s3-account_policy: add pdb_policy_type enum.

Guenther

source3/include/passdb.h

@@ -205,6 +205,22 @@ struct pdb_domain_info {
 	struct GUID guid;
 };
 
+/*
+ * Types of account policy.
+ */
+enum pdb_policy_type {
+	PDB_POLICY_MIN_PASSWORD_LEN = 1,
+	PDB_POLICY_PASSWORD_HISTORY = 2,
+	PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS	= 3,
+	PDB_POLICY_MAX_PASSWORD_AGE = 4,
+	PDB_POLICY_MIN_PASSWORD_AGE = 5,
+	PDB_POLICY_LOCK_ACCOUNT_DURATION = 6,
+	PDB_POLICY_RESET_COUNT_TIME = 7,
+	PDB_POLICY_BAD_ATTEMPT_LOCKOUT = 8,
+	PDB_POLICY_TIME_TO_LOGOUT = 9,
+	PDB_POLICY_REFUSE_MACHINE_PW_CHANGE = 10
+};
+
 #define PDB_CAP_STORE_RIDS	0x0001
 #define PDB_CAP_ADS		0x0002
 
@@ -351,10 +367,12 @@ struct pdb_methods
 				 enum lsa_SidType *attrs);
 
 	NTSTATUS (*get_account_policy)(struct pdb_methods *methods,
-				       int policy_index, uint32 *value);
+				       enum pdb_policy_type type,
+				       uint32_t *value);
 
 	NTSTATUS (*set_account_policy)(struct pdb_methods *methods,
-				       int policy_index, uint32 value);
+				       enum pdb_policy_type type,
+				       uint32_t value);
 
 	NTSTATUS (*get_seq_num)(struct pdb_methods *methods, time_t *seq_num);
 

source3/include/proto.h

@@ -290,16 +290,16 @@ bool check_access(int sock, const char **allow_list, const char **deny_list);
 /* The following definitions come from lib/account_pol.c  */
 
 void account_policy_names_list(const char ***names, int *num_names);
-const char *decode_account_policy_name(int field);
+const char *decode_account_policy_name(enum pdb_policy_type type);
-const char *get_account_policy_attr(int field);
+const char *get_account_policy_attr(enum pdb_policy_type type);
-const char *account_policy_get_desc(int field);
+const char *account_policy_get_desc(enum pdb_policy_type type);
-int account_policy_name_to_fieldnum(const char *name);
+enum pdb_policy_type account_policy_name_to_typenum(const char *name);
-bool account_policy_get_default(int account_policy, uint32 *val);
+bool account_policy_get_default(enum pdb_policy_type type, uint32_t *val);
 bool init_account_policy(void);
-bool account_policy_get(int field, uint32 *value);
+bool account_policy_get(enum pdb_policy_type type, uint32_t *value);
-bool account_policy_set(int field, uint32 value);
+bool account_policy_set(enum pdb_policy_type type, uint32_t value);
-bool cache_account_policy_set(int field, uint32 value);
+bool cache_account_policy_set(enum pdb_policy_type type, uint32_t value);
-bool cache_account_policy_get(int field, uint32 *value);
+bool cache_account_policy_get(enum pdb_policy_type type, uint32_t *value);
 struct db_context *get_account_pol_db( void );
 
 /* The following definitions come from lib/adt_tree.c  */
@@ -4595,8 +4595,8 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
 			  const char **names,
 			  uint32 *rids,
 			  enum lsa_SidType *attrs);
-bool pdb_get_account_policy(int policy_index, uint32 *value);
+bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value);
-bool pdb_set_account_policy(int policy_index, uint32 value);
+bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value);
 bool pdb_get_seq_num(time_t *seq_num);
 bool pdb_uid_to_rid(uid_t uid, uint32 *rid);
 bool pdb_uid_to_sid(uid_t uid, DOM_SID *sid);

source3/include/smb.h

@@ -833,20 +833,6 @@ struct pipe_open_rec {
 #define PW_HISTORY_ENTRY_LEN (PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN)
 #define MAX_PW_HISTORY_LEN 24
 
