struct GUID guid;
};
+/*
+ * Types of account policy.
+ */
+enum pdb_policy_type {
+ PDB_POLICY_MIN_PASSWORD_LEN = 1,
+ PDB_POLICY_PASSWORD_HISTORY = 2,
+ PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS = 3,
+ PDB_POLICY_MAX_PASSWORD_AGE = 4,
+ PDB_POLICY_MIN_PASSWORD_AGE = 5,
+ PDB_POLICY_LOCK_ACCOUNT_DURATION = 6,
+ PDB_POLICY_RESET_COUNT_TIME = 7,
+ PDB_POLICY_BAD_ATTEMPT_LOCKOUT = 8,
+ PDB_POLICY_TIME_TO_LOGOUT = 9,
+ PDB_POLICY_REFUSE_MACHINE_PW_CHANGE = 10
+};
+
#define PDB_CAP_STORE_RIDS 0x0001
#define PDB_CAP_ADS 0x0002
enum lsa_SidType *attrs);
NTSTATUS (*get_account_policy)(struct pdb_methods *methods,
- int policy_index, uint32 *value);
+ enum pdb_policy_type type,
+ uint32_t *value);
NTSTATUS (*set_account_policy)(struct pdb_methods *methods,
- int policy_index, uint32 value);
+ enum pdb_policy_type type,
+ uint32_t value);
NTSTATUS (*get_seq_num)(struct pdb_methods *methods, time_t *seq_num);
/* The following definitions come from lib/account_pol.c */
void account_policy_names_list(const char ***names, int *num_names);
-const char *decode_account_policy_name(int field);
-const char *get_account_policy_attr(int field);
-const char *account_policy_get_desc(int field);
-int account_policy_name_to_fieldnum(const char *name);
-bool account_policy_get_default(int account_policy, uint32 *val);
+const char *decode_account_policy_name(enum pdb_policy_type type);
+const char *get_account_policy_attr(enum pdb_policy_type type);
+const char *account_policy_get_desc(enum pdb_policy_type type);
+enum pdb_policy_type account_policy_name_to_typenum(const char *name);
+bool account_policy_get_default(enum pdb_policy_type type, uint32_t *val);
bool init_account_policy(void);
-bool account_policy_get(int field, uint32 *value);
-bool account_policy_set(int field, uint32 value);
-bool cache_account_policy_set(int field, uint32 value);
-bool cache_account_policy_get(int field, uint32 *value);
+bool account_policy_get(enum pdb_policy_type type, uint32_t *value);
+bool account_policy_set(enum pdb_policy_type type, uint32_t value);
+bool cache_account_policy_set(enum pdb_policy_type type, uint32_t value);
+bool cache_account_policy_get(enum pdb_policy_type type, uint32_t *value);
struct db_context *get_account_pol_db( void );
/* The following definitions come from lib/adt_tree.c */
const char **names,
uint32 *rids,
enum lsa_SidType *attrs);
-bool pdb_get_account_policy(int policy_index, uint32 *value);
-bool pdb_set_account_policy(int policy_index, uint32 value);
+bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value);
+bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value);
bool pdb_get_seq_num(time_t *seq_num);
bool pdb_uid_to_rid(uid_t uid, uint32 *rid);
bool pdb_uid_to_sid(uid_t uid, DOM_SID *sid);
#define PW_HISTORY_ENTRY_LEN (PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN)
#define MAX_PW_HISTORY_LEN 24
-/*
- * Flags for account policy.
- */
-#define AP_MIN_PASSWORD_LEN 1
-#define AP_PASSWORD_HISTORY 2
-#define AP_USER_MUST_LOGON_TO_CHG_PASS 3
-#define AP_MAX_PASSWORD_AGE 4
-#define AP_MIN_PASSWORD_AGE 5
-#define AP_LOCK_ACCOUNT_DURATION 6
-#define AP_RESET_COUNT_TIME 7
-#define AP_BAD_ATTEMPT_LOCKOUT 8
-#define AP_TIME_TO_LOGOUT 9
-#define AP_REFUSE_MACHINE_PW_CHANGE 10
-
/*
* Flags for local user manipulation.
