Copyright (C) Gerald (Jerry) Carter 2000-2006
Copyright (C) Andrew Bartlett 2001-2002
Copyright (C) Stefan (metze) Metzmacher 2002
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
/**
* @todo Redefine this to NULL, but this changes the API because
* much of samba assumes that the pdb_get...() funtions
- * return pstrings. (ie not null-pointers).
+ * return strings. (ie not null-pointers).
* See also pdb_fill_default_sam().
*/
}
time_t pdb_get_pass_can_change_time(const struct samu *sampass)
+{
+ uint32 allow;
+
+ /* if the last set time is zero, it means the user cannot
+ change their password, and this time must be zero. jmcd
+ */
+ if (sampass->pass_last_set_time == 0)
+ return (time_t) 0;
+
+ /* if the time is max, and the field has been changed,
+ we're trying to update this real value from the sampass
+ to indicate that the user cannot change their password. jmcd
+ */
+ if (sampass->pass_can_change_time == get_time_t_max() &&
+ pdb_get_init_flags(sampass, PDB_CANCHANGETIME) == PDB_CHANGED)
+ return sampass->pass_can_change_time;
+
+ if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow))
+ allow = 0;
+
+ /* in normal cases, just calculate it from policy */
+ return sampass->pass_last_set_time + allow;
+}
+
+/* we need this for loading from the backend, so that we don't overwrite
+ non-changed max times, otherwise the pass_can_change checking won't work */
+time_t pdb_get_pass_can_change_time_noncalc(const struct samu *sampass)
{
return sampass->pass_can_change_time;
}
time_t pdb_get_pass_must_change_time(const struct samu *sampass)
{
- return sampass->pass_must_change_time;
+ uint32 expire;
+
+ if (sampass->pass_last_set_time == 0)
+ return (time_t) 0;
+
+ if (sampass->acct_ctrl & ACB_PWNOEXP)
+ return get_time_t_max();
+
+ if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
+ || expire == (uint32)-1 || expire == 0)
+ return get_time_t_max();
+
+ return sampass->pass_last_set_time + expire;
+}
+
+bool pdb_get_pass_can_change(const struct samu *sampass)
+{
+ if (sampass->pass_can_change_time == get_time_t_max() &&
+ sampass->pass_last_set_time != 0)
+ return False;
+ return True;
}
uint16 pdb_get_logon_divs(const struct samu *sampass)
/* Return the plaintext password if known. Most of the time
it isn't, so don't assume anything magic about this function.
-
+
Used to pass the plaintext to passdb backends that might
want to store more than just the NTLM hashes.
*/
{
DOM_SID *gsid;
struct passwd *pwd;
-
+
/* Return the cached group SID if we have that */
if ( sampass->group_sid ) {
return sampass->group_sid;
}
-
+
/* generate the group SID from the user's primary Unix group */
-
+
if ( !(gsid = TALLOC_P( sampass, DOM_SID )) ) {
return NULL;
}
-
+
/* No algorithmic mapping, meaning that we have to figure out the
primary group SID according to group mapping and the user SID must
be a newly allocated one. We rely on the user's Unix primary gid.
if ( sampass->unix_pw ) {
pwd = sampass->unix_pw;
} else {
- pwd = getpwnam_alloc( sampass, pdb_get_username(sampass) );
+ pwd = Get_Pwnam_alloc( sampass, pdb_get_username(sampass) );
}
if ( !pwd ) {
DEBUG(0,("pdb_get_group_sid: Failed to find Unix account for %s\n", pdb_get_username(sampass) ));
return NULL;
}
-
+
if ( pdb_gid_to_sid(pwd->pw_gid, gsid) ) {
- enum SID_NAME_USE type = SID_NAME_UNKNOWN;
+ enum lsa_SidType type = SID_NAME_UNKNOWN;
TALLOC_CTX *mem_ctx = talloc_init("pdb_get_group_sid");
- BOOL lookup_ret;
-
+ bool lookup_ret;
+
if (!mem_ctx) {
return NULL;
}
/* Just set it to the 'Domain Users' RID of 512 which will
always resolve to a name */
-
+
sid_copy( gsid, get_global_sam_sid() );
sid_append_rid( gsid, DOMAIN_GROUP_RID_USERS );
-
+
sampass->group_sid = gsid;
-
+
return sampass->group_sid;
}
* @param sampass the struct samu in question
* @return the flags indicating the members initialised in the struct.
