
pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen > 0){
uint8 *pwhist = NULL;
int i;
@ -1327,7 +1327,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
if (need_update(sampass, PDB_PWHISTORY)) {
char *pwstr = NULL;
uint32 pwHistLen = 0;
pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
pwstr = SMB_MALLOC_ARRAY(char, 1024);
if (!pwstr) {
@ -1404,7 +1404,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
uint16 badcount = pdb_get_bad_password_count(sampass);
time_t badtime = pdb_get_bad_password_time(sampass);
uint32 pol;
pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &pol);
pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &pol);
DEBUG(3, ("updating bad password fields, policy=%u, count=%u, time=%u\n",
(unsigned int)pol, (unsigned int)badcount, (unsigned int)badtime));
@ -3762,7 +3762,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
}
static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
int policy_index,
enum pdb_policy_type type,
uint32 value)
{
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
@ -3780,7 +3780,7 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
return NT_STATUS_INVALID_PARAMETER;
}
policy_attr = get_account_policy_attr(policy_index);
policy_attr = get_account_policy_attr(type);
if (policy_attr == NULL) {
DEBUG(0,("ldapsam_set_account_policy_in_ldap: invalid "
"policy\n"));
@ -3800,7 +3800,7 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
return ntstatus;
}
if (!cache_account_policy_set(policy_index, value)) {
if (!cache_account_policy_set(type, value)) {
DEBUG(0,("ldapsam_set_account_policy_in_ldap: failed to "
"update local tdb cache\n"));
return ntstatus;
@ -3810,14 +3810,15 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
}
static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods,
int policy_index, uint32 value)
enum pdb_policy_type type,
uint32_t value)
{
return ldapsam_set_account_policy_in_ldap(methods, policy_index,
return ldapsam_set_account_policy_in_ldap(methods, type,
value);
}
static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods,
int policy_index,
enum pdb_policy_type type,
uint32 *value)
{
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
@ -3839,10 +3840,10 @@ static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods
return NT_STATUS_INVALID_PARAMETER;
}
policy_attr = get_account_policy_attr(policy_index);
policy_attr = get_account_policy_attr(type);
if (!policy_attr) {
DEBUG(0,("ldapsam_get_account_policy_from_ldap: invalid "
"policy index: %d\n", policy_index));
"policy index: %d\n", type));
return ntstatus;
}
@ -3896,17 +3897,18 @@ out:
Guenther
*/
static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods,
int policy_index, uint32 *value)
enum pdb_policy_type type,
uint32_t *value)
{
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
if (cache_account_policy_get(policy_index, value)) {
if (cache_account_policy_get(type, value)) {
DEBUG(11,("ldapsam_get_account_policy: got valid value from "
"cache\n"));
return NT_STATUS_OK;
}
ntstatus = ldapsam_get_account_policy_from_ldap(methods, policy_index,
ntstatus = ldapsam_get_account_policy_from_ldap(methods, type,
value);
if (NT_STATUS_IS_OK(ntstatus)) {
goto update_cache;
@ -3917,27 +3919,27 @@ static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods,
#if 0
/* should we automagically migrate old tdb value here ? */
if (account_policy_get(policy_index, value))
if (account_policy_get(type, value))
goto update_ldap;
DEBUG(10,("ldapsam_get_account_policy: no tdb for %d, trying "
"default\n", policy_index));
"default\n", type));
#endif
if (!account_policy_get_default(policy_index, value)) {
if (!account_policy_get_default(type, value)) {
return ntstatus;
}
/* update_ldap: */
ntstatus = ldapsam_set_account_policy(methods, policy_index, *value);
ntstatus = ldapsam_set_account_policy(methods, type, *value);
if (!NT_STATUS_IS_OK(ntstatus)) {
return ntstatus;
}
update_cache:
if (!cache_account_policy_set(policy_index, *value)) {
if (!cache_account_policy_set(type, *value)) {
DEBUG(0,("ldapsam_get_account_policy: failed to update local "
"tdb as a cache\n"));
return NT_STATUS_UNSUCCESSFUL;

2
source3/registry/reg_backend_netlogon_params.c
View File

@ -35,7 +35,7 @@ static int netlogon_params_fetch_values(const char *key, struct regval_ctr *regv
{
uint32 dwValue;
if (!pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, &dwValue)) {
if (!pdb_get_account_policy(PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, &dwValue)) {
dwValue = 0;
}