*/
struct ap_table {
- int field;
+ enum pdb_policy_type type;
const char *string;
uint32 default_val;
const char *description;
};
static const struct ap_table account_policy_names[] = {
- {AP_MIN_PASSWORD_LEN, "min password length", MINPASSWDLENGTH,
+ {PDB_POLICY_MIN_PASSWORD_LEN, "min password length", MINPASSWDLENGTH,
"Minimal password length (default: 5)",
"sambaMinPwdLength" },
- {AP_PASSWORD_HISTORY, "password history", 0,
+ {PDB_POLICY_PASSWORD_HISTORY, "password history", 0,
"Length of Password History Entries (default: 0 => off)",
"sambaPwdHistoryLength" },
- {AP_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password", 0,
+ {PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password", 0,
"Force Users to logon for password change (default: 0 => off, 2 => on)",
"sambaLogonToChgPwd" },
- {AP_MAX_PASSWORD_AGE, "maximum password age", (uint32) -1,
+ {PDB_POLICY_MAX_PASSWORD_AGE, "maximum password age", (uint32) -1,
"Maximum password age, in seconds (default: -1 => never expire passwords)",
"sambaMaxPwdAge" },
- {AP_MIN_PASSWORD_AGE,"minimum password age", 0,
+ {PDB_POLICY_MIN_PASSWORD_AGE,"minimum password age", 0,
"Minimal password age, in seconds (default: 0 => allow immediate password change)",
"sambaMinPwdAge" },
- {AP_LOCK_ACCOUNT_DURATION, "lockout duration", 30,
+ {PDB_POLICY_LOCK_ACCOUNT_DURATION, "lockout duration", 30,
"Lockout duration in minutes (default: 30, -1 => forever)",
"sambaLockoutDuration" },
- {AP_RESET_COUNT_TIME, "reset count minutes", 30,
+ {PDB_POLICY_RESET_COUNT_TIME, "reset count minutes", 30,
"Reset time after lockout in minutes (default: 30)",
"sambaLockoutObservationWindow" },
- {AP_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt", 0,
+ {PDB_POLICY_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt", 0,
"Lockout users after bad logon attempts (default: 0 => off)",
"sambaLockoutThreshold" },
- {AP_TIME_TO_LOGOUT, "disconnect time", (uint32) -1,
+ {PDB_POLICY_TIME_TO_LOGOUT, "disconnect time", (uint32) -1,
"Disconnect Users outside logon hours (default: -1 => off, 0 => on)",
"sambaForceLogoff" },
- {AP_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change", 0,
+ {PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change", 0,
"Allow Machine Password changes (default: 0 => off)",
"sambaRefuseMachinePwdChange" },
Get the account policy name as a string from its #define'ed number
****************************************************************************/
-const char *decode_account_policy_name(int field)
+const char *decode_account_policy_name(enum pdb_policy_type type)
{
int i;
for (i=0; account_policy_names[i].string; i++) {
- if (field == account_policy_names[i].field) {
+ if (type == account_policy_names[i].type) {
return account_policy_names[i].string;
}
}
Get the account policy LDAP attribute as a string from its #define'ed number
****************************************************************************/
-const char *get_account_policy_attr(int field)
+const char *get_account_policy_attr(enum pdb_policy_type type)
{
int i;
- for (i=0; account_policy_names[i].field; i++) {
- if (field == account_policy_names[i].field) {
+ for (i=0; account_policy_names[i].type; i++) {
+ if (type == account_policy_names[i].type) {
return account_policy_names[i].ldap_attr;
}
}
Get the account policy description as a string from its #define'ed number
****************************************************************************/
-const char *account_policy_get_desc(int field)
+const char *account_policy_get_desc(enum pdb_policy_type type)
{
int i;
for (i=0; account_policy_names[i].string; i++) {
- if (field == account_policy_names[i].field) {
+ if (type == account_policy_names[i].type) {
return account_policy_names[i].description;
}
}
Get the account policy name as a string from its #define'ed number
****************************************************************************/
-int account_policy_name_to_fieldnum(const char *name)
+enum pdb_policy_type account_policy_name_to_typenum(const char *name)
{
int i;
for (i=0; account_policy_names[i].string; i++) {
if (strcmp(name, account_policy_names[i].string) == 0) {
- return account_policy_names[i].field;
+ return account_policy_names[i].type;
}
}
return 0;
Get default value for account policy
*****************************************************************************/
-bool account_policy_get_default(int account_policy, uint32 *val)
+bool account_policy_get_default(enum pdb_policy_type type, uint32_t *val)
{
int i;
- for (i=0; account_policy_names[i].field; i++) {
- if (account_policy_names[i].field == account_policy) {