**/
-
+
enum pdb_value_state pdb_get_init_flags(const struct samu *sampass, enum pdb_elements element)
{
enum pdb_value_state ret = PDB_DEFAULT;
-
+
if (!sampass->change_flags || !sampass->set_flags)
return ret;
-
+
if (bitmap_query(sampass->set_flags, element)) {
DEBUG(11, ("element %d: SET\n", element));
ret = PDB_SET;
}
-
+
if (bitmap_query(sampass->change_flags, element)) {
DEBUG(11, ("element %d: CHANGED\n", element));
ret = PDB_CHANGED;
return sampass->home_dir;
}
-const char *pdb_get_unix_homedir(const struct samu *sampass)
-{
- if (sampass->unix_pw ) {
- return sampass->unix_pw->pw_dir;
- }
- return NULL;
-}
-
const char *pdb_get_dir_drive(const struct samu *sampass)
{
return sampass->dir_drive;
return sampass->workstations;
}
-const char *pdb_get_unknown_str(const struct samu *sampass)
+const char *pdb_get_comment(const struct samu *sampass)
{
- return sampass->unknown_str;
+ return sampass->comment;
}
const char *pdb_get_munged_dial(const struct samu *sampass)
Collection of set...() functions for struct samu.
********************************************************************/
-BOOL pdb_set_acct_ctrl(struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag)
+bool pdb_set_acct_ctrl(struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag)
{
sampass->acct_ctrl = acct_ctrl;
return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
}
-BOOL pdb_set_logon_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
+bool pdb_set_logon_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
sampass->logon_time = mytime;
return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
}
-BOOL pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
+bool pdb_set_logoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
sampass->logoff_time = mytime;
return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
}
-BOOL pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
+bool pdb_set_kickoff_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
sampass->kickoff_time = mytime;
return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
}
-BOOL pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
+bool pdb_set_bad_password_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
sampass->bad_password_time = mytime;
return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_TIME, flag);
}
-BOOL pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
+bool pdb_set_pass_can_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
sampass->pass_can_change_time = mytime;
return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
}
-BOOL pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
+bool pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
sampass->pass_must_change_time = mytime;
return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
}
-BOOL pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
+bool pdb_set_pass_last_set_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)
{
sampass->pass_last_set_time = mytime;
return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
}
-BOOL pdb_set_hours_len(struct samu *sampass, uint32 len, enum pdb_value_state flag)
+bool pdb_set_hours_len(struct samu *sampass, uint32 len, enum pdb_value_state flag)
{
sampass->hours_len = len;
return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
}
-BOOL pdb_set_logon_divs(struct samu *sampass, uint16 hours, enum pdb_value_state flag)
+bool pdb_set_logon_divs(struct samu *sampass, uint16 hours, enum pdb_value_state flag)
{
sampass->logon_divs = hours;
return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
* @param flag The *new* flag to be set. Old flags preserved
* this flag is only added.
**/
-
-BOOL pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
+
+bool pdb_set_init_flags(struct samu *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
{
if (!sampass->set_flags) {
if ((sampass->set_flags =
return False;
}
}
-
+
switch(value_flag) {
case PDB_CHANGED:
if (!bitmap_set(sampass->change_flags, element)) {
return True;
}
-BOOL pdb_set_user_sid(struct samu *sampass, const DOM_SID *u_sid, enum pdb_value_state flag)
+bool pdb_set_user_sid(struct samu *sampass, const DOM_SID *u_sid, enum pdb_value_state flag)
{
if (!u_sid)
return False;
-
+
sid_copy(&sampass->user_sid, u_sid);
DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
- sid_string_static(&sampass->user_sid)));
+ sid_string_dbg(&sampass->user_sid)));
return pdb_set_init_flags(sampass, PDB_USERSID, flag);
}
-BOOL pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
+bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag)
{
DOM_SID new_sid;
-
+
if (!u_sid)
return False;
DEBUG(1, ("pdb_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
return False;
}
-
+
if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on struct samu!\n", u_sid));
return False;
We never fill this in from a passdb backend but rather set is
based on the user's primary group membership. However, the
struct samu* is overloaded and reused in domain memship code
- as well and built from the NET_USER_INFO_3 or PAC so we
+ as well and built from the netr_SamInfo3 or PAC so we
have to allow the explicitly setting of a group SID here.