-/*
- * Flags for account policy.
- */
-#define AP_MIN_PASSWORD_LEN 		1
-#define AP_PASSWORD_HISTORY		2
-#define AP_USER_MUST_LOGON_TO_CHG_PASS	3
-#define AP_MAX_PASSWORD_AGE		4
-#define AP_MIN_PASSWORD_AGE		5
-#define AP_LOCK_ACCOUNT_DURATION	6
-#define AP_RESET_COUNT_TIME		7
-#define AP_BAD_ATTEMPT_LOCKOUT		8
-#define AP_TIME_TO_LOGOUT		9
-#define AP_REFUSE_MACHINE_PW_CHANGE	10
-
 /*
  * Flags for local user manipulation.
  */

source3/lib/account_pol.c

@@ -31,7 +31,7 @@ static struct db_context *db;
 
 
 struct ap_table {
-	int field;
+	enum pdb_policy_type type;
 	const char *string;
 	uint32 default_val;
 	const char *description;
@@ -39,43 +39,43 @@ struct ap_table {
 };
 
 static const struct ap_table account_policy_names[] = {
-	{AP_MIN_PASSWORD_LEN, "min password length", MINPASSWDLENGTH,
+	{PDB_POLICY_MIN_PASSWORD_LEN, "min password length", MINPASSWDLENGTH,
 		"Minimal password length (default: 5)",
 		"sambaMinPwdLength" },
 
-	{AP_PASSWORD_HISTORY, "password history", 0,
+	{PDB_POLICY_PASSWORD_HISTORY, "password history", 0,
 		"Length of Password History Entries (default: 0 => off)",
 		"sambaPwdHistoryLength" },
 
-	{AP_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password", 0,
+	{PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password", 0,
 		"Force Users to logon for password change (default: 0 => off, 2 => on)",
 		"sambaLogonToChgPwd" },
 
-	{AP_MAX_PASSWORD_AGE, "maximum password age", (uint32) -1,
+	{PDB_POLICY_MAX_PASSWORD_AGE, "maximum password age", (uint32) -1,
 		"Maximum password age, in seconds (default: -1 => never expire passwords)",
 		"sambaMaxPwdAge" },
 
-	{AP_MIN_PASSWORD_AGE,"minimum password age", 0,
+	{PDB_POLICY_MIN_PASSWORD_AGE,"minimum password age", 0,
 		"Minimal password age, in seconds (default: 0 => allow immediate password change)",
 		"sambaMinPwdAge" },
 
-	{AP_LOCK_ACCOUNT_DURATION, "lockout duration", 30,
+	{PDB_POLICY_LOCK_ACCOUNT_DURATION, "lockout duration", 30,
 		"Lockout duration in minutes (default: 30, -1 => forever)",
 		"sambaLockoutDuration" },
 
-	{AP_RESET_COUNT_TIME, "reset count minutes", 30,
+	{PDB_POLICY_RESET_COUNT_TIME, "reset count minutes", 30,
 		"Reset time after lockout in minutes (default: 30)",
 		"sambaLockoutObservationWindow" },
 
-	{AP_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt", 0,
+	{PDB_POLICY_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt", 0,
 		"Lockout users after bad logon attempts (default: 0 => off)",
 		"sambaLockoutThreshold" },
 
-	{AP_TIME_TO_LOGOUT, "disconnect time", (uint32) -1,
+	{PDB_POLICY_TIME_TO_LOGOUT, "disconnect time", (uint32) -1,
 		"Disconnect Users outside logon hours (default: -1 => off, 0 => on)",
 		"sambaForceLogoff" },
 
-	{AP_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change", 0,
+	{PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change", 0,
 		"Allow Machine Password changes (default: 0 => off)",
 		"sambaRefuseMachinePwdChange" },
 
@@ -106,11 +106,11 @@ void account_policy_names_list(const char ***names, int *num_names)
 Get the account policy name as a string from its #define'ed number
 ****************************************************************************/
 
-const char *decode_account_policy_name(int field)
+const char *decode_account_policy_name(enum pdb_policy_type type)
 {
 	int i;
 	for (i=0; account_policy_names[i].string; i++) {
-		if (field == account_policy_names[i].field) {
+		if (type == account_policy_names[i].type) {
 			return account_policy_names[i].string;
 		}
 	}
@@ -121,11 +121,11 @@ const char *decode_account_policy_name(int field)
 Get the account policy LDAP attribute as a string from its #define'ed number
 ****************************************************************************/
 
-const char *get_account_policy_attr(int field)
+const char *get_account_policy_attr(enum pdb_policy_type type)
 {
 	int i;
-	for (i=0; account_policy_names[i].field; i++) {
+	for (i=0; account_policy_names[i].type; i++) {
-		if (field == account_policy_names[i].field) {
+		if (type == account_policy_names[i].type) {
 			return account_policy_names[i].ldap_attr;
 		}
 	}
@@ -136,11 +136,11 @@ const char *get_account_policy_attr(int field)
 Get the account policy description as a string from its #define'ed number
 ****************************************************************************/
 
-const char *account_policy_get_desc(int field)
+const char *account_policy_get_desc(enum pdb_policy_type type)
 {
 	int i;
 	for (i=0; account_policy_names[i].string; i++) {
-		if (field == account_policy_names[i].field) {
+		if (type == account_policy_names[i].type) {
 			return account_policy_names[i].description;
 		}
 	}
@@ -151,12 +151,12 @@ const char *account_policy_get_desc(int field)
 Get the account policy name as a string from its #define'ed number
 ****************************************************************************/
 