+ for (i=0; account_policy_names[i].type; i++) {
+ if (account_policy_names[i].type == type) {
*val = account_policy_names[i].default_val;
return True;
}
}
DEBUG(0,("no default for account_policy index %d found. This should never happen\n",
- account_policy));
+ type));
return False;
}
/*****************************************************************************
- Set default for a field if it is empty
+ Set default for a type if it is empty
*****************************************************************************/
-static bool account_policy_set_default_on_empty(int account_policy)
+static bool account_policy_set_default_on_empty(enum pdb_policy_type type)
{
uint32 value;
- if (!account_policy_get(account_policy, &value) &&
- !account_policy_get_default(account_policy, &value)) {
+ if (!account_policy_get(type, &value) &&
+ !account_policy_get_default(type, &value)) {
return False;
}
- return account_policy_set(account_policy, value);
+ return account_policy_set(type, value);
}
/*****************************************************************************
goto cancel;
}
- for (i=0; account_policy_names[i].field; i++) {
+ for (i=0; account_policy_names[i].type; i++) {
- if (!account_policy_set_default_on_empty(account_policy_names[i].field)) {
+ if (!account_policy_set_default_on_empty(account_policy_names[i].type)) {
DEBUG(0,("failed to set default value in account policy tdb\n"));
goto cancel;
}
Get an account policy (from tdb)
*****************************************************************************/
-bool account_policy_get(int field, uint32 *value)
+bool account_policy_get(enum pdb_policy_type type, uint32_t *value)
{
const char *name;
uint32 regval;
*value = 0;
}
- name = decode_account_policy_name(field);
+ name = decode_account_policy_name(type);
if (name == NULL) {
- DEBUG(1, ("account_policy_get: Field %d is not a valid account policy type! Cannot get, returning 0.\n", field));
+ DEBUG(1, ("account_policy_get: Field %d is not a valid account policy type! Cannot get, returning 0.\n", type));
return False;
}
if (!dbwrap_fetch_uint32(db, name, ®val)) {
- DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for field %d (%s), returning 0\n", field, name));
+ DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for type %d (%s), returning 0\n", type, name));
return False;
}
Set an account policy (in tdb)
****************************************************************************/
-bool account_policy_set(int field, uint32 value)
+bool account_policy_set(enum pdb_policy_type type, uint32_t value)
{
const char *name;
NTSTATUS status;
return False;
}
- name = decode_account_policy_name(field);
+ name = decode_account_policy_name(type);
if (name == NULL) {
- DEBUG(1, ("Field %d is not a valid account policy type! Cannot set.\n", field));
+ DEBUG(1, ("Field %d is not a valid account policy type! Cannot set.\n", type));
return False;
}
status = dbwrap_trans_store_uint32(db, name, value);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("store_uint32 failed for field %d (%s) on value "
- "%u: %s\n", field, name, value, nt_errstr(status)));
+ DEBUG(1, ("store_uint32 failed for type %d (%s) on value "
+ "%u: %s\n", type, name, value, nt_errstr(status)));
return False;
}
Set an account policy in the cache
****************************************************************************/
-bool cache_account_policy_set(int field, uint32 value)
+bool cache_account_policy_set(enum pdb_policy_type type, uint32_t value)
{
const char *policy_name = NULL;
char *cache_key = NULL;
char *cache_value = NULL;
bool ret = False;
- policy_name = decode_account_policy_name(field);
+ policy_name = decode_account_policy_name(type);
if (policy_name == NULL) {
DEBUG(0,("cache_account_policy_set: no policy found\n"));
return False;
Get an account policy from the cache
*****************************************************************************/
-bool cache_account_policy_get(int field, uint32 *value)
+bool cache_account_policy_get(enum pdb_policy_type type, uint32_t *value)
{
const char *policy_name = NULL;
char *cache_key = NULL;
char *cache_value = NULL;
bool ret = False;
- policy_name = decode_account_policy_name(field);
+ policy_name = decode_account_policy_name(type);
if (policy_name == NULL) {
DEBUG(0,("cache_account_policy_set: no policy found\n"));
return False;
}
- if (!pdb_set_account_policy(AP_PASSWORD_HISTORY,
+ if (!pdb_set_account_policy(PDB_POLICY_PASSWORD_HISTORY,
r->password_history_length))
return nt_status;
- if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN,
+ if (!pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
r->min_password_length))