********************************************************************/
-BOOL pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
+bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
{
gid_t gid;
}
DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
- sid_string_static(sampass->group_sid)));
+ sid_string_dbg(sampass->group_sid)));
return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
}
Set the user's UNIX name.
********************************************************************/
-BOOL pdb_set_username(struct samu *sampass, const char *username, enum pdb_value_state flag)
+bool pdb_set_username(struct samu *sampass, const char *username, enum pdb_value_state flag)
{
if (username) {
DEBUG(10, ("pdb_set_username: setting username %s, was %s\n", username,
} else {
sampass->username = PDB_NOT_QUITE_NULL;
}
-
+
return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
}
Set the domain name.
********************************************************************/
-BOOL pdb_set_domain(struct samu *sampass, const char *domain, enum pdb_value_state flag)
+bool pdb_set_domain(struct samu *sampass, const char *domain, enum pdb_value_state flag)
{
if (domain) {
DEBUG(10, ("pdb_set_domain: setting domain %s, was %s\n", domain,
Set the user's NT name.
********************************************************************/
-BOOL pdb_set_nt_username(struct samu *sampass, const char *nt_username, enum pdb_value_state flag)
+bool pdb_set_nt_username(struct samu *sampass, const char *nt_username, enum pdb_value_state flag)
{
if (nt_username) {
DEBUG(10, ("pdb_set_nt_username: setting nt username %s, was %s\n", nt_username,
(sampass->nt_username)?(sampass->nt_username):"NULL"));
sampass->nt_username = talloc_strdup(sampass, nt_username);
-
+
if (!sampass->nt_username) {
DEBUG(0, ("pdb_set_nt_username: talloc_strdup() failed!\n"));
return False;
Set the user's full name.
********************************************************************/
-BOOL pdb_set_fullname(struct samu *sampass, const char *full_name, enum pdb_value_state flag)
+bool pdb_set_fullname(struct samu *sampass, const char *full_name, enum pdb_value_state flag)
{
if (full_name) {
DEBUG(10, ("pdb_set_full_name: setting full name %s, was %s\n", full_name,
(sampass->full_name)?(sampass->full_name):"NULL"));
-
+
sampass->full_name = talloc_strdup(sampass, full_name);
if (!sampass->full_name) {
Set the user's logon script.
********************************************************************/
-BOOL pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum pdb_value_state flag)
+bool pdb_set_logon_script(struct samu *sampass, const char *logon_script, enum pdb_value_state flag)
{
if (logon_script) {
DEBUG(10, ("pdb_set_logon_script: setting logon script %s, was %s\n", logon_script,
(sampass->logon_script)?(sampass->logon_script):"NULL"));
-
+
sampass->logon_script = talloc_strdup(sampass, logon_script);
if (!sampass->logon_script) {
} else {
sampass->logon_script = PDB_NOT_QUITE_NULL;
}
-
+
return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
}
Set the user's profile path.
********************************************************************/
-BOOL pdb_set_profile_path(struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
+bool pdb_set_profile_path(struct samu *sampass, const char *profile_path, enum pdb_value_state flag)
{
if (profile_path) {
DEBUG(10, ("pdb_set_profile_path: setting profile path %s, was %s\n", profile_path,
(sampass->profile_path)?(sampass->profile_path):"NULL"));
-
+
sampass->profile_path = talloc_strdup(sampass, profile_path);
-
+
if (!sampass->profile_path) {
DEBUG(0, ("pdb_set_profile_path: talloc_strdup() failed!\n"));
return False;
Set the user's directory drive.
********************************************************************/
-BOOL pdb_set_dir_drive(struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
+bool pdb_set_dir_drive(struct samu *sampass, const char *dir_drive, enum pdb_value_state flag)
{
if (dir_drive) {
DEBUG(10, ("pdb_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
(sampass->dir_drive)?(sampass->dir_drive):"NULL"));
-
+
sampass->dir_drive = talloc_strdup(sampass, dir_drive);
-
+
if (!sampass->dir_drive) {
DEBUG(0, ("pdb_set_dir_drive: talloc_strdup() failed!\n"));
return False;
} else {
sampass->dir_drive = PDB_NOT_QUITE_NULL;
}
-
+
return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
}
Set the user's home directory.
