r5349: After talking with Jerry, reverted the addition of account policies to

author Günther Deschner <gd@samba.org>

Sat, 12 Feb 2005 00:51:31 +0000 (00:51 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 15:55:38 +0000 (10:55 -0500)
author Günther Deschner <gd@samba.org>
Sat, 12 Feb 2005 00:51:31 +0000 (00:51 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 15:55:38 +0000 (10:55 -0500)
diff --git a/source3/Makefile.in b/source3/Makefile.in

index f20584218a6b60102836095d1cdded04b9f1d88d..466958b5abb44067c38e23b62c626ce3cd3094da 100644 (file)
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -203,10 +203,10 @@ LIB_OBJ = $(VERSION_OBJ) lib/charcnv.o lib/debug.o lib/fault.o \
           lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \
           lib/md5.o lib/hmacmd5.o lib/iconv.o \
           nsswitch/wb_client.o $(WBCOMMON_OBJ) \
-         lib/pam_errors.o intl/lang_tdb.o \
+         lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
           lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \
           lib/module.o lib/ldap_escape.o @CHARSET_STATIC@ \
-         lib/secdesc.o lib/secace.o lib/secacl.o 
+         lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o
  
  LIB_NONSMBD_OBJ = $(LIB_OBJ) lib/dummysmbd.o
  
@@ -312,7 +312,7 @@ PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
                 passdb/util_sam_sid.o passdb/pdb_compat.o \
                 passdb/lookup_sid.o \
                 passdb/login_cache.o @PDB_STATIC@ passdb/pdb_sql.o \
-               lib/system_smbd.o lib/account_pol.o lib/privileges.o
+               lib/system_smbd.o
  
  XML_OBJ = passdb/pdb_xml.o
  MYSQL_OBJ = passdb/pdb_mysql.o
@@ -507,8 +507,8 @@ LIBSMBCLIENT_OBJ = libsmb/libsmbclient.o libsmb/libsmb_compat.o \
                    libsmb/libsmb_cache.o \
                    $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
                    $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
-                  $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
-                  $(SECRETS_OBJ) $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) $(DUMMYROOT_OBJ)
+                  $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \
+                  $(SECRETS_OBJ) 
  
  # This shared library is intended for linking with unit test programs
  # to test Samba internals.  It's called libbigballofmud.so to
@@ -584,15 +584,13 @@ LOCKTEST2_OBJ = torture/locktest2.o $(PARAM_OBJ) $(LOCKING_OBJ) $(LIBSMB_OBJ) \
  
  SMBCACLS_OBJ = utils/smbcacls.o $(PARAM_OBJ) $(LIBSMB_OBJ) \
                            $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(RPC_PARSE_OBJ) \
-                          $(LIBMSRPC_OBJ) $(SECRETS_OBJ) \
-                          $(POPT_LIB_OBJ) $(DCUTIL_OBJ) $(LIBADS_OBJ) \
-                          $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) $(DUMMYROOT_OBJ)
+                          $(PASSDB_GET_SET_OBJ) $(LIBMSRPC_OBJ) $(SECRETS_OBJ) \
+                          $(POPT_LIB_OBJ) $(DCUTIL_OBJ) $(LIBADS_OBJ)
  
  SMBCQUOTAS_OBJ = utils/smbcquotas.o $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
                 $(PARAM_OBJ) \
-               $(LIB_NONSMBD_OBJ) $(RPC_PARSE_OBJ) \
-               $(LIBMSRPC_OBJ) $(SECRETS_OBJ) $(POPT_LIB_OBJ) \
-               $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) $(DUMMYROOT_OBJ)
+               $(LIB_NONSMBD_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \
+               $(LIBMSRPC_OBJ) $(SECRETS_OBJ) $(POPT_LIB_OBJ)
  
  TALLOCTORT_OBJ = lib/talloctort.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) libsmb/nterr.o
  
diff --git a/source3/include/passdb.h b/source3/include/passdb.h

index eed3be1ff94622dbdf4328d11fbec637834b9836..42f38e5b6ac231e51e96e12939399a492a6ae8a6 100644 (file)
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -334,12 +334,6 @@ typedef struct pdb_context
                                                DOM_SID **aliases,
                                                int *num_aliases);
  