return nt_status;
- if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age))
+ if (!pdb_set_account_policy(PDB_POLICY_MAX_PASSWORD_AGE,
+ (uint32)u_max_age))
return nt_status;
- if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age))
+ if (!pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_AGE,
+ (uint32)u_min_age))
return nt_status;
- if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout))
+ if (!pdb_set_account_policy(PDB_POLICY_TIME_TO_LOGOUT,
+ (uint32)u_logout))
return nt_status;
if (lockstr) {
u_lockoutreset = uint64s_nt_time_to_unix_abs(&lockstr->reset_count);
u_lockouttime = uint64s_nt_time_to_unix_abs((uint64_t *)&lockstr->lockout_duration);
- if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT,
+ if (!pdb_set_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT,
lockstr->bad_attempt_lockout))
return nt_status;
- if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32_t)u_lockoutreset/60))
+ if (!pdb_set_account_policy(PDB_POLICY_RESET_COUNT_TIME,
+ (uint32_t)u_lockoutreset/60))
return nt_status;
if (u_lockouttime != -1)
u_lockouttime /= 60;
- if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32_t)u_lockouttime))
+ if (!pdb_set_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION,
+ (uint32_t)u_lockouttime))
return nt_status;
}
- if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+ if (!pdb_set_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
r->logon_to_chgpass))
return nt_status;
}
/* Change from V1 is addition of password history field. */
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen) {
uint8 *pw_hist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN);
if (!pw_hist) {
}
}
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen) {
uint8 *pw_hist = (uint8 *)SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
if (!pw_hist) {
nt_pw_len = 0;
}
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
nt_pw_hist = pdb_get_pw_history(sampass, &nt_pw_hist_len);
if (pwHistLen && nt_pw_hist && nt_pw_hist_len) {
nt_pw_hist_len *= PW_HISTORY_ENTRY_LEN;
}
/*********************************************************************
- Update the bad password count checking the AP_RESET_COUNT_TIME
+ Update the bad password count checking the PDB_POLICY_RESET_COUNT_TIME
*********************************************************************/
bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
}
become_root();
- res = pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime);
+ res = pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &resettime);
unbecome_root();
if (!res) {
}
/*********************************************************************
- Update the ACB_AUTOLOCK flag checking the AP_LOCK_ACCOUNT_DURATION
+ Update the ACB_AUTOLOCK flag checking the PDB_POLICY_LOCK_ACCOUNT_DURATION
*********************************************************************/
bool pdb_update_autolock_flag(struct samu *sampass, bool *updated)
}
become_root();
- res = pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration);
+ res = pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, &duration);
unbecome_root();
if (!res) {
/* Retrieve the account lockout policy */
become_root();
- ret = pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout);
+ ret = pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout);
unbecome_root();
if ( !ret ) {
DEBUG(0, ("pdb_increment_bad_password_count: pdb_get_account_policy failed.\n"));
}
static NTSTATUS pdb_ads_get_account_policy(struct pdb_methods *m,
- int policy_index, uint32 *value)
+ enum pdb_policy_type type,
+ uint32_t *value)
{
- return account_policy_get(policy_index, value)
+ return account_policy_get(type, value)
? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS pdb_ads_set_account_policy(struct pdb_methods *m,
- int policy_index, uint32 value)
+ enum pdb_policy_type type,
+ uint32_t value)
{
- return account_policy_set(policy_index, value)
+ return account_policy_set(type, value)
? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
pdb_get_init_flags(sampass, PDB_CANCHANGETIME) == PDB_CHANGED)
return sampass->pass_can_change_time;
- if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow))
+ if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &allow))
allow = 0;
/* in normal cases, just calculate it from policy */
if (sampass->acct_ctrl & ACB_PWNOEXP)
return get_time_t_max();
- if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
+ if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire)
|| expire == (uint32)-1 || expire == 0)
return get_time_t_max();
if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
