sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-03 04:22:09 +03:00
Code Activity

added a tdb to store the account policy informations.

Browse Source 
You can change them with either usermanager->policies->account
or from a command prompt on NT/W2K: net accounts /domain

we can add a rpc accounts to the net command. As the net_rpc.c is still
empty, I did not start. How should I add command to it ? Should I take the
rpcclient/cmd_xxx functions and call them from there ?

alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more
for jeremy ;-)

        J.F.
This commit is contained in:
Jean-François Micouleau
-
parent 80010d80f9
commit bc28a8eebd
11 changed files with 465 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/Makefile.in
View File

@ -122,7 +122,7 @@ LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \
lib/ms_fnmatch.o lib/select.o lib/error.o lib/messages.o \
lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \
nsswitch/wb_client.o nsswitch/wb_common.o \
intl/lang_tdb.o $(TDB_OBJ)
intl/lang_tdb.o lib/account_pol.o $(TDB_OBJ)
READLINE_OBJ = lib/readline.o

3
source/groupdb/mapping.c
View File

@ -166,6 +166,9 @@ BOOL init_group_mapping(void)
}
tdb_unlock_bystring(tdb, vstring);
/* write a list of default groups */
if(!default_group_mapping())
return False;
return True;
}

5
source/include/rpc_samr.h
View File

@ -481,14 +481,11 @@ typedef struct q_samr_query_domain_info
typedef struct sam_unknown_info_3_info
{
uint32 unknown_0; /* 0x0000 0000 */
uint32 unknown_1;
NTTIME logout;
/* 0x8000 0000 */ /* DON'T forcibly disconnect remote users from server when logon hours expire*/
/* 0x0000 0000 */ /* forcibly disconnect remote users from server when logon hours expire*/
} SAM_UNK_INFO_3;
typedef struct sam_unknown_info_6_info

14
source/include/smb.h
View File

@ -630,6 +630,20 @@ typedef struct sam_passwd
} SAM_ACCOUNT;
/*
* Flags for account policy.
*/
#define AP_MIN_PASSWORD_LEN 1
#define AP_PASSWORD_HISTORY 2
#define AP_USER_MUST_LOGON_TO_CHG_PASS 3
#define AP_MAX_PASSWORD_AGE 4
#define AP_MIN_PASSWORD_AGE 5
#define AP_LOCK_ACCOUNT_DURATION 6
#define AP_RESET_COUNT_TIME 7
#define AP_BAD_ATTEMPT_LOCKOUT 8
#define AP_TIME_TO_LOGOUT 9
/*
* Flags for local user manipulation.
*/