62
source3/rpc_server/srv_samr_nt.c
View File

@ -639,9 +639,9 @@ NTSTATUS _samr_GetUserPwInfo(pipes_struct *p,
switch (sid_type) {
case SID_NAME_USER:
become_root();
pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
&min_password_length);
pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
&password_properties);
unbecome_root();
@ -2079,19 +2079,19 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
/* AS ROOT !!! */
pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &tmp);
pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &tmp);
dominfo->min_password_length = tmp;
pdb_get_account_policy(AP_PASSWORD_HISTORY, &tmp);
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &tmp);
dominfo->password_history_length = tmp;
pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
&dominfo->password_properties);
pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp);
pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &account_policy_temp);
u_expire = account_policy_temp;
pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp);
pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &account_policy_temp);
u_min_age = account_policy_temp;
/* !AS ROOT */
@ -3305,19 +3305,19 @@ static NTSTATUS query_dom_info_1(TALLOC_CTX *mem_ctx,
/* AS ROOT !!! */
pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp);
pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &account_policy_temp);
r->min_password_length = account_policy_temp;
pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp);
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &account_policy_temp);
r->password_history_length = account_policy_temp;
pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
&r->password_properties);
pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp);
pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &account_policy_temp);
u_expire = account_policy_temp;
pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp);
pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &account_policy_temp);
u_min_age = account_policy_temp;
/* !AS ROOT */
@ -3352,7 +3352,7 @@ static NTSTATUS query_dom_info_2(TALLOC_CTX *mem_ctx,
r->num_groups = count_sam_groups(dinfo->disp_info);
r->num_aliases = count_sam_aliases(dinfo->disp_info);
pdb_get_account_policy(AP_TIME_TO_LOGOUT, &u_logout);
pdb_get_account_policy(PDB_POLICY_TIME_TO_LOGOUT, &u_logout);
unix_to_nt_time_abs(&r->force_logoff_time, u_logout);
@ -3389,7 +3389,7 @@ static NTSTATUS query_dom_info_3(TALLOC_CTX *mem_ctx,
{
uint32_t ul;
pdb_get_account_policy(AP_TIME_TO_LOGOUT, &ul);
pdb_get_account_policy(PDB_POLICY_TIME_TO_LOGOUT, &ul);
u_logout = (time_t)ul;
}
@ -3506,16 +3506,16 @@ static NTSTATUS query_dom_info_11(TALLOC_CTX *mem_ctx,
become_root();
pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, &account_policy_temp);
u_lock_duration = account_policy_temp;
if (u_lock_duration != -1) {
u_lock_duration *= 60;
}
pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp);
pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &account_policy_temp);
u_reset_time = account_policy_temp * 60;
pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
r->lockout_threshold = account_policy_temp;
/* !AS ROOT */
@ -3541,16 +3541,16 @@ static NTSTATUS query_dom_info_12(TALLOC_CTX *mem_ctx,
/* AS ROOT !!! */
pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, &account_policy_temp);
u_lock_duration = account_policy_temp;
if (u_lock_duration != -1) {
u_lock_duration *= 60;
}
pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp);
pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &account_policy_temp);
u_reset_time = account_policy_temp * 60;
pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
r->lockout_threshold = account_policy_temp;
/* !AS ROOT */
@ -6205,9 +6205,9 @@ NTSTATUS _samr_GetDomPwInfo(pipes_struct *p,
}
become_root();
pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
&min_password_length);
pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
&password_properties);
unbecome_root();
@ -6376,14 +6376,14 @@ static NTSTATUS set_dom_info_1(TALLOC_CTX *mem_ctx,
u_expire = nt_time_to_unix_abs((NTTIME *)&r->max_password_age);
u_min_age = nt_time_to_unix_abs((NTTIME *)&r->min_password_age);
pdb_set_account_policy(AP_MIN_PASSWORD_LEN,
pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
(uint32_t)r->min_password_length);
pdb_set_account_policy(AP_PASSWORD_HISTORY,
pdb_set_account_policy(PDB_POLICY_PASSWORD_HISTORY,
(uint32_t)r->password_history_length);
pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
pdb_set_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
(uint32_t)r->password_properties);
pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (int)u_expire);
pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (int)u_min_age);
pdb_set_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, (int)u_expire);
pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, (int)u_min_age);
return NT_STATUS_OK;
}
@ -6398,7 +6398,7 @@ static NTSTATUS set_dom_info_3(TALLOC_CTX *mem_ctx,
u_logout = nt_time_to_unix_abs((NTTIME *)&r->force_logoff_time);
pdb_set_account_policy(AP_TIME_TO_LOGOUT, (int)u_logout);
pdb_set_account_policy(PDB_POLICY_TIME_TO_LOGOUT, (int)u_logout);
return NT_STATUS_OK;
}
@ -6418,9 +6418,9 @@ static NTSTATUS set_dom_info_12(TALLOC_CTX *mem_ctx,
u_reset_time = nt_time_to_unix_abs((NTTIME *)&r->lockout_window)/60;
pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
pdb_set_account_policy(AP_RESET_COUNT_TIME, (int)u_reset_time);
pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT,
pdb_set_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
pdb_set_account_policy(PDB_POLICY_RESET_COUNT_TIME, (int)u_reset_time);
pdb_set_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT,
(uint32_t)r->lockout_threshold);
return NT_STATUS_OK;