-       NTSTATUS (*pdb_get_account_policy)(struct pdb_context *context,
-                                          int policy_index, int *value);
-
-       NTSTATUS (*pdb_set_account_policy)(struct pdb_context *context,
-                                          int policy_index, int value);
-
         void (*free_fn)(struct pdb_context **);
         
         TALLOC_CTX *mem_ctx;
@@ -431,12 +425,6 @@ typedef struct pdb_methods
                                            int num_members,
                                            DOM_SID **aliases, int *num);
  
-       NTSTATUS (*get_account_policy)(struct pdb_methods *methods,
-                                      int policy_index, int *value);
-
-       NTSTATUS (*set_account_policy)(struct pdb_methods *methods,
-                                      int policy_index, int value);
-
         void *private_data;  /* Private data of some kind */
         
         void (*free_private_data)(void **);
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h

index 9a116ab7e785874222713b5c088818865c7a53a6..adb51430dc6b4e3068cd9bcae4c7be4238bd8028 100644 (file)
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -38,7 +38,6 @@
  #define LDAP_OBJ_IDPOOL                        "sambaUnixIdPool"
  #define LDAP_OBJ_IDMAP_ENTRY           "sambaIdmapEntry"
  #define LDAP_OBJ_SID_ENTRY             "sambaSidEntry"
-#define LDAP_OBJ_ACCOUNT_POLICY                "sambaAccountPolicy"
  
  #define LDAP_OBJ_ACCOUNT               "account"
  #define LDAP_OBJ_POSIXACCOUNT          "posixAccount"
@@ -98,8 +97,6 @@
  #define LDAP_ATTR_SID_LIST             40
  #define LDAP_ATTR_MOD_TIMESTAMP                41
  #define LDAP_ATTR_LOGON_HOURS          42
-#define LDAP_ATTR_ACCOUNT_POLICY_NAME  43
-#define LDAP_ATTR_ACCOUNT_POLICY_VAL   44
  
  typedef struct _attrib_map_entry {
         int             attrib;
@@ -118,7 +115,6 @@ extern ATTRIB_MAP_ENTRY groupmap_attr_list[];
  extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[];
  extern ATTRIB_MAP_ENTRY idpool_attr_list[];
  extern ATTRIB_MAP_ENTRY sidmap_attr_list[];
-extern ATTRIB_MAP_ENTRY acctpol_attr_list[];
  
  /* Function declarations -- not included in proto.h so we don't
     have to worry about LDAP structure types */
diff --git a/source3/lib/account_pol.c b/source3/lib/account_pol.c

index f6e394399343e9d5b27d5035731b77a938991ecf..5997d9180aedfab499eaecf4ba4035c3de05e2db 100644 (file)
--- a/source3/lib/account_pol.c
+++ b/source3/lib/account_pol.c
@@ -3,7 +3,6 @@
   *  account policy storage
   *  Copyright (C) Jean François Micouleau      1998-2001.
   *  Copyright (C) Andrew Bartlett              2002
- *  Copyright (C) Guenther Deschner            2004-2005
   *  
   *  This program is free software; you can redistribute it and/or modify
   *  it under the terms of the GNU General Public License as published by
@@ -23,14 +22,7 @@
  #include "includes.h"
  static TDB_CONTEXT *tdb; 
  
-/* cache all entries for 60 seconds for to save ldap-queries (cache is updated
- * after this period if admins do not use pdbedit or usermanager but manipulate
- * ldap directly) - gd */
-
-#define DATABASE_VERSION       3
-#define AP_LASTSET             "LAST_CACHE_UPDATE"
-#define AP_MIGRATED            "ACCOUNT POLICIES WERE MIGRATED TO PASSDB"
-#define AP_TTL                 60
+#define DATABASE_VERSION 2
  
  extern DOM_SID global_sid_World;
  extern DOM_SID global_sid_Builtin_Administrators;
@@ -40,35 +32,100 @@ extern DOM_SID global_sid_Builtin_Print_Operators;
  extern DOM_SID global_sid_Builtin_Backup_Operators;
  