132
source/lib/account_pol.c Normal file
View File

@ -0,0 +1,132 @@
/*
* Unix SMB/Netbios implementation.
* Version 1.9.
* account policy storage
* Copyright (C) Jean Fran<61>ois Micouleau 1998-2001.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
static TDB_CONTEXT *tdb; /* used for driver files */
#define DATABASE_VERSION 1
/****************************************************************************
open the account policy tdb
****************************************************************************/
BOOL init_account_policy(void)
{
static pid_t local_pid;
char *vstring = "INFO/version";
if (tdb && local_pid == sys_getpid()) return True;
tdb = tdb_open_log(lock_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
if (!tdb) {
DEBUG(0,("Failed to open account policy database\n"));
return False;
}
local_pid = sys_getpid();
/* handle a Samba upgrade */
tdb_lock_bystring(tdb, vstring);
if (tdb_fetch_int(tdb, vstring) != DATABASE_VERSION) {
tdb_traverse(tdb, (tdb_traverse_func)tdb_delete, NULL);
tdb_store_int(tdb, vstring, DATABASE_VERSION);
account_policy_set(AP_MIN_PASSWORD_LEN, MINPASSWDLENGTH); /* 5 chars minimum */
account_policy_set(AP_PASSWORD_HISTORY, 0); /* don't keep any old password */
account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, 0); /* don't force user to logon */
account_policy_set(AP_MAX_PASSWORD_AGE, MAX_PASSWORD_AGE); /* 21 days */
account_policy_set(AP_MIN_PASSWORD_AGE, 0); /* 0 days */
account_policy_set(AP_LOCK_ACCOUNT_DURATION, 0); /* lockout for 0 minutes */
account_policy_set(AP_RESET_COUNT_TIME, 0); /* reset immediatly */
account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, 0); /* don't lockout */
account_policy_set(AP_TIME_TO_LOGOUT, -1); /* don't force logout */
}
tdb_unlock_bystring(tdb, vstring);
return True;
}
/****************************************************************************
****************************************************************************/
static char *decode_account_policy_name(field)
{
switch (field) {
case AP_MIN_PASSWORD_LEN:
return "min password length";
break;
case AP_PASSWORD_HISTORY:
return "password history";
break;
case AP_USER_MUST_LOGON_TO_CHG_PASS:
return "user must logon to change password";
break;
case AP_MAX_PASSWORD_AGE:
return "maximum password age";
break;
case AP_MIN_PASSWORD_AGE:
return "minimum password age";
break;
case AP_LOCK_ACCOUNT_DURATION:
return "lockout duration";
break;
case AP_RESET_COUNT_TIME:
return "reset count minutes";
break;
case AP_BAD_ATTEMPT_LOCKOUT:
return "bad lockout attempt";
break;
case AP_TIME_TO_LOGOUT:
return "disconnect time";
break;
default:
return "undefined value";
break;
}
}
/****************************************************************************
****************************************************************************/
BOOL account_policy_get(int field, int *value)
{
fstring name;
fstrcpy(name, decode_account_policy_name(field));
*value=tdb_fetch_int(tdb, name);
DEBUG(10,("account_policy_get: %s:%d\n", name, *value));
return True;
}
/****************************************************************************
****************************************************************************/
BOOL account_policy_set(int field, int value)
{
fstring name;
fstrcpy(name, decode_account_policy_name(field));
if ( tdb_store_int(tdb, name, value)== -1)
return False;
DEBUG(10,("account_policy_set: %s:%d\n", name, value));
return True;
}

88
source/lib/time.c
View File

@ -304,6 +304,50 @@ time_t nt_time_to_unix(NTTIME *nt)
return(ret);
}
/****************************************************************************
convert a NTTIME structure to a time_t
It's originally in "100ns units"
this is an absolute version of the one above.
By absolute I mean, it doesn't adjust from 1/1/1601 to 1/1/1970
if the NTTIME was 5 seconds, the time_t is 5 seconds. JFM
****************************************************************************/
time_t nt_time_to_unix_abs(NTTIME *nt)
{
double d;
time_t ret;
/* The next two lines are a fix needed for the
broken SCO compiler. JRA. */
time_t l_time_min = TIME_T_MIN;
time_t l_time_max = TIME_T_MAX;
if (nt->high == 0)
return(0);
if (nt->high==0x80000000 && nt->low==0)
return -1;
/* reverse the time */
/* it's a negative value, turn it to positive */
nt->high=~nt->high;
nt->low=~nt->low;
d = ((double)nt->high)*4.0*(double)(1<<30);
d += (nt->low&0xFFF00000);
d *= 1.0e-7;
if (!(l_time_min <= d && d <= l_time_max))
return(0);
ret = (time_t)(d+0.5);
/* this takes us from kludge-GMT to real GMT */
ret -= get_serverzone();
ret += LocTimeDiff(ret);
return(ret);
}
/****************************************************************************
@ -355,6 +399,50 @@ void unix_to_nt_time(NTTIME *nt, time_t t)
nt->low = (uint32)(d - ((double)nt->high)*4.0*(double)(1<<30));
}
/****************************************************************************
convert a time_t to a NTTIME structure
this is an absolute version of the one above.
By absolute I mean, it doesn't adjust from 1/1/1970 to 1/1/1601
if the nttime_t was 5 seconds, the NTTIME is 5 seconds. JFM
****************************************************************************/
void unix_to_nt_time_abs(NTTIME *nt, time_t t)
{
double d;
if (t==0) {
nt->low = 0;
nt->high = 0;
return;
}
if (t == TIME_T_MAX) {
nt->low = 0xffffffff;
nt->high = 0x7fffffff;
return;
}
if (t == -1) {
/* that's what NT uses for infinite */
nt->low = 0x0;
nt->high = 0x80000000;
return;
}
/* this converts GMT to kludge-GMT */
t -= LocTimeDiff(t) - get_serverzone();
d = (double)(t);
d *= 1.0e7;
nt->high = (uint32)(d * (1.0/(4.0*(double)(1<<30))));
nt->low = (uint32)(d - ((double)nt->high)*4.0*(double)(1<<30));
/* convert to a negative value */
nt->high=~nt->high;
nt->low=~nt->low;
}
/****************************************************************************
take an NTTIME structure, containing high / low time. convert to unix time.