-int account_policy_name_to_fieldnum(const char *name)
+enum pdb_policy_type account_policy_name_to_typenum(const char *name)
 {
 	int i;
 	for (i=0; account_policy_names[i].string; i++) {
 		if (strcmp(name, account_policy_names[i].string) == 0) {
-			return account_policy_names[i].field;
+			return account_policy_names[i].type;
 		}
 	}
 	return 0;
@@ -166,35 +166,35 @@ int account_policy_name_to_fieldnum(const char *name)
 Get default value for account policy
 *****************************************************************************/
 
-bool account_policy_get_default(int account_policy, uint32 *val)
+bool account_policy_get_default(enum pdb_policy_type type, uint32_t *val)
 {
 	int i;
-	for (i=0; account_policy_names[i].field; i++) {
+	for (i=0; account_policy_names[i].type; i++) {
-		if (account_policy_names[i].field == account_policy) {
+		if (account_policy_names[i].type == type) {
 			*val = account_policy_names[i].default_val;
 			return True;
 		}
 	}
 	DEBUG(0,("no default for account_policy index %d found. This should never happen\n",
-		account_policy));
+		type));
 	return False;
 }
 
 /*****************************************************************************
- Set default for a field if it is empty
+ Set default for a type if it is empty
 *****************************************************************************/
 
-static bool account_policy_set_default_on_empty(int account_policy)
+static bool account_policy_set_default_on_empty(enum pdb_policy_type type)
 {
 
 	uint32 value;
 
-	if (!account_policy_get(account_policy, &value) &&
+	if (!account_policy_get(type, &value) &&
-	    !account_policy_get_default(account_policy, &value)) {
+	    !account_policy_get_default(type, &value)) {
 		return False;
 	}
 
-	return account_policy_set(account_policy, value);
+	return account_policy_set(type, value);
 }
 
 /*****************************************************************************
@@ -255,9 +255,9 @@ bool init_account_policy(void)
 			goto cancel;
 		}
 
-		for (i=0; account_policy_names[i].field; i++) {
+		for (i=0; account_policy_names[i].type; i++) {
 
-			if (!account_policy_set_default_on_empty(account_policy_names[i].field)) {
+			if (!account_policy_set_default_on_empty(account_policy_names[i].type)) {
 				DEBUG(0,("failed to set default value in account policy tdb\n"));
 				goto cancel;
 			}
@@ -302,7 +302,7 @@ bool init_account_policy(void)
 Get an account policy (from tdb)
 *****************************************************************************/
 
-bool account_policy_get(int field, uint32 *value)
+bool account_policy_get(enum pdb_policy_type type, uint32_t *value)
 {
 	const char *name;
 	uint32 regval;
@@ -315,14 +315,14 @@ bool account_policy_get(int field, uint32 *value)
 		*value = 0;
 	}
 
-	name = decode_account_policy_name(field);
+	name = decode_account_policy_name(type);
 	if (name == NULL) {
-		DEBUG(1, ("account_policy_get: Field %d is not a valid account policy type!  Cannot get, returning 0.\n", field));
+		DEBUG(1, ("account_policy_get: Field %d is not a valid account policy type!  Cannot get, returning 0.\n", type));
 		return False;
 	}
 
 	if (!dbwrap_fetch_uint32(db, name, &regval)) {
-		DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for field %d (%s), returning 0\n", field, name));
+		DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for type %d (%s), returning 0\n", type, name));
 		return False;
 	}
 
@@ -339,7 +339,7 @@ bool account_policy_get(int field, uint32 *value)
 Set an account policy (in tdb)
 ****************************************************************************/
 
-bool account_policy_set(int field, uint32 value)
+bool account_policy_set(enum pdb_policy_type type, uint32_t value)
 {
 	const char *name;
 	NTSTATUS status;
@@ -348,16 +348,16 @@ bool account_policy_set(int field, uint32 value)
 		return False;
 	}
 
-	name = decode_account_policy_name(field);
+	name = decode_account_policy_name(type);
 	if (name == NULL) {
-		DEBUG(1, ("Field %d is not a valid account policy type!  Cannot set.\n", field));
+		DEBUG(1, ("Field %d is not a valid account policy type!  Cannot set.\n", type));
 		return False;
 	}
 
 	status = dbwrap_trans_store_uint32(db, name, value);
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(1, ("store_uint32 failed for field %d (%s) on value "
+		DEBUG(1, ("store_uint32 failed for type %d (%s) on value "
-			  "%u: %s\n", field, name, value, nt_errstr(status)));
+			  "%u: %s\n", type, name, value, nt_errstr(status)));
 		return False;
 	}
 