  
-struct ap_table {
+/****************************************************************************
+ Set default for a field if it is empty
+****************************************************************************/
+
+static void set_default_on_empty(int field, uint32 value)
+{
+       if (account_policy_get(field, NULL))
+               return;
+       account_policy_set(field, value);
+       return;
+}
+
+/****************************************************************************
+ Open the account policy tdb.
+****************************************************************************/
+
+BOOL init_account_policy(void)
+{
+       const char *vstring = "INFO/version";
+       uint32 version;
+
+       if (tdb)
+               return True;
+       tdb = tdb_open_log(lock_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+       if (!tdb) {
+               DEBUG(0,("Failed to open account policy database\n"));
+               return False;
+       }
+
+       /* handle a Samba upgrade */
+       tdb_lock_bystring(tdb, vstring,0);
+       if (!tdb_fetch_uint32(tdb, vstring, &version) || version != DATABASE_VERSION) {
+               tdb_store_uint32(tdb, vstring, DATABASE_VERSION);
+               
+               set_default_on_empty(
+                       AP_MIN_PASSWORD_LEN, 
+                       MINPASSWDLENGTH);/* 5 chars minimum             */
+               set_default_on_empty(
+                       AP_PASSWORD_HISTORY, 
+                       0);             /* don't keep any old password  */
+               set_default_on_empty(
+                       AP_USER_MUST_LOGON_TO_CHG_PASS, 
+                       0);             /* don't force user to logon    */
+               set_default_on_empty(
+                       AP_MAX_PASSWORD_AGE, 
+                       (uint32)-1);    /* don't expire                 */
+               set_default_on_empty(
+                       AP_MIN_PASSWORD_AGE, 
+                       0);             /* 0 days                      */
+               set_default_on_empty(
+                       AP_LOCK_ACCOUNT_DURATION, 
+                       30);            /* lockout for 30 minutes      */
+               set_default_on_empty(
+                       AP_RESET_COUNT_TIME, 
+                       30);            /* reset after 30 minutes      */
+               set_default_on_empty(
+                       AP_BAD_ATTEMPT_LOCKOUT, 
+                       0);             /* don't lockout               */
+               set_default_on_empty(
+                       AP_TIME_TO_LOGOUT, 
+                       -1);            /* don't force logout          */
+               set_default_on_empty(
+                       AP_REFUSE_MACHINE_PW_CHANGE, 
+                       0);             /* allow machine pw changes    */
+       }
+       tdb_unlock_bystring(tdb, vstring);
+
+       /* These exist by default on NT4 in [HKLM\SECURITY\Policy\Accounts] */
+
+       privilege_create_account( &global_sid_World );
+       privilege_create_account( &global_sid_Builtin_Administrators );
+       privilege_create_account( &global_sid_Builtin_Account_Operators );
+       privilege_create_account( &global_sid_Builtin_Server_Operators );
+       privilege_create_account( &global_sid_Builtin_Print_Operators );
+       privilege_create_account( &global_sid_Builtin_Backup_Operators );
+       
+       return True;
+}
+
+static const struct {
         int field;
         const char *string;
-       uint32 default_val;
-       const char *comment;
-};
-
-static const struct ap_table account_policy_names[] = {
-       {AP_MIN_PASSWORD_LEN, "min password length", MINPASSWDLENGTH, 
-               "Minimal password length (default: 5)"},
-       {AP_PASSWORD_HISTORY, "password history", 0,
-               "Length of Password History Entries (default: 0 => off)" },
-       {AP_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password", 0,
-               "Force Users to logon for password change (default: 0 => off, 2 => on)"},
-       {AP_MAX_PASSWORD_AGE, "maximum password age", (uint32)-1,
-               "Maximum password age, in seconds (default: -1 => never expire passwords)"},
-       {AP_MIN_PASSWORD_AGE,"minimum password age", 0,
-               "Minimal password age, in seconds (default: 0 => allow immediate password change)"},
-       {AP_LOCK_ACCOUNT_DURATION, "lockout duration", 30,
-               "Lockout duration in minutes (default: 30, -1 => forever)"},
-       {AP_RESET_COUNT_TIME, "reset count minutes", 30,
-               "Reset time after lockout in minutes (default: 30)"},
-       {AP_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt", 0,
-               "Lockout users after bad logon attempts (default: 0 => off)"},
-       {AP_TIME_TO_LOGOUT, "disconnect time", -1,
-               "Disconnect Users outside logon hours (default: -1 => off, 0 => on)"}, 
-       {AP_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change", 0,
-               "Allow Machine Password changes (default: 0 => off)"},
-       {0, NULL, 0, ""}
+} account_policy_names[] = {
+       {AP_MIN_PASSWORD_LEN, "min password length"},
+       {AP_PASSWORD_HISTORY, "password history"},
+       {AP_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password"},
+       {AP_MAX_PASSWORD_AGE, "maximum password age (seconds since 1970)"},
+       {AP_MIN_PASSWORD_AGE,"minimum password age (seconds since 1970)"},
+       {AP_LOCK_ACCOUNT_DURATION, "lockout duration"},
+       {AP_RESET_COUNT_TIME, "reset count minutes"},
+       {AP_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt"},
+       {AP_TIME_TO_LOGOUT, "disconnect time"},
+       {AP_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change"},
+       {0, NULL}
  };
  
