/* * Unix SMB/CIFS implementation. * account policy storage * Copyright (C) Jean François Micouleau 1998-2001. * Copyright (C) Andrew Bartlett 2002 * Copyright (C) Guenther Deschner 2004-2005 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include "includes.h" #include "system/filesys.h" #include "passdb.h" #include "dbwrap/dbwrap.h" #include "dbwrap/dbwrap_open.h" #include "../libcli/security/security.h" #include "lib/privileges.h" static struct db_context *db; /* cache all entries for 60 seconds for to save ldap-queries (cache is updated * after this period if admins do not use pdbedit or usermanager but manipulate * ldap directly) - gd */ #define DATABASE_VERSION 3 #define AP_TTL 60 struct ap_table { enum pdb_policy_type type; const char *string; uint32_t default_val; const char *description; const char *ldap_attr; }; static const struct ap_table account_policy_names[] = { {PDB_POLICY_MIN_PASSWORD_LEN, "min password length", MINPASSWDLENGTH, "Minimal password length (default: 5)", "sambaMinPwdLength" }, {PDB_POLICY_PASSWORD_HISTORY, "password history", 0, "Length of Password History Entries (default: 0 => off)", "sambaPwdHistoryLength" }, {PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password", 0, "Force Users to logon for password change (default: 0 => off, 2 => on)", "sambaLogonToChgPwd" }, {PDB_POLICY_MAX_PASSWORD_AGE, "maximum password age", (uint32_t) -1, "Maximum password age, in seconds (default: -1 => never expire passwords)", "sambaMaxPwdAge" }, {PDB_POLICY_MIN_PASSWORD_AGE,"minimum password age", 0, "Minimal password age, in seconds (default: 0 => allow immediate password change)", "sambaMinPwdAge" }, {PDB_POLICY_LOCK_ACCOUNT_DURATION, "lockout duration", 30, "Lockout duration in minutes (default: 30, -1 => forever)", "sambaLockoutDuration" }, {PDB_POLICY_RESET_COUNT_TIME, "reset count minutes", 30, "Reset time after lockout in minutes (default: 30)", "sambaLockoutObservationWindow" }, {PDB_POLICY_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt", 0, "Lockout users after bad logon attempts (default: 0 => off)", "sambaLockoutThreshold" }, {PDB_POLICY_TIME_TO_LOGOUT, "disconnect time", (uint32_t) -1, "Disconnect Users outside logon hours (default: -1 => off, 0 => on)", "sambaForceLogoff" }, {PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change", 0, "Allow Machine Password changes (default: 0 => off)", "sambaRefuseMachinePwdChange" }, {0, NULL, 0, "", NULL} }; void account_policy_names_list(TALLOC_CTX *mem_ctx, const char ***names, int *num_names) { const char **nl; int i, count = ARRAY_SIZE(account_policy_names); nl = talloc_array(mem_ctx, const char *, count); if (!nl) { *num_names = 0; return; } for (i=0; i