@@ -370,14 +370,14 @@ bool account_policy_set(int field, uint32 value)
 Set an account policy in the cache
 ****************************************************************************/
 
-bool cache_account_policy_set(int field, uint32 value)
+bool cache_account_policy_set(enum pdb_policy_type type, uint32_t value)
 {
 	const char *policy_name = NULL;
 	char *cache_key = NULL;
 	char *cache_value = NULL;
 	bool ret = False;
 
-	policy_name = decode_account_policy_name(field);
+	policy_name = decode_account_policy_name(type);
 	if (policy_name == NULL) {
 		DEBUG(0,("cache_account_policy_set: no policy found\n"));
 		return False;
@@ -407,14 +407,14 @@ bool cache_account_policy_set(int field, uint32 value)
 Get an account policy from the cache
 *****************************************************************************/
 
-bool cache_account_policy_get(int field, uint32 *value)
+bool cache_account_policy_get(enum pdb_policy_type type, uint32_t *value)
 {
 	const char *policy_name = NULL;
 	char *cache_key = NULL;
 	char *cache_value = NULL;
 	bool ret = False;
 
-	policy_name = decode_account_policy_name(field);
+	policy_name = decode_account_policy_name(type);
 	if (policy_name == NULL) {
 		DEBUG(0,("cache_account_policy_set: no policy found\n"));
 		return False;

source3/libnet/libnet_samsync_passdb.c

@@ -676,21 +676,24 @@ static NTSTATUS fetch_domain_info(TALLOC_CTX *mem_ctx,
 	}
 
 
-	if (!pdb_set_account_policy(AP_PASSWORD_HISTORY,
+	if (!pdb_set_account_policy(PDB_POLICY_PASSWORD_HISTORY,
 				    r->password_history_length))
 		return nt_status;
 
-	if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN,
+	if (!pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
 				    r->min_password_length))
 		return nt_status;
 
-	if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age))
+	if (!pdb_set_account_policy(PDB_POLICY_MAX_PASSWORD_AGE,
+				    (uint32)u_max_age))
 		return nt_status;
 
-	if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age))
+	if (!pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_AGE,
+				    (uint32)u_min_age))
 		return nt_status;
 
-	if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout))
+	if (!pdb_set_account_policy(PDB_POLICY_TIME_TO_LOGOUT,
+				    (uint32)u_logout))
 		return nt_status;
 
 	if (lockstr) {
@@ -699,21 +702,23 @@ static NTSTATUS fetch_domain_info(TALLOC_CTX *mem_ctx,
 		u_lockoutreset = uint64s_nt_time_to_unix_abs(&lockstr->reset_count);
 		u_lockouttime = uint64s_nt_time_to_unix_abs((uint64_t *)&lockstr->lockout_duration);
 
-		if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT,
+		if (!pdb_set_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT,
 					    lockstr->bad_attempt_lockout))
 			return nt_status;
 
-		if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32_t)u_lockoutreset/60))
+		if (!pdb_set_account_policy(PDB_POLICY_RESET_COUNT_TIME,
+					    (uint32_t)u_lockoutreset/60))
 			return nt_status;
 
 		if (u_lockouttime != -1)
 			u_lockouttime /= 60;
 
-		if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32_t)u_lockouttime))
+		if (!pdb_set_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION,
+					    (uint32_t)u_lockouttime))
 			return nt_status;
 	}
 
-	if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+	if (!pdb_set_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
 				    r->logon_to_chgpass))
 		return nt_status;
 

source3/passdb/passdb.c

@@ -1439,7 +1439,7 @@ static bool init_samu_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 bu
 	}
 
 	/* Change from V1 is addition of password history field. */
-	pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+	pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 	if (pwHistLen) {
 		uint8 *pw_hist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN);
 		if (!pw_hist) {
@@ -1674,7 +1674,7 @@ static bool init_samu_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 bu
 		}
 	}
 
-	pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+	pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 	if (pwHistLen) {
 		uint8 *pw_hist = (uint8 *)SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
 		if (!pw_hist) {
@@ -1879,7 +1879,7 @@ static uint32 init_buffer_from_samu_v3 (uint8 **buf, struct samu *sampass, bool
 		nt_pw_len = 0;
 	}
 
-	pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+	pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 	nt_pw_hist =  pdb_get_pw_history(sampass, &nt_pw_hist_len);
 	if (pwHistLen && nt_pw_hist && nt_pw_hist_len) {
 		nt_pw_hist_len *= PW_HISTORY_ENTRY_LEN;
@@ -2085,7 +2085,7 @@ bool pdb_copy_sam_account(struct samu *dst, struct samu *src )
 }
 