********************************************************************/
-BOOL pdb_set_homedir(struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
+bool pdb_set_homedir(struct samu *sampass, const char *home_dir, enum pdb_value_state flag)
{
if (home_dir) {
DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", home_dir,
(sampass->home_dir)?(sampass->home_dir):"NULL"));
-
+
sampass->home_dir = talloc_strdup(sampass, home_dir);
-
+
if (!sampass->home_dir) {
DEBUG(0, ("pdb_set_home_dir: talloc_strdup() failed!\n"));
return False;
Set the user's account description.
********************************************************************/
-BOOL pdb_set_acct_desc(struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
+bool pdb_set_acct_desc(struct samu *sampass, const char *acct_desc, enum pdb_value_state flag)
{
if (acct_desc) {
sampass->acct_desc = talloc_strdup(sampass, acct_desc);
Set the user's workstation allowed list.
********************************************************************/
-BOOL pdb_set_workstations(struct samu *sampass, const char *workstations, enum pdb_value_state flag)
+bool pdb_set_workstations(struct samu *sampass, const char *workstations, enum pdb_value_state flag)
{
if (workstations) {
DEBUG(10, ("pdb_set_workstations: setting workstations %s, was %s\n", workstations,
(sampass->workstations)?(sampass->workstations):"NULL"));
-
+
sampass->workstations = talloc_strdup(sampass, workstations);
if (!sampass->workstations) {
}
/*********************************************************************
- Set the user's 'unknown_str', whatever the heck this actually is...
********************************************************************/
-BOOL pdb_set_unknown_str(struct samu *sampass, const char *unknown_str, enum pdb_value_state flag)
+bool pdb_set_comment(struct samu *sampass, const char *comment, enum pdb_value_state flag)
{
- if (unknown_str) {
- sampass->unknown_str = talloc_strdup(sampass, unknown_str);
-
- if (!sampass->unknown_str) {
- DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
+ if (comment) {
+ sampass->comment = talloc_strdup(sampass, comment);
+
+ if (!sampass->comment) {
+ DEBUG(0, ("pdb_set_comment: talloc_strdup() failed!\n"));
return False;
}
} else {
- sampass->unknown_str = PDB_NOT_QUITE_NULL;
+ sampass->comment = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_UNKNOWNSTR, flag);
+ return pdb_set_init_flags(sampass, PDB_COMMENT, flag);
}
/*********************************************************************
Set the user's dial string.
********************************************************************/
-BOOL pdb_set_munged_dial(struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
+bool pdb_set_munged_dial(struct samu *sampass, const char *munged_dial, enum pdb_value_state flag)
{
if (munged_dial) {
sampass->munged_dial = talloc_strdup(sampass, munged_dial);
-
+
if (!sampass->munged_dial) {
DEBUG(0, ("pdb_set_munged_dial: talloc_strdup() failed!\n"));
return False;
Set the user's NT hash.
********************************************************************/
-BOOL pdb_set_nt_passwd(struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
+bool pdb_set_nt_passwd(struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
{
data_blob_clear_free(&sampass->nt_pw);
-
+
if (pwd) {
sampass->nt_pw =
data_blob_talloc(sampass, pwd, NT_HASH_LEN);
} else {
- sampass->nt_pw = data_blob(NULL, 0);
+ sampass->nt_pw = data_blob_null;
}
return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
Set the user's LM hash.
********************************************************************/
-BOOL pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
+bool pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
{
data_blob_clear_free(&sampass->lm_pw);
-
+
/* on keep the password if we are allowing LANMAN authentication */
if (pwd && lp_lanman_auth() ) {
sampass->lm_pw = data_blob_talloc(sampass, pwd, LM_HASH_LEN);
} else {
- sampass->lm_pw = data_blob(NULL, 0);
+ sampass->lm_pw = data_blob_null;
}
return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
in pwd.