2
source3/rpc_server/srv_samr_util.c
View File

@ -619,7 +619,7 @@ void copy_id21_to_sam_passwd(const char *log_prefix,
uint32_t pwd_max_age = 0;
time_t now = time(NULL);
pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &pwd_max_age);
pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &pwd_max_age);
if (pwd_max_age == (uint32_t)-1 || pwd_max_age == 0) {
pwd_max_age = get_time_t_max();

6
source3/smbd/chgpasswd.c
View File

@ -1024,7 +1024,7 @@ static bool check_passwd_history(struct samu *sampass, const char *plaintext)
int i;
uint32 pwHisLen, curr_pwHisLen;
pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHisLen);
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHisLen);
if (pwHisLen == 0) {
return False;
}
@ -1107,7 +1107,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
* denies machines to change the password. *
* Should we deny also SRVTRUST and/or DOMSTRUST ? .SSS. */
if (pdb_get_acct_ctrl(hnd) & ACB_WSTRUST) {
if (pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, &refuse) && refuse) {
if (pdb_get_account_policy(PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, &refuse) && refuse) {
DEBUG(1, ("Machine %s cannot change password now, "
"denied by Refuse Machine Password Change policy\n",
username));
@ -1130,7 +1130,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
return NT_STATUS_ACCOUNT_RESTRICTION;
}
if (pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) {
if (pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) {
DEBUG(1, ("user %s cannot change password - password too short\n",
username));
DEBUGADD(1, (" account policy min password len = %d\n", min_len));

6
source3/torture/pdbtest.c
View File

@ -288,7 +288,7 @@ int main(int argc, char **argv)
pdb_set_homedir(out, "\\\\torture\\home", PDB_SET);
pdb_set_logon_script(out, "torture_script.cmd", PDB_SET);
pdb_get_account_policy(AP_PASSWORD_HISTORY, &history);
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &history);
if (history * PW_HISTORY_ENTRY_LEN < NT_HASH_LEN) {
buf = (uint8 *)TALLOC(ctx, NT_HASH_LEN);
} else {
@ -311,8 +311,8 @@ int main(int argc, char **argv)
}
pdb_set_pw_history(out, buf, history, PDB_SET);
pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire);
pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age);
pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire);
pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &min_age);
pdb_set_pass_last_set_time(out, time(NULL), PDB_SET);
if (expire == 0 || expire == (uint32)-1) {

10
source3/winbindd/winbindd_passdb.c
View File

@ -332,29 +332,29 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
return NT_STATUS_NO_MEMORY;
}
if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
&account_policy_temp)) {
return NT_STATUS_ACCESS_DENIED;
}
p->min_password_length = account_policy_temp;
if (!pdb_get_account_policy(AP_PASSWORD_HISTORY,
if (!pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY,
&account_policy_temp)) {
return NT_STATUS_ACCESS_DENIED;
}
p->password_history_length = account_policy_temp;
if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
if (!pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
&p->password_properties)) {
return NT_STATUS_ACCESS_DENIED;
}
if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) {
if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &account_policy_temp)) {
return NT_STATUS_ACCESS_DENIED;
}
u_expire = account_policy_temp;
if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) {
if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &account_policy_temp)) {
return NT_STATUS_ACCESS_DENIED;
}
u_min_age = account_policy_temp;