14
source/passdb/passdb.c
View File

@ -1776,6 +1776,7 @@ BOOL pdb_set_hours (SAM_ACCOUNT *sampass, const uint8 *hours)
BOOL pdb_set_pass_changed_now (SAM_ACCOUNT *sampass)
{
time_t expire;
if (!sampass)
return False;
@ -1783,10 +1784,17 @@ BOOL pdb_set_pass_changed_now (SAM_ACCOUNT *sampass)
if (!pdb_set_pass_last_set_time (sampass, time(NULL)))
return False;
if (!pdb_set_pass_must_change_time (sampass,
account_policy_get(AP_MAX_PASSWORD_AGE, (int *)&expire);
if (expire==-1) {
if (!pdb_set_pass_must_change_time (sampass, 0))
return False;
} else {
if (!pdb_set_pass_must_change_time (sampass,
pdb_get_pass_last_set_time(sampass)
+ MAX_PASSWORD_AGE))
return False;
+ expire))
return False;
}
return True;
}

50
source/rpc_parse/parse_samr.c
View File

@ -345,8 +345,15 @@ void init_samr_r_get_usrdom_pwinfo(SAMR_R_GET_USRDOM_PWINFO *r_u, NTSTATUS statu
DEBUG(5, ("init_samr_r_get_usrdom_pwinfo\n"));
r_u->unknown_0 = 0x0000;
r_u->unknown_1 = 0x0015;
r_u->unknown_2 = 0x00000000;
/*
* used to be
* r_u->unknown_1 = 0x0015;
* but for trusts.
*/
r_u->unknown_1 = 0x01D1;
r_u->unknown_2 = 0x00000000;
r_u->status = status;
}
@ -461,10 +468,10 @@ BOOL samr_io_q_query_dom_info(char *desc, SAMR_Q_QUERY_DOMAIN_INFO * q_u,
inits a structure.
********************************************************************/
void init_unk_info3(SAM_UNK_INFO_3 * u_3)
void init_unk_info3(SAM_UNK_INFO_3 *u_3, NTTIME nt_logout)
{
u_3->unknown_0 = 0x00000000;
u_3->unknown_1 = 0x80000000;
u_3->logout.low = nt_logout.low;
u_3->logout.high = nt_logout.high;
}
/*******************************************************************
@ -480,9 +487,7 @@ static BOOL sam_io_unk_info3(char *desc, SAM_UNK_INFO_3 * u_3,
prs_debug(ps, depth, desc, "sam_io_unk_info3");
depth++;
if(!prs_uint32("unknown_0", ps, depth, &u_3->unknown_0)) /* 0x0000 0000 */
return False;
if(!prs_uint32("unknown_1", ps, depth, &u_3->unknown_1)) /* 0x8000 0000 */
if(!smb_io_time("logout", &u_3->logout, ps, depth))
return False;
return True;
@ -554,14 +559,14 @@ static BOOL sam_io_unk_info7(char *desc, SAM_UNK_INFO_7 * u_7,
inits a structure.
********************************************************************/
void init_unk_info12(SAM_UNK_INFO_12 * u_12)
void init_unk_info12(SAM_UNK_INFO_12 * u_12, NTTIME nt_lock_duration, NTTIME nt_reset_time, uint16 lockout)
{
u_12->duration.low = 0xcf1dcc00;
u_12->duration.high = 0xfffffffb;
u_12->reset_count.low = 0xcf1dcc00;
u_12->reset_count.high = 0xfffffffb;
u_12->duration.low = nt_lock_duration.low;
u_12->duration.high = nt_lock_duration.high;
u_12->reset_count.low = nt_reset_time.low;
u_12->reset_count.high = nt_reset_time.high;
u_12->bad_attempt_lockout = 0x0000;
u_12->bad_attempt_lockout = lockout;
}
/*******************************************************************
@ -719,19 +724,20 @@ static BOOL sam_io_unk_info2(char *desc, SAM_UNK_INFO_2 * u_2,
inits a structure.
********************************************************************/
void init_unk_info1(SAM_UNK_INFO_1 * u_1)
void init_unk_info1(SAM_UNK_INFO_1 *u_1, uint16 min_pass_len, uint16 pass_hist,
uint32 flag, NTTIME nt_expire, NTTIME nt_min_age)
{
u_1->min_length_password = 0;
u_1->password_history = 0;
u_1->flag = 0;
u_1->min_length_password = min_pass_len;
u_1->password_history = pass_hist;
u_1->flag = flag;
/* password never expire */
u_1->expire.high = 0x80000000;
u_1->expire.low = 0;
u_1->expire.high = nt_expire.high;
u_1->expire.low = nt_expire.low;
/* can change the password now */
u_1->min_passwordage.high = 0;
u_1->min_passwordage.low = 0;
u_1->min_passwordage.high = nt_min_age.high;
u_1->min_passwordage.low = nt_min_age.low;
}