  char *account_policy_names_list(void)
@@ -99,7 +156,7 @@ char *account_policy_names_list(void)
  Get the account policy name as a string from its #define'ed number
  ****************************************************************************/
  
-const char *decode_account_policy_name(int field)
+static const char *decode_account_policy_name(int field)
  {
         int i;
         for (i=0; account_policy_names[i].string; i++) {
@@ -110,21 +167,6 @@ const char *decode_account_policy_name(int field)
  
  }
  
-/****************************************************************************
-Get the account policy comment as a string from its #define'ed number
-****************************************************************************/
-
-const char *account_policy_get_comment(int field)
-{
-       int i;
-       for (i=0; account_policy_names[i].string; i++) {
-               if (field == account_policy_names[i].field)
-                       return account_policy_names[i].comment;
-       }
-       return NULL;
-
-}
-
  /****************************************************************************
  Get the account policy name as a string from its #define'ed number
  ****************************************************************************/
@@ -140,222 +182,15 @@ int account_policy_name_to_fieldnum(const char *name)
  
  }
  
-/*****************************************************************************
-Update LAST-Set counter inside the cache
-*****************************************************************************/
-
-static BOOL account_policy_cache_timestamp(uint32 *value, BOOL update)
-{
-       pstring key;
-       uint32 val = 0;
-       time_t now;
-
-       slprintf(key, sizeof(key)-1, "%s", AP_LASTSET);
-
-       if (!init_account_policy())
-               return False;
-
-       if (!tdb_fetch_uint32(tdb, key, &val) && !update) {
-               DEBUG(10,("failed to get last set timestamp of cache\n"));
-               return False;
-       }
-
-       *value = val;
-
-       DEBUG(10, ("account policy cache lastset was: %s\n", http_timestring(val)));
-
-       if (update) {
-
-               now = time(NULL);
-
-               if (!tdb_store_uint32(tdb, key, (uint32)now)) {
-                       DEBUG(1, ("tdb_store_uint32 failed for %s\n", key));
-                       return False;
-               }
-               DEBUG(10, ("account policy cache lastset now: %s\n", http_timestring(now)));
-               *value = now;
-       }
-
-       return True;
-}
-
-/*****************************************************************************
-Get default value for account policy
-*****************************************************************************/
-
-BOOL account_policy_get_default(int account_policy, uint32 *val)
-{
-       int i;
-       for (i=0; account_policy_names[i].field; i++) {
-               if (account_policy_names[i].field == account_policy) {
-                       *val = account_policy_names[i].default_val;
-                       return True;
-               }
-       }
-       DEBUG(0,("no default for account_policy index %d found. This should never happen\n", 
-               account_policy));
-       return False;
-}
-
-/*****************************************************************************
- Set default for a field if it is empty
-*****************************************************************************/
-
-static BOOL account_policy_set_default_on_empty(int account_policy)
-{
-
-       uint32 value;
-
-       if (!account_policy_get(account_policy, &value) && 
-           !account_policy_get_default(account_policy, &value)) {
-               return False;
-       }
-
-       return account_policy_set(account_policy, value);
-}
-
-/*****************************************************************************
-Check migration success, set marker if required
-*****************************************************************************/
-
-static BOOL already_migrated_account_policies(BOOL store_migration_success)
-{
-       pstring key;
-       uint32 value;
-
-       slprintf(key, sizeof(key)-1, "%s", AP_MIGRATED);
-
-       if (tdb_fetch_uint32(tdb, key, &value)) {
-               return True;
-       }
-
-       if (store_migration_success) {
-
-               if (!tdb_store_uint32(tdb, key, 1)) {
-                       DEBUG(1, ("tdb_store_uint32 failed for %s\n", key));
-                       return False;
-               }
-               return True;
-       }
-
-       return False;
-}
-
-/*****************************************************************************
-Migrate account policies to passdb
-*****************************************************************************/
-
-static BOOL migrate_account_policy_names_to_passdb(void)
-{
-       int i, tmp_val;
-       BOOL got_pol;
-
-       if (already_migrated_account_policies(False)) {