uchar *pwhistory;
uint32 pwHistLen;
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen != 0){
uint32 current_history_len;
/* We need to make sure we don't have a race condition here - the
}
#endif
-bool pdb_get_account_policy(int policy_index, uint32 *value)
+bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value)
{
struct pdb_methods *pdb = pdb_get_methods();
NTSTATUS status;
become_root();
- status = pdb->get_account_policy(pdb, policy_index, value);
+ status = pdb->get_account_policy(pdb, type, value);
unbecome_root();
return NT_STATUS_IS_OK(status);
}
-bool pdb_set_account_policy(int policy_index, uint32 value)
+bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value)
{
struct pdb_methods *pdb = pdb_get_methods();
NTSTATUS status;
become_root();
- status = pdb->set_account_policy(pdb, policy_index, value);
+ status = pdb->set_account_policy(pdb, type, value);
unbecome_root();
return NT_STATUS_IS_OK(status);
return NT_STATUS_OK;
}
-static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
+static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value)
{
- return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ return account_policy_get(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
-static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value)
+static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value)
{
- return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ return account_policy_set(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num)
pwHistLen = 0;
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen > 0){
uint8 *pwhist = NULL;
int i;
if (need_update(sampass, PDB_PWHISTORY)) {
char *pwstr = NULL;
uint32 pwHistLen = 0;
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
pwstr = SMB_MALLOC_ARRAY(char, 1024);
if (!pwstr) {
uint16 badcount = pdb_get_bad_password_count(sampass);
time_t badtime = pdb_get_bad_password_time(sampass);
uint32 pol;
- pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &pol);
+ pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &pol);
DEBUG(3, ("updating bad password fields, policy=%u, count=%u, time=%u\n",
(unsigned int)pol, (unsigned int)badcount, (unsigned int)badtime));
}
static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
- int policy_index,
+ enum pdb_policy_type type,
uint32 value)
{
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_INVALID_PARAMETER;
}
- policy_attr = get_account_policy_attr(policy_index);
+ policy_attr = get_account_policy_attr(type);
if (policy_attr == NULL) {
DEBUG(0,("ldapsam_set_account_policy_in_ldap: invalid "
"policy\n"));
return ntstatus;
}
- if (!cache_account_policy_set(policy_index, value)) {
+ if (!cache_account_policy_set(type, value)) {
DEBUG(0,("ldapsam_set_account_policy_in_ldap: failed to "
"update local tdb cache\n"));
return ntstatus;
}
static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods,
- int policy_index, uint32 value)
+ enum pdb_policy_type type,
+ uint32_t value)
{
- return ldapsam_set_account_policy_in_ldap(methods, policy_index,
+ return ldapsam_set_account_policy_in_ldap(methods, type,
value);
}
static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods,
- int policy_index,
+ enum pdb_policy_type type,
uint32 *value)
{
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_INVALID_PARAMETER;
}
- policy_attr = get_account_policy_attr(policy_index);
+ policy_attr = get_account_policy_attr(type);
if (!policy_attr) {
DEBUG(0,("ldapsam_get_account_policy_from_ldap: invalid "
- "policy index: %d\n", policy_index));
+ "policy index: %d\n", type));
return ntstatus;
}
Guenther
*/
static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods,
- int policy_index, uint32 *value)
+ enum pdb_policy_type type,
+ uint32_t *value)
{
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
- if (cache_account_policy_get(policy_index, value)) {
+ if (cache_account_policy_get(type, value)) {
DEBUG(11,("ldapsam_get_account_policy: got valid value from "
"cache\n"));
return NT_STATUS_OK;
}
- ntstatus = ldapsam_get_account_policy_from_ldap(methods, policy_index,
+ ntstatus = ldapsam_get_account_policy_from_ldap(methods, type,
value);
if (NT_STATUS_IS_OK(ntstatus)) {
goto update_cache;
#if 0
/* should we automagically migrate old tdb value here ? */
- if (account_policy_get(policy_index, value))
+ if (account_policy_get(type, value))
goto update_ldap;
DEBUG(10,("ldapsam_get_account_policy: no tdb for %d, trying "
- "default\n", policy_index));
+ "default\n", type));
#endif
- if (!account_policy_get_default(policy_index, value)) {
+ if (!account_policy_get_default(type, value)) {
return ntstatus;
}