255
source/rpc_server/srv_samr_nt.c
View File

@ -1907,53 +1907,84 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SAMR_R_QUERY_DOMAIN_INFO *r_u)
{
SAM_UNK_CTR *ctr;
SAM_UNK_CTR *ctr;
uint32 min_pass_len,pass_hist,flag;
time_t u_expire, u_min_age;
NTTIME nt_expire, nt_min_age;
time_t u_lock_duration, u_reset_time;
NTTIME nt_lock_duration, nt_reset_time;
uint32 lockout;
time_t u_logout;
NTTIME nt_logout;
if ((ctr = (SAM_UNK_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_UNK_CTR))) == NULL)
return NT_STATUS_NO_MEMORY;
ZERO_STRUCTP(ctr);
ZERO_STRUCTP(ctr);
r_u->status = NT_STATUS_OK;
r_u->status = NT_STATUS_OK;
DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
/* find the policy handle. open a policy on it. */
if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
return NT_STATUS_INVALID_HANDLE;
/* find the policy handle. open a policy on it. */
if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
return NT_STATUS_INVALID_HANDLE;
switch (q_u->switch_value) {
case 0x01:
init_unk_info1(&ctr->info.inf1);
break;
case 0x02:
switch (q_u->switch_value) {
case 0x01:
account_policy_get(AP_MIN_PASSWORD_LEN, &min_pass_len);
account_policy_get(AP_PASSWORD_HISTORY, &pass_hist);
account_policy_get(AP_USER_MUST_LOGON_TO_CHG_PASS, &flag);
account_policy_get(AP_MAX_PASSWORD_AGE, (int *)&u_expire);
account_policy_get(AP_MIN_PASSWORD_AGE, (int *)&u_min_age);
unix_to_nt_time_abs(&nt_expire, u_expire);
unix_to_nt_time_abs(&nt_min_age, u_min_age);
init_unk_info1(&ctr->info.inf1, (uint16)min_pass_len, (uint16)pass_hist,
flag, nt_expire, nt_min_age);
break;
case 0x02:
/* The time call below is to get a sequence number for the sam. FIXME !!! JRA. */
init_unk_info2(&ctr->info.inf2, global_myworkgroup, global_myname, (uint32) time(NULL));
break;
case 0x03:
init_unk_info3(&ctr->info.inf3);
break;
case 0x05:
init_unk_info5(&ctr->info.inf5, global_myname);
break;
case 0x06:
init_unk_info6(&ctr->info.inf6);
break;
case 0x07:
init_unk_info7(&ctr->info.inf7);
break;
case 0x0c:
init_unk_info12(&ctr->info.inf12);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
init_unk_info2(&ctr->info.inf2, global_myworkgroup, global_myname, (uint32) time(NULL));
break;
case 0x03:
account_policy_get(AP_TIME_TO_LOGOUT, (int *)&u_logout);
unix_to_nt_time_abs(&nt_logout, u_logout);
init_unk_info3(&ctr->info.inf3, nt_logout);
break;
case 0x05:
init_unk_info5(&ctr->info.inf5, global_myname);
break;
case 0x06:
init_unk_info6(&ctr->info.inf6);
break;
case 0x07:
init_unk_info7(&ctr->info.inf7);
break;
case 0x0c:
account_policy_get(AP_LOCK_ACCOUNT_DURATION, (int *)&u_lock_duration);
account_policy_get(AP_RESET_COUNT_TIME, (int *)&u_reset_time);
account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &lockout);
unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
unix_to_nt_time_abs(&nt_reset_time, u_reset_time);
init_unk_info12(&ctr->info.inf12, nt_lock_duration, nt_reset_time, (uint16)lockout);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
init_samr_r_query_dom_info(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
init_samr_r_query_dom_info(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
return r_u->status;
return r_u->status;
}
/*******************************************************************
@ -3460,53 +3491,83 @@ NTSTATUS _samr_unknown_2d(pipes_struct *p, SAMR_Q_UNKNOWN_2D *q_u, SAMR_R_UNKNOW
NTSTATUS _samr_unknown_2e(pipes_struct *p, SAMR_Q_UNKNOWN_2E *q_u, SAMR_R_UNKNOWN_2E *r_u)
{
SAM_UNK_CTR *ctr;
SAM_UNK_CTR *ctr;
uint32 min_pass_len,pass_hist,flag;
time_t u_expire, u_min_age;
NTTIME nt_expire, nt_min_age;
time_t u_lock_duration, u_reset_time;
NTTIME nt_lock_duration, nt_reset_time;
uint32 lockout;
time_t u_logout;
NTTIME nt_logout;
if ((ctr = (SAM_UNK_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_UNK_CTR))) == NULL)
return NT_STATUS_NO_MEMORY;
ZERO_STRUCTP(ctr);
ZERO_STRUCTP(ctr);
r_u->status = NT_STATUS_OK;
r_u->status = NT_STATUS_OK;
DEBUG(5,("_samr_unknown_2e: %d\n", __LINE__));
DEBUG(5,("_samr_unknown_2e: %d\n", __LINE__));
/* find the policy handle. open a policy on it. */
if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
return NT_STATUS_INVALID_HANDLE;
/* find the policy handle. open a policy on it. */
if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
return NT_STATUS_INVALID_HANDLE;
switch (q_u->switch_value) {
case 0x01:
init_unk_info1(&ctr->info.inf1);
break;