-               return True;
-       }
-
-       DEBUG(1,("start migrating account policies into passdb\n"));
-
-       for (i=1; decode_account_policy_name(i) != NULL; i++) {
-
-               got_pol = False;
-
-               if (pdb_get_account_policy(i, &tmp_val)) {
-                       DEBUG(10,("account policy already in passdb\n"));
-                       got_pol = True;
-               }
-
-               if (!got_pol && !account_policy_get(i, &tmp_val)) {
-                       DEBUG(0,("very weird: could not get value for account policy\n"));
-                       return False;
-               }
-
-               DEBUGADD(1,("\tmigrating account policy (#%d: %s with value: %d) to passdb\n", 
-                       i, decode_account_policy_name(i), tmp_val));
-
-               /* set policy via new passdb api */
-               if (!pdb_set_account_policy(i, tmp_val)) {
-                       DEBUG(0,("failed to set account_policy\n"));
-                       return False;
-               }
-
-       }
-
-       if (!already_migrated_account_policies(True)) {
-               DEBUG(0,("could not store marker for account policy migration in the tdb\n"));
-               return False;
-       }
-               
-       DEBUGADD(1,("succesfully migrated account policies into passdb\n"));
-
-       return True;
-}
-
-/*****************************************************************************
- Open the account policy tdb.
-***`*************************************************************************/
-
-BOOL init_account_policy(void)
-{
-
-       const char *vstring = "INFO/version";
-       uint32 version;
-       int i;
-
-       if (tdb)
-               return True;
-
-       tdb = tdb_open_log(lock_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
-       if (!tdb) {
-               DEBUG(0,("Failed to open account policy database\n"));
-               return False;
-       }
-
-       /* handle a Samba upgrade */
-       tdb_lock_bystring(tdb, vstring,0);
-       if (!tdb_fetch_uint32(tdb, vstring, &version) || version != DATABASE_VERSION) {
-
-               tdb_store_uint32(tdb, vstring, DATABASE_VERSION);
-
-               for (i=0; account_policy_names[i].field; i++) {
-
-                       if (!account_policy_set_default_on_empty(account_policy_names[i].field)) {
-                               DEBUG(0,("failed to set default value in account policy tdb\n"));
-                               return False;
-                       }
-               }
-       }
-
-       if (!migrate_account_policy_names_to_passdb()) {
-               DEBUG(0,("Could not migrate account policy tdb to passdb.\n"));
-               return False;
-       }
-
-       tdb_unlock_bystring(tdb, vstring);
-
-       /* These exist by default on NT4 in [HKLM\SECURITY\Policy\Accounts] */
-
-       privilege_create_account( &global_sid_World );
-       privilege_create_account( &global_sid_Builtin_Administrators );
-       privilege_create_account( &global_sid_Builtin_Account_Operators );
-       privilege_create_account( &global_sid_Builtin_Server_Operators );
-       privilege_create_account( &global_sid_Builtin_Print_Operators );
-       privilege_create_account( &global_sid_Builtin_Backup_Operators );
-
-       return True;
-}
-
-/*****************************************************************************
-Internal function
-*****************************************************************************/
+/****************************************************************************
+****************************************************************************/
  
  BOOL account_policy_get(int field, uint32 *value)
  {
         fstring name;
         uint32 regval;
  
-       if (!init_account_policy())
-               return False;
+       if(!init_account_policy())return False;
  
         if (value)
                 *value = 0;
@@ -378,15 +213,12 @@ BOOL account_policy_get(int field, uint32 *value)
  
  
  /****************************************************************************
-Get an account policy from a (migrated tdb)
  ****************************************************************************/
-
  BOOL account_policy_set(int field, uint32 value)
  {
         fstring name;
  
-       if (!init_account_policy())
-               return False;
+       if(!init_account_policy())return False;
  
         fstrcpy(name, decode_account_policy_name(field));
         if (!*name) {
@@ -395,7 +227,7 @@ BOOL account_policy_set(int field, uint32 value)
         }
  
         if (!tdb_store_uint32(tdb, name, value)) {
-               DEBUG(1, ("tdb_store_uint32 failed for field %d (%s) on value %u\n", field, name, value));
+               DEBUG(1, ("tdb_store_uint32 failed for field %d (%s) on value %u", field, name, value));
                 return False;
         }
  