 /*********************************************************************
- Update the bad password count checking the AP_RESET_COUNT_TIME 
+ Update the bad password count checking the PDB_POLICY_RESET_COUNT_TIME
 *********************************************************************/
 
 bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
@@ -2102,7 +2102,7 @@ bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
 	}
 
 	become_root();
-	res = pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime);
+	res = pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &resettime);
 	unbecome_root();
 
 	if (!res) {
@@ -2131,7 +2131,7 @@ bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
 }
 
 /*********************************************************************
- Update the ACB_AUTOLOCK flag checking the AP_LOCK_ACCOUNT_DURATION 
+ Update the ACB_AUTOLOCK flag checking the PDB_POLICY_LOCK_ACCOUNT_DURATION
 *********************************************************************/
 
 bool pdb_update_autolock_flag(struct samu *sampass, bool *updated)
@@ -2147,7 +2147,7 @@ bool pdb_update_autolock_flag(struct samu *sampass, bool *updated)
 	}
 
 	become_root();
-	res = pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration);
+	res = pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, &duration);
 	unbecome_root();
 
 	if (!res) {
@@ -2199,7 +2199,7 @@ bool pdb_increment_bad_password_count(struct samu *sampass)
 
 	/* Retrieve the account lockout policy */
 	become_root();
-	ret = pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout);
+	ret = pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout);
 	unbecome_root();
 	if ( !ret ) {
 		DEBUG(0, ("pdb_increment_bad_password_count: pdb_get_account_policy failed.\n"));

source3/passdb/pdb_ads.c

@@ -1706,16 +1706,18 @@ static NTSTATUS pdb_ads_lookup_names(struct pdb_methods *m,
 }
 
 static NTSTATUS pdb_ads_get_account_policy(struct pdb_methods *m,
-					   int policy_index, uint32 *value)
+					   enum pdb_policy_type type,
+					   uint32_t *value)
 {
-	return account_policy_get(policy_index, value)
+	return account_policy_get(type, value)
 		? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 }
 
 static NTSTATUS pdb_ads_set_account_policy(struct pdb_methods *m,
-					   int policy_index, uint32 value)
+					   enum pdb_policy_type type,
+					   uint32_t value)
 {
-	return account_policy_set(policy_index, value)
+	return account_policy_set(type, value)
 		? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 }
 

source3/passdb/pdb_get_set.c

@@ -88,7 +88,7 @@ time_t pdb_get_pass_can_change_time(const struct samu *sampass)
 	    pdb_get_init_flags(sampass, PDB_CANCHANGETIME) == PDB_CHANGED)
 		return sampass->pass_can_change_time;
 
-	if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow))
+	if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &allow))
 		allow = 0;
 
 	/* in normal cases, just calculate it from policy */
@@ -112,7 +112,7 @@ time_t pdb_get_pass_must_change_time(const struct samu *sampass)
 	if (sampass->acct_ctrl & ACB_PWNOEXP)
 		return get_time_t_max();
 
-	if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
+	if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire)
 	    || expire == (uint32)-1 || expire == 0) 
 		return get_time_t_max();
 
@@ -1013,7 +1013,7 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
 	if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
 		uchar *pwhistory;
 		uint32 pwHistLen;
-		pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+		pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 		if (pwHistLen != 0){
 			uint32 current_history_len;
 			/* We need to make sure we don't have a race condition here - the

source3/passdb/pdb_interface.c

@@ -994,25 +994,25 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
 }
 #endif
 
-bool pdb_get_account_policy(int policy_index, uint32 *value)
+bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value)
 {
 	struct pdb_methods *pdb = pdb_get_methods();
 	NTSTATUS status;
 
 	become_root();
-	status = pdb->get_account_policy(pdb, policy_index, value);
+	status = pdb->get_account_policy(pdb, type, value);
 	unbecome_root();
 
 	return NT_STATUS_IS_OK(status);	
 }
 
-bool pdb_set_account_policy(int policy_index, uint32 value)
+bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value)
 {
 	struct pdb_methods *pdb = pdb_get_methods();
 	NTSTATUS status;
 
 	become_root();
-	status = pdb->set_account_policy(pdb, policy_index, value);
+	status = pdb->set_account_policy(pdb, type, value);
 	unbecome_root();
 
 	return NT_STATUS_IS_OK(status);
@@ -1174,14 +1174,14 @@ static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods,
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
+static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value)
 {
-	return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return account_policy_get(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 }
 
-static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value)
+static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value)
 {
-	return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return account_policy_set(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 }
 
 static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num)

source3/passdb/pdb_ldap.c

@@ -902,7 +902,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
 
 	pwHistLen = 0;
 