case 0x02:
switch (q_u->switch_value) {
case 0x01:
account_policy_get(AP_MIN_PASSWORD_LEN, &min_pass_len);
account_policy_get(AP_PASSWORD_HISTORY, &pass_hist);
account_policy_get(AP_USER_MUST_LOGON_TO_CHG_PASS, &flag);
account_policy_get(AP_MAX_PASSWORD_AGE, (int *)&u_expire);
account_policy_get(AP_MIN_PASSWORD_AGE, (int *)&u_min_age);
unix_to_nt_time_abs(&nt_expire, u_expire);
unix_to_nt_time_abs(&nt_min_age, u_min_age);
init_unk_info1(&ctr->info.inf1, (uint16)min_pass_len, (uint16)pass_hist,
flag, nt_expire, nt_min_age);
break;
case 0x02:
/* The time call below is to get a sequence number for the sam. FIXME !!! JRA. */
init_unk_info2(&ctr->info.inf2, global_myworkgroup, global_myname, (uint32) time(NULL));
break;
case 0x03:
init_unk_info3(&ctr->info.inf3);
break;
case 0x05:
init_unk_info5(&ctr->info.inf5, global_myname);
break;
case 0x06:
init_unk_info6(&ctr->info.inf6);
break;
case 0x07:
init_unk_info7(&ctr->info.inf7);
break;
case 0x0c:
init_unk_info12(&ctr->info.inf12);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
init_unk_info2(&ctr->info.inf2, global_myworkgroup, global_myname, (uint32) time(NULL));
break;
case 0x03:
account_policy_get(AP_TIME_TO_LOGOUT, (int *)&u_logout);
unix_to_nt_time_abs(&nt_logout, u_logout);
init_unk_info3(&ctr->info.inf3, nt_logout);
break;
case 0x05:
init_unk_info5(&ctr->info.inf5, global_myname);
break;
case 0x06:
init_unk_info6(&ctr->info.inf6);
break;
case 0x07:
init_unk_info7(&ctr->info.inf7);
break;
case 0x0c:
account_policy_get(AP_LOCK_ACCOUNT_DURATION, (int *)&u_lock_duration);
account_policy_get(AP_RESET_COUNT_TIME, (int *)&u_reset_time);
account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &lockout);
unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
unix_to_nt_time_abs(&nt_reset_time, u_reset_time);
init_unk_info12(&ctr->info.inf12, nt_lock_duration, nt_reset_time, (uint16)lockout);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
init_samr_r_samr_unknown_2e(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
init_samr_r_samr_unknown_2e(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
DEBUG(5,("_samr_unknown_2e: %d\n", __LINE__));
DEBUG(5,("_samr_unknown_2e: %d\n", __LINE__));
return r_u->status;
return r_u->status;
}
/*******************************************************************
@ -3515,6 +3576,10 @@ NTSTATUS _samr_unknown_2e(pipes_struct *p, SAMR_Q_UNKNOWN_2E *q_u, SAMR_R_UNKNOW
NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R_SET_DOMAIN_INFO *r_u)
{
time_t u_expire, u_min_age;
time_t u_logout;
time_t u_lock_duration, u_reset_time;
r_u->status = NT_STATUS_OK;
DEBUG(5,("_samr_set_dom_info: %d\n", __LINE__));
@ -3523,25 +3588,41 @@ NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R
if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
return NT_STATUS_INVALID_HANDLE;
DEBUG(0,("_samr_set_dom_info: switch_value: %d\n", q_u->switch_value));
DEBUG(5,("_samr_set_dom_info: switch_value: %d\n", q_u->switch_value));
switch (q_u->switch_value) {
case 0x01:
break;
case 0x02:
break;
case 0x03:
break;
case 0x05:
break;
case 0x06:
break;
case 0x07:
break;
case 0x0c:
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
case 0x01:
u_expire=nt_time_to_unix_abs(&q_u->ctr->info.inf1.expire);
u_min_age=nt_time_to_unix_abs(&q_u->ctr->info.inf1.min_passwordage);
account_policy_set(AP_MIN_PASSWORD_LEN, (uint32)q_u->ctr->info.inf1.min_length_password);
account_policy_set(AP_PASSWORD_HISTORY, (uint32)q_u->ctr->info.inf1.password_history);
account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)q_u->ctr->info.inf1.flag);
account_policy_set(AP_MAX_PASSWORD_AGE, (int)u_expire);
account_policy_set(AP_MIN_PASSWORD_AGE, (int)u_min_age);
break;
case 0x02:
break;
case 0x03:
u_logout=nt_time_to_unix_abs(&q_u->ctr->info.inf3.logout);
account_policy_set(AP_TIME_TO_LOGOUT, (int)u_logout);
break;
case 0x05:
break;
case 0x06:
break;
case 0x07:
break;
case 0x0c:
u_lock_duration=nt_time_to_unix_abs(&q_u->ctr->info.inf12.duration);
u_reset_time=nt_time_to_unix_abs(&q_u->ctr->info.inf12.reset_count);
account_policy_set(AP_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
account_policy_set(AP_RESET_COUNT_TIME, (int)u_reset_time);
account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, (uint32)q_u->ctr->info.inf12.bad_attempt_lockout);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
init_samr_r_set_domain_info(r_u, NT_STATUS_OK);