@@ -404,64 +236,6 @@ BOOL account_policy_set(int field, uint32 value)
         return True;
  }
  
-/****************************************************************************
-Set an account policy in the cache 
-****************************************************************************/
-
-BOOL cache_account_policy_set(int field, uint32 value)
-{
-       uint32 lastset, i;
-
-       for (i=0; account_policy_names[i].field; i++) {
-
-               if (account_policy_names[i].field == field) {
-
-                       DEBUG(10,("cache_account_policy_set: updating account pol cache\n"));
-
-                       if (!account_policy_set(field, value)) {
-                               return False;
-                       }
-
-                       if (!account_policy_cache_timestamp(&lastset, True)) {
-                               DEBUG(10,("cache_account_policy_set: failed to get lastest cache update timestamp\n"));
-                               return False;
-                       }
-
-                       DEBUG(10,("cache_account_policy_set: cache valid until: %s\n", http_timestring(lastset+AP_TTL)));
-               }
-       }
-
-       return True;
-}
-
-/*****************************************************************************
-Get an account policy from the cache 
-*****************************************************************************/
-
-BOOL cache_account_policy_get(int field, uint32 *value)
-{
-       uint32 lastset, i;
-
-       if (!account_policy_cache_timestamp(&lastset, False)) {
-               DEBUG(10,("cache_account_policy_get: failed to get latest cache update timestamp\n"));
-               return False;
-       }
-
-       if ((lastset + AP_TTL) < (uint32)time(NULL) ) {
-               DEBUG(10,("cache_account_policy_get: no valid cache entry (cache expired)\n"));
-               return False;
-       } 
-
-       for (i=0; account_policy_names[i].field; i++) {
-               if (account_policy_names[i].field == field) {
-                       return account_policy_get(field, value);
-               }
-       }
-
-       return False;
-}
-
-
  /****************************************************************************
  ****************************************************************************/
  
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c

index 2fc71b14021bd838c34ba5ae3e29f881259f3771..7aeecb89d6fd7479b2e5015237f342e3edfaf269 100644 (file)
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -208,15 +208,6 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
         { LDAP_ATTR_LIST_END,           NULL                    }       
  };
  
-/* attributes used for account policies */
-
-ATTRIB_MAP_ENTRY acctpol_attr_list[] = {
-       { LDAP_ATTR_OBJCLASS,           "objectClass"                   },
-       { LDAP_ATTR_ACCOUNT_POLICY_NAME,"sambaAccountPolicyName"        },
-       { LDAP_ATTR_ACCOUNT_POLICY_VAL, "sambaAccountPolicyValue"       },
-       { LDAP_ATTR_LIST_END,           NULL                            },
-};
-
  /**********************************************************************
   perform a simple table lookup and return the attribute name 
   **********************************************************************/
@@ -1253,82 +1244,6 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_
         return NT_STATUS_OK;
  }
  