-	pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+	pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 	if (pwHistLen > 0){
 		uint8 *pwhist = NULL;
 		int i;
@@ -1327,7 +1327,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
 		if (need_update(sampass, PDB_PWHISTORY)) {
 			char *pwstr = NULL;
 			uint32 pwHistLen = 0;
-			pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+			pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 
 			pwstr = SMB_MALLOC_ARRAY(char, 1024);
 			if (!pwstr) {
@@ -1404,7 +1404,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
 		uint16 badcount = pdb_get_bad_password_count(sampass);
 		time_t badtime = pdb_get_bad_password_time(sampass);
 		uint32 pol;
-		pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &pol);
+		pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &pol);
 
 		DEBUG(3, ("updating bad password fields, policy=%u, count=%u, time=%u\n",
 			(unsigned int)pol, (unsigned int)badcount, (unsigned int)badtime));
@@ -3762,7 +3762,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
 }
 
 static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
-						   int policy_index,
+						   enum pdb_policy_type type,
 						   uint32 value)
 {
 	NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
@@ -3780,7 +3780,7 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	policy_attr = get_account_policy_attr(policy_index);
+	policy_attr = get_account_policy_attr(type);
 	if (policy_attr == NULL) {
 		DEBUG(0,("ldapsam_set_account_policy_in_ldap: invalid "
 			 "policy\n"));
@@ -3800,7 +3800,7 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
 		return ntstatus;
 	}
 
-	if (!cache_account_policy_set(policy_index, value)) {
+	if (!cache_account_policy_set(type, value)) {
 		DEBUG(0,("ldapsam_set_account_policy_in_ldap: failed to "
 			 "update local tdb cache\n"));
 		return ntstatus;
@@ -3810,14 +3810,15 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
 }
 
 static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods,
-					   int policy_index, uint32 value)
+					   enum pdb_policy_type type,
+					   uint32_t value)
 {
-	return ldapsam_set_account_policy_in_ldap(methods, policy_index,
+	return ldapsam_set_account_policy_in_ldap(methods, type,
 						  value);
 }
 
 static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods,
-						     int policy_index,
+						     enum pdb_policy_type type,
 						     uint32 *value)
 {
 	NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
@@ -3839,10 +3840,10 @@ static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	policy_attr = get_account_policy_attr(policy_index);
+	policy_attr = get_account_policy_attr(type);
 	if (!policy_attr) {
 		DEBUG(0,("ldapsam_get_account_policy_from_ldap: invalid "
-			 "policy index: %d\n", policy_index));
+			 "policy index: %d\n", type));
 		return ntstatus;
 	}
 
@@ -3896,17 +3897,18 @@ out:
    Guenther
 */
 static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods,
-					   int policy_index, uint32 *value)
+					   enum pdb_policy_type type,
+					   uint32_t *value)
 {
 	NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
 
-	if (cache_account_policy_get(policy_index, value)) {
+	if (cache_account_policy_get(type, value)) {
 		DEBUG(11,("ldapsam_get_account_policy: got valid value from "
 			  "cache\n"));
 		return NT_STATUS_OK;
 	}
 
-	ntstatus = ldapsam_get_account_policy_from_ldap(methods, policy_index,
+	ntstatus = ldapsam_get_account_policy_from_ldap(methods, type,
 							value);
 	if (NT_STATUS_IS_OK(ntstatus)) {
 		goto update_cache;
@@ -3917,27 +3919,27 @@ static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods,
 
 #if 0
 	/* should we automagically migrate old tdb value here ? */
-	if (account_policy_get(policy_index, value))
+	if (account_policy_get(type, value))
 		goto update_ldap;
 
 	DEBUG(10,("ldapsam_get_account_policy: no tdb for %d, trying "
-		  "default\n", policy_index));
+		  "default\n", type));
 #endif
 
-	if (!account_policy_get_default(policy_index, value)) {
+	if (!account_policy_get_default(type, value)) {
 		return ntstatus;
 	}
 
 /* update_ldap: */
 
- 	ntstatus = ldapsam_set_account_policy(methods, policy_index, *value);
+	ntstatus = ldapsam_set_account_policy(methods, type, *value);
 	if (!NT_STATUS_IS_OK(ntstatus)) {
 		return ntstatus;
 	}
 
  update_cache:
 
-	if (!cache_account_policy_set(policy_index, *value)) {
+	if (!cache_account_policy_set(type, *value)) {
 		DEBUG(0,("ldapsam_get_account_policy: failed to update local "
 			 "tdb as a cache\n"));
 		return NT_STATUS_UNSUCCESSFUL;

source3/registry/reg_backend_netlogon_params.c

@@ -35,7 +35,7 @@ static int netlogon_params_fetch_values(const char *key, struct regval_ctr *regv
 {
 	uint32 dwValue;
 