********************************************************************/
-BOOL pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)
+bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)
{
if (historyLen && pwd){
sampass->nt_pw_his = data_blob_talloc(sampass,
below)
********************************************************************/
-BOOL pdb_set_plaintext_pw_only(struct samu *sampass, const char *password, enum pdb_value_state flag)
+bool pdb_set_plaintext_pw_only(struct samu *sampass, const char *password, enum pdb_value_state flag)
{
if (password) {
if (sampass->plaintext_pw!=NULL)
memset(sampass->plaintext_pw,'\0',strlen(sampass->plaintext_pw)+1);
sampass->plaintext_pw = talloc_strdup(sampass, password);
-
+
if (!sampass->plaintext_pw) {
DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
return False;
return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
}
-BOOL pdb_set_bad_password_count(struct samu *sampass, uint16 bad_password_count, enum pdb_value_state flag)
+bool pdb_set_bad_password_count(struct samu *sampass, uint16 bad_password_count, enum pdb_value_state flag)
{
sampass->bad_password_count = bad_password_count;
return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
}
-BOOL pdb_set_logon_count(struct samu *sampass, uint16 logon_count, enum pdb_value_state flag)
+bool pdb_set_logon_count(struct samu *sampass, uint16 logon_count, enum pdb_value_state flag)
{
sampass->logon_count = logon_count;
return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
}
-BOOL pdb_set_unknown_6(struct samu *sampass, uint32 unkn, enum pdb_value_state flag)
+bool pdb_set_unknown_6(struct samu *sampass, uint32 unkn, enum pdb_value_state flag)
{
sampass->unknown_6 = unkn;
return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
}
-BOOL pdb_set_hours(struct samu *sampass, const uint8 *hours, enum pdb_value_state flag)
+bool pdb_set_hours(struct samu *sampass, const uint8 *hours, enum pdb_value_state flag)
{
if (!hours) {
memset ((char *)sampass->hours, 0, MAX_HOURS_LEN);
return pdb_set_init_flags(sampass, PDB_HOURS, flag);
}
-BOOL pdb_set_backend_private_data(struct samu *sampass, void *private_data,
+bool pdb_set_backend_private_data(struct samu *sampass, void *private_data,
void (*free_fn)(void **),
const struct pdb_methods *my_methods,
enum pdb_value_state flag)
/* Helpful interfaces to the above */
-/*********************************************************************
- Sets the last changed times and must change times for a normal
- password change.
- ********************************************************************/
-
-BOOL pdb_set_pass_changed_now(struct samu *sampass)
+bool pdb_set_pass_can_change(struct samu *sampass, bool canchange)
{
- uint32 expire;
- uint32 min_age;
-
- if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
- return False;
-
- if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
- || (expire==(uint32)-1) || (expire == 0)) {
- if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED))
- return False;
- } else {
- if (!pdb_set_pass_must_change_time (sampass,
- pdb_get_pass_last_set_time(sampass)
- + expire, PDB_CHANGED))
- return False;
- }
-
- if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age)
- || (min_age==(uint32)-1)) {
- if (!pdb_set_pass_can_change_time (sampass, 0, PDB_CHANGED))
- return False;
- } else {
- if (!pdb_set_pass_can_change_time (sampass,
- pdb_get_pass_last_set_time(sampass)
- + min_age, PDB_CHANGED))
- return False;
- }
- return True;
+ return pdb_set_pass_can_change_time(sampass,
+ canchange ? 0 : get_time_t_max(),
+ PDB_CHANGED);
}
+
/*********************************************************************
Set the user's PLAINTEXT password. Used as an interface to the above.
Also sets the last change time to NOW.
********************************************************************/
-BOOL pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
+bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
{
uchar new_lanman_p16[LM_HASH_LEN];
uchar new_nt_p16[NT_HASH_LEN];
if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED))
return False;
- if (!pdb_set_pass_changed_now (sampass))
+ if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
return False;
/* Store the password history. */
if (current_history_len < pwHistLen) {
/* Ensure we have space for the needed history. */
- uchar *new_history = TALLOC(sampass,
+ uchar *new_history = (uchar *)TALLOC(sampass,
pwHistLen*PW_HISTORY_ENTRY_LEN);
if (!new_history) {
return False;