-/**********************************************************************
- Add the account-policies below the sambaDomain object to LDAP, 
-*********************************************************************/
-static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state,
-                                               const char *domain_name)
-{
-       NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
-       int i, ldap_op, policy_default, rc;
-       const char *policy_string = NULL;
-       const char *policy_comment = NULL;
-       pstring dn;
-       fstring policy_default_str;
-
-       DEBUG(3,("Adding new account policies for domain\n"));
-       ldap_op = LDAP_MOD_ADD;
-
-       for (i=1; decode_account_policy_name(i) != NULL; i++) {
-               LDAPMod **mods = NULL;
-
-               policy_string = decode_account_policy_name(i);
-               if (!policy_string) {
-                       DEBUG(0,("add_new_domain_account_policies: ops. no policy!\n"));
-                       return ntstatus;
-               }
-
-               policy_comment = account_policy_get_comment(i);
-               if (!policy_comment) {
-                       DEBUG(0,("add_new_domain_account_policies: no description for policy found\n"));
-                       return ntstatus;
-               }
-
-               if (!account_policy_get_default(i, &policy_default)) {
-                       DEBUG(0,("add_new_domain_account_policies: failed to get default account policy\n"));
-                       return ntstatus;
-               }
-
-               slprintf(policy_default_str, sizeof(policy_default_str) - 1, "%i", policy_default);
-
-               pstr_sprintf(dn, "%s=%s,%s=%s,%s",
-                       get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string,
-                       get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), get_global_sam_name(),
-                       lp_ldap_suffix());
-
-               smbldap_set_mod( &mods, ldap_op, "objectClass", LDAP_OBJ_ACCOUNT_POLICY );
-
-               smbldap_set_mod( &mods, ldap_op,
-                       get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), 
-                       policy_string);
-
-               smbldap_set_mod( &mods, ldap_op,
-                       get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL), 
-                       policy_default_str);
-
-               smbldap_set_mod( &mods, ldap_op, "description", policy_comment);
-
-               rc = smbldap_add(ldap_state, dn, mods);
-
-               if (rc!=LDAP_SUCCESS) {
-                       char *ld_error = NULL;
-                       ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
-                       DEBUG(1,("failed to add account policy dn= %s with: %s\n\t%s\n",
-                              dn, ldap_err2string(rc),
-                              ld_error?ld_error:"unknown"));
-                       SAFE_FREE(ld_error);
-
-                       ldap_mods_free(mods, True);
-                       return ntstatus;
-               }
-
-               DEBUG(2,("added: domain account policy = [%s] in the LDAP database\n", policy_string));
-               ldap_mods_free(mods, True);
-       }
-
-       return NT_STATUS_OK;
-}
-
  /**********************************************************************
   Add the sambaDomain to LDAP, so we don't have to search for this stuff
   again.  This is a once-add operation for now.
@@ -1483,8 +1398,7 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state,
                 DEBUG(3, ("Got no domain info entries for domain\n"));
                 ldap_msgfree(*result);
                 *result = NULL;
-               if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name)) 
-                           && NT_STATUS_IS_OK(ret = add_new_domain_account_policies(ldap_state, domain_name))) {
+               if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) {
                         return smbldap_search_domain_info(ldap_state, result, domain_name, False);
                 } 
                 else {
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c

index d2e1eacdd2bdef107c2ceeb2e196e84813f66a2c..715eb9ed4c356725163564c2545e252e1b429e83 100644 (file)
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1890,7 +1890,7 @@ BOOL init_sam_from_buffer_v2(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen)
         }
  
         /* Change from V1 is addition of password history field. */
-       pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+       account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen);
         if (pwHistLen) {
                 char *pw_hist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
                 if (!pw_hist) {
@@ -2098,7 +2098,7 @@ uint32 init_buffer_from_sam_v2 (uint8 **buf, const SAM_ACCOUNT *sampass, BOOL si
                 nt_pw_len = 0;
         }
  
-       pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+       account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen);
         nt_pw_hist =  pdb_get_pw_history(sampass, &nt_pw_hist_len);
         if (pwHistLen && nt_pw_hist && nt_pw_hist_len) {
                 nt_pw_hist_len *= PW_HISTORY_ENTRY_LEN;
@@ -2307,8 +2307,8 @@ BOOL pdb_update_bad_password_count(SAM_ACCOUNT *sampass, BOOL *updated)
                 return True;
         }
  
-       if (!pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime)) {
-               DEBUG(0, ("pdb_update_bad_password_count: pdb_get_account_policy failed.\n"));
+       if (!account_policy_get(AP_RESET_COUNT_TIME, &resettime)) {
+               DEBUG(0, ("pdb_update_bad_password_count: account_policy_get failed.\n"));
                 return False;
         }
  
@@ -2349,8 +2349,8 @@ BOOL pdb_update_autolock_flag(SAM_ACCOUNT *sampass, BOOL *updated)
                 return True;
         }
  
-       if (!pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration)) {
-               DEBUG(0, ("pdb_update_autolock_flag: pdb_get_account_policy failed.\n"));
+       if (!account_policy_get(AP_LOCK_ACCOUNT_DURATION, &duration)) {
+               DEBUG(0, ("pdb_update_autolock_flag: account_policy_get failed.\n"));
                 return False;
         }
  
@@ -2398,9 +2398,9 @@ BOOL pdb_increment_bad_password_count(SAM_ACCOUNT *sampass)
                 return False;
  