-	if (!pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, &dwValue)) {
+	if (!pdb_get_account_policy(PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, &dwValue)) {
 		dwValue = 0;
 	}
 

source3/rpc_server/srv_samr_nt.c

@@ -639,9 +639,9 @@ NTSTATUS _samr_GetUserPwInfo(pipes_struct *p,
 	switch (sid_type) {
 		case SID_NAME_USER:
 			become_root();
-			pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
+			pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
 					       &min_password_length);
-			pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+			pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
 					       &password_properties);
 			unbecome_root();
 
@@ -2079,19 +2079,19 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
 
 		/* AS ROOT !!! */
 
-		pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &tmp);
+		pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &tmp);
 		dominfo->min_password_length = tmp;
 
-		pdb_get_account_policy(AP_PASSWORD_HISTORY, &tmp);
+		pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &tmp);
 		dominfo->password_history_length = tmp;
 
-		pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+		pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
 				       &dominfo->password_properties);
 
-		pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp);
+		pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &account_policy_temp);
 		u_expire = account_policy_temp;
 
-		pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp);
+		pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &account_policy_temp);
 		u_min_age = account_policy_temp;
 
 		/* !AS ROOT */
@@ -3305,19 +3305,19 @@ static NTSTATUS query_dom_info_1(TALLOC_CTX *mem_ctx,
 
 	/* AS ROOT !!! */
 
-	pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp);
+	pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &account_policy_temp);
 	r->min_password_length = account_policy_temp;
 
-	pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp);
+	pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &account_policy_temp);
 	r->password_history_length = account_policy_temp;
 
-	pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+	pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
 			       &r->password_properties);
 
-	pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp);
+	pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &account_policy_temp);
 	u_expire = account_policy_temp;
 
-	pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp);
+	pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &account_policy_temp);
 	u_min_age = account_policy_temp;
 
 	/* !AS ROOT */
@@ -3352,7 +3352,7 @@ static NTSTATUS query_dom_info_2(TALLOC_CTX *mem_ctx,
 	r->num_groups	= count_sam_groups(dinfo->disp_info);
 	r->num_aliases	= count_sam_aliases(dinfo->disp_info);
 
-	pdb_get_account_policy(AP_TIME_TO_LOGOUT, &u_logout);
+	pdb_get_account_policy(PDB_POLICY_TIME_TO_LOGOUT, &u_logout);
 
 	unix_to_nt_time_abs(&r->force_logoff_time, u_logout);
 
@@ -3389,7 +3389,7 @@ static NTSTATUS query_dom_info_3(TALLOC_CTX *mem_ctx,
 
 	{
 		uint32_t ul;
-		pdb_get_account_policy(AP_TIME_TO_LOGOUT, &ul);
+		pdb_get_account_policy(PDB_POLICY_TIME_TO_LOGOUT, &ul);
 		u_logout = (time_t)ul;
 	}
 
@@ -3506,16 +3506,16 @@ static NTSTATUS query_dom_info_11(TALLOC_CTX *mem_ctx,
 
 	become_root();
 
-	pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
+	pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, &account_policy_temp);
 	u_lock_duration = account_policy_temp;
 	if (u_lock_duration != -1) {
 		u_lock_duration *= 60;
 	}
 
-	pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp);
+	pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &account_policy_temp);
 	u_reset_time = account_policy_temp * 60;
 
-	pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
+	pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
 	r->lockout_threshold = account_policy_temp;
 
 	/* !AS ROOT */
@@ -3541,16 +3541,16 @@ static NTSTATUS query_dom_info_12(TALLOC_CTX *mem_ctx,
 
 	/* AS ROOT !!! */
 
-	pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
+	pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, &account_policy_temp);
 	u_lock_duration = account_policy_temp;
 	if (u_lock_duration != -1) {
 		u_lock_duration *= 60;
 	}
 
-	pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp);
+	pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &account_policy_temp);
 	u_reset_time = account_policy_temp * 60;
 
-	pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
+	pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
 	r->lockout_threshold = account_policy_temp;
 
 	/* !AS ROOT */
@@ -6205,9 +6205,9 @@ NTSTATUS _samr_GetDomPwInfo(pipes_struct *p,
 	}
 
 	become_root();
-	pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
+	pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
 			       &min_password_length);
-	pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+	pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
 			       &password_properties);
 	unbecome_root();
 
@@ -6376,14 +6376,14 @@ static NTSTATUS set_dom_info_1(TALLOC_CTX *mem_ctx,
 	u_expire = nt_time_to_unix_abs((NTTIME *)&r->max_password_age);
 	u_min_age = nt_time_to_unix_abs((NTTIME *)&r->min_password_age);
 