13
source/smbd/server.c
View File

@ -825,13 +825,18 @@ static void usage(char *pname)
/* possibly reload the services file. */
reload_services(True);
if (init_group_mapping()==False) {
printf("Could not open tdb mapping file.\n");
if(!pdb_generate_sam_sid()) {
DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
exit(1);
}
if (!init_group_mapping()) {
DEBUG(0,("Could not open tdb mapping file.\n"));
return 0;
}
if(!pdb_generate_sam_sid()) {
DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
if (!init_account_policy()) {
DEBUG(0,("Could not open account policy tdb.\n"));
exit(1);
}

22
source/utils/smbgroupedit.c
View File

@ -246,6 +246,16 @@ int main (int argc, char **argv)
exit(1);
}
if(pdb_generate_sam_sid()==False) {
printf("Can not read machine SID\n");
return 0;
}
if (init_group_mapping()==False) {
printf("Could not open tdb mapping file.\n");
return 0;
}
while ((ch = getopt(argc, argv, "a:c:d:ln:p:st:u:vx:")) != EOF) {
switch(ch) {
case 'a':
@ -325,18 +335,6 @@ int main (int argc, char **argv)
break;
}
}
if (init_group_mapping()==False) {
printf("Could not open tdb mapping file.\n");
return 0;
}
if(pdb_generate_sam_sid()==False) {
printf("Can not read machine SID\n");
return 0;
}
default_group_mapping();
if (add_group)
return addgroup(group, sid_type, ntgroup, group_desc, privilege);