/* update_ldap: */
- ntstatus = ldapsam_set_account_policy(methods, policy_index, *value);
+ ntstatus = ldapsam_set_account_policy(methods, type, *value);
if (!NT_STATUS_IS_OK(ntstatus)) {
return ntstatus;
}
update_cache:
- if (!cache_account_policy_set(policy_index, *value)) {
+ if (!cache_account_policy_set(type, *value)) {
DEBUG(0,("ldapsam_get_account_policy: failed to update local "
"tdb as a cache\n"));
return NT_STATUS_UNSUCCESSFUL;
{
uint32 dwValue;
- if (!pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, &dwValue)) {
+ if (!pdb_get_account_policy(PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, &dwValue)) {
dwValue = 0;
}
switch (sid_type) {
case SID_NAME_USER:
become_root();
- pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
+ pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
&min_password_length);
- pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+ pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
&password_properties);
unbecome_root();
/* AS ROOT !!! */
- pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &tmp);
+ pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &tmp);
dominfo->min_password_length = tmp;
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &tmp);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &tmp);
dominfo->password_history_length = tmp;
- pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+ pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
&dominfo->password_properties);
- pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp);
+ pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &account_policy_temp);
u_expire = account_policy_temp;
- pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp);
+ pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &account_policy_temp);
u_min_age = account_policy_temp;
/* !AS ROOT */
/* AS ROOT !!! */
- pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp);
+ pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &account_policy_temp);
r->min_password_length = account_policy_temp;
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &account_policy_temp);
r->password_history_length = account_policy_temp;
- pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+ pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
&r->password_properties);
- pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp);
+ pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &account_policy_temp);
u_expire = account_policy_temp;
- pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp);
+ pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &account_policy_temp);
u_min_age = account_policy_temp;
/* !AS ROOT */
r->num_groups = count_sam_groups(dinfo->disp_info);
r->num_aliases = count_sam_aliases(dinfo->disp_info);
- pdb_get_account_policy(AP_TIME_TO_LOGOUT, &u_logout);
+ pdb_get_account_policy(PDB_POLICY_TIME_TO_LOGOUT, &u_logout);
unix_to_nt_time_abs(&r->force_logoff_time, u_logout);
{
uint32_t ul;
- pdb_get_account_policy(AP_TIME_TO_LOGOUT, &ul);
+ pdb_get_account_policy(PDB_POLICY_TIME_TO_LOGOUT, &ul);
u_logout = (time_t)ul;
}
become_root();
- pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
+ pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, &account_policy_temp);
u_lock_duration = account_policy_temp;
if (u_lock_duration != -1) {
u_lock_duration *= 60;
}
- pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp);
+ pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &account_policy_temp);
u_reset_time = account_policy_temp * 60;
- pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
+ pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
r->lockout_threshold = account_policy_temp;
/* !AS ROOT */
/* AS ROOT !!! */
- pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
+ pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, &account_policy_temp);
u_lock_duration = account_policy_temp;
if (u_lock_duration != -1) {
u_lock_duration *= 60;
}
- pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp);
+ pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &account_policy_temp);
u_reset_time = account_policy_temp * 60;
- pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
+ pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
r->lockout_threshold = account_policy_temp;
/* !AS ROOT */
}
become_root();
- pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
+ pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
&min_password_length);
- pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+ pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
&password_properties);
unbecome_root();