-	pdb_set_account_policy(AP_MIN_PASSWORD_LEN,
+	pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
 			       (uint32_t)r->min_password_length);
-	pdb_set_account_policy(AP_PASSWORD_HISTORY,
+	pdb_set_account_policy(PDB_POLICY_PASSWORD_HISTORY,
 			       (uint32_t)r->password_history_length);
-	pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+	pdb_set_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
 			       (uint32_t)r->password_properties);
-	pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (int)u_expire);
+	pdb_set_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, (int)u_expire);
-	pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (int)u_min_age);
+	pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, (int)u_min_age);
 
 	return NT_STATUS_OK;
 }
@@ -6398,7 +6398,7 @@ static NTSTATUS set_dom_info_3(TALLOC_CTX *mem_ctx,
 
 	u_logout = nt_time_to_unix_abs((NTTIME *)&r->force_logoff_time);
 
-	pdb_set_account_policy(AP_TIME_TO_LOGOUT, (int)u_logout);
+	pdb_set_account_policy(PDB_POLICY_TIME_TO_LOGOUT, (int)u_logout);
 
 	return NT_STATUS_OK;
 }
@@ -6418,9 +6418,9 @@ static NTSTATUS set_dom_info_12(TALLOC_CTX *mem_ctx,
 
 	u_reset_time = nt_time_to_unix_abs((NTTIME *)&r->lockout_window)/60;
 
-	pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
+	pdb_set_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
-	pdb_set_account_policy(AP_RESET_COUNT_TIME, (int)u_reset_time);
+	pdb_set_account_policy(PDB_POLICY_RESET_COUNT_TIME, (int)u_reset_time);
-	pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT,
+	pdb_set_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT,
 			       (uint32_t)r->lockout_threshold);
 
 	return NT_STATUS_OK;

source3/rpc_server/srv_samr_util.c

@@ -619,7 +619,7 @@ void copy_id21_to_sam_passwd(const char *log_prefix,
 			uint32_t pwd_max_age = 0;
 			time_t now = time(NULL);
 
-			pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &pwd_max_age);
+			pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &pwd_max_age);
 
 			if (pwd_max_age == (uint32_t)-1 || pwd_max_age == 0) {
 				pwd_max_age = get_time_t_max();

source3/smbd/chgpasswd.c

@@ -1024,7 +1024,7 @@ static bool check_passwd_history(struct samu *sampass, const char *plaintext)
 	int i;
 	uint32 pwHisLen, curr_pwHisLen;
 
-	pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHisLen);
+	pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHisLen);
 	if (pwHisLen == 0) {
 		return False;
 	}
@@ -1107,7 +1107,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 	 * denies machines to change the password. *
 	 * Should we deny also SRVTRUST and/or DOMSTRUST ? .SSS. */
 	if (pdb_get_acct_ctrl(hnd) & ACB_WSTRUST) {
-		if (pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, &refuse) && refuse) {
+		if (pdb_get_account_policy(PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, &refuse) && refuse) {
 			DEBUG(1, ("Machine %s cannot change password now, "
 				  "denied by Refuse Machine Password Change policy\n",
 				  username));
@@ -1130,7 +1130,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 		return NT_STATUS_ACCOUNT_RESTRICTION;
 	}
 
-	if (pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) {
+	if (pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) {
 		DEBUG(1, ("user %s cannot change password - password too short\n", 
 			  username));
 		DEBUGADD(1, (" account policy min password len = %d\n", min_len));

source3/torture/pdbtest.c

@@ -288,7 +288,7 @@ int main(int argc, char **argv)
 	pdb_set_homedir(out, "\\\\torture\\home", PDB_SET);
 	pdb_set_logon_script(out, "torture_script.cmd", PDB_SET);
 
-	pdb_get_account_policy(AP_PASSWORD_HISTORY, &history);
+	pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &history);
 	if (history * PW_HISTORY_ENTRY_LEN < NT_HASH_LEN) {
 		buf = (uint8 *)TALLOC(ctx, NT_HASH_LEN);
 	} else {
@@ -311,8 +311,8 @@ int main(int argc, char **argv)
 	}
 	pdb_set_pw_history(out, buf, history, PDB_SET);
 
-	pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire);
+	pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire);
-	pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age);
+	pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &min_age);
 	pdb_set_pass_last_set_time(out, time(NULL), PDB_SET);
 	
 	if (expire == 0 || expire == (uint32)-1) {

source3/winbindd/winbindd_passdb.c

@@ -332,29 +332,29 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
+	if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
 				    &account_policy_temp)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
 	p->min_password_length = account_policy_temp;
 
-	if (!pdb_get_account_policy(AP_PASSWORD_HISTORY,
+	if (!pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY,
 				    &account_policy_temp)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
 	p->password_history_length = account_policy_temp;
 
-	if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+	if (!pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
 				    &p->password_properties)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) {
+	if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &account_policy_temp)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
 	u_expire = account_policy_temp;
 
-	if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) {
+	if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &account_policy_temp)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
 	u_min_age = account_policy_temp;