         /* Retrieve the account lockout policy */
-       if (!pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT,
+       if (!account_policy_get(AP_BAD_ATTEMPT_LOCKOUT,
                                 &account_policy_lockout)) {
-               DEBUG(0, ("pdb_increment_bad_password_count: pdb_get_account_policy failed.\n"));
+               DEBUG(0, ("pdb_increment_bad_password_count: account_policy_get failed.\n"));
                 return False;
         }
  
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c

index e0fc0ef280229b017339506fc03be34c92311282..4b59b5fdf95a171a055ed064f1cc3c8b6c8832e7 100644 (file)
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -1123,7 +1123,7 @@ BOOL pdb_set_pass_changed_now (SAM_ACCOUNT *sampass)
         if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
                 return False;
  
-       if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) 
+       if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) 
             || (expire==(uint32)-1) || (expire == 0)) {
                 if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED))
                         return False;
@@ -1134,7 +1134,7 @@ BOOL pdb_set_pass_changed_now (SAM_ACCOUNT *sampass)
                         return False;
         }
         
-       if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age) 
+       if (!account_policy_get(AP_MIN_PASSWORD_AGE, &min_age) 
             || (min_age==(uint32)-1)) {
                 if (!pdb_set_pass_can_change_time (sampass, 0, PDB_CHANGED))
                         return False;
@@ -1189,7 +1189,7 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOUNT *sampass, const char *plaintext)
         if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
                 uchar *pwhistory;
                 uint32 pwHistLen;
-               pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+               account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen);
                 if (pwHistLen != 0){
                         uint32 current_history_len;
                         /* We need to make sure we don't have a race condition here - the
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c

index 938622abff39792218071cb8d55413d9d5c15057..382c028b0c6b12ee723f1a287f988f1dd536ce99 100644 (file)
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -622,35 +622,6 @@ static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
                                        num_members, aliases, num);
  }
  
-static NTSTATUS context_get_account_policy(struct pdb_context *context,
-                                          int policy_index, int *value)
-{
-       NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
-       if ((!context) || (!context->pdb_methods)) {
-               DEBUG(0, ("invalid pdb_context specified!\n"));
-               return ret;
-       }
-
-       return context->pdb_methods->get_account_policy(context->pdb_methods,
-                                                       policy_index, value);
-}
-
-static NTSTATUS context_set_account_policy(struct pdb_context *context,
-                                          int policy_index, int value)
-{
-       NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
-       if ((!context) || (!context->pdb_methods)) {
-               DEBUG(0, ("invalid pdb_context specified!\n"));
-               return ret;
-       }
-
-       return context->pdb_methods->set_account_policy(context->pdb_methods,
-                                                       policy_index, value);
-}
-
-       
  /******************************************************************
    Free and cleanup a pdb context, any associated data and anything
    that the attached modules might have associated.
@@ -779,9 +750,6 @@ static NTSTATUS make_pdb_context(struct pdb_context **context)
         (*context)->pdb_enum_aliasmem = context_enum_aliasmem;
         (*context)->pdb_enum_alias_memberships = context_enum_alias_memberships;
  
-       (*context)->pdb_get_account_policy = context_get_account_policy;
-       (*context)->pdb_set_account_policy = context_set_account_policy;
-
         (*context)->free_fn = free_pdb_context;
  
         return NT_STATUS_OK;
@@ -1234,30 +1202,6 @@ BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members,
                                                           aliases, num));
  }
  
-BOOL pdb_get_account_policy(int policy_index, int *value)
-{
-       struct pdb_context *pdb_context = pdb_get_static_context(False);
-
-       if (!pdb_context) {
-               return False;
-       }
-
-       return NT_STATUS_IS_OK(pdb_context->
-                              pdb_get_account_policy(pdb_context, policy_index, value));
-}
-
-BOOL pdb_set_account_policy(int policy_index, int value)
-{
-       struct pdb_context *pdb_context = pdb_get_static_context(False);
-
-       if (!pdb_context) {
-               return False;
-       }
-
-       return NT_STATUS_IS_OK(pdb_context->
-                              pdb_set_account_policy(pdb_context, policy_index, value));
-}
-
  /***************************************************************
    Initialize the static context (at smbd startup etc). 
  
@@ -1315,16 +1259,6 @@ static void pdb_default_endsampwent(struct pdb_methods *methods)
         return; /* NT_STATUS_NOT_IMPLEMENTED; */
  }
  
-static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, int *value)
-{
-       return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, int value)
-{
-       return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
  NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) 
  {
         *methods = TALLOC_