u_expire = nt_time_to_unix_abs((NTTIME *)&r->max_password_age);
u_min_age = nt_time_to_unix_abs((NTTIME *)&r->min_password_age);
- pdb_set_account_policy(AP_MIN_PASSWORD_LEN,
+ pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
(uint32_t)r->min_password_length);
- pdb_set_account_policy(AP_PASSWORD_HISTORY,
+ pdb_set_account_policy(PDB_POLICY_PASSWORD_HISTORY,
(uint32_t)r->password_history_length);
- pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+ pdb_set_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
(uint32_t)r->password_properties);
- pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (int)u_expire);
- pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (int)u_min_age);
+ pdb_set_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, (int)u_expire);
+ pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, (int)u_min_age);
return NT_STATUS_OK;
}
u_logout = nt_time_to_unix_abs((NTTIME *)&r->force_logoff_time);
- pdb_set_account_policy(AP_TIME_TO_LOGOUT, (int)u_logout);
+ pdb_set_account_policy(PDB_POLICY_TIME_TO_LOGOUT, (int)u_logout);
return NT_STATUS_OK;
}
u_reset_time = nt_time_to_unix_abs((NTTIME *)&r->lockout_window)/60;
- pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
- pdb_set_account_policy(AP_RESET_COUNT_TIME, (int)u_reset_time);
- pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT,
+ pdb_set_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
+ pdb_set_account_policy(PDB_POLICY_RESET_COUNT_TIME, (int)u_reset_time);
+ pdb_set_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT,
(uint32_t)r->lockout_threshold);
return NT_STATUS_OK;
uint32_t pwd_max_age = 0;
time_t now = time(NULL);
- pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &pwd_max_age);
+ pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &pwd_max_age);
if (pwd_max_age == (uint32_t)-1 || pwd_max_age == 0) {
pwd_max_age = get_time_t_max();
int i;
uint32 pwHisLen, curr_pwHisLen;
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHisLen);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHisLen);
if (pwHisLen == 0) {
return False;
}
* denies machines to change the password. *
* Should we deny also SRVTRUST and/or DOMSTRUST ? .SSS. */
if (pdb_get_acct_ctrl(hnd) & ACB_WSTRUST) {
- if (pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, &refuse) && refuse) {
+ if (pdb_get_account_policy(PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, &refuse) && refuse) {
DEBUG(1, ("Machine %s cannot change password now, "
"denied by Refuse Machine Password Change policy\n",
username));
return NT_STATUS_ACCOUNT_RESTRICTION;
}
- if (pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) {
+ if (pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) {
DEBUG(1, ("user %s cannot change password - password too short\n",
username));
DEBUGADD(1, (" account policy min password len = %d\n", min_len));
pdb_set_homedir(out, "\\\\torture\\home", PDB_SET);
pdb_set_logon_script(out, "torture_script.cmd", PDB_SET);
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &history);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &history);
if (history * PW_HISTORY_ENTRY_LEN < NT_HASH_LEN) {
buf = (uint8 *)TALLOC(ctx, NT_HASH_LEN);
} else {
}
pdb_set_pw_history(out, buf, history, PDB_SET);
- pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire);
- pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age);
+ pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire);
+ pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &min_age);
pdb_set_pass_last_set_time(out, time(NULL), PDB_SET);
if (expire == 0 || expire == (uint32)-1) {
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
+ if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
&account_policy_temp)) {
return NT_STATUS_ACCESS_DENIED;
}
p->min_password_length = account_policy_temp;
- if (!pdb_get_account_policy(AP_PASSWORD_HISTORY,
+ if (!pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY,
&account_policy_temp)) {
return NT_STATUS_ACCESS_DENIED;
}
p->password_history_length = account_policy_temp;
- if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+ if (!pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
&p->password_properties)) {
return NT_STATUS_ACCESS_DENIED;
}
- if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) {
+ if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &account_policy_temp)) {
return NT_STATUS_ACCESS_DENIED;
}
u_expire = account_policy_temp;
- if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) {
+ if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &account_policy_temp)) {
return NT_STATUS_ACCESS_DENIED;
}
u_min_age = account_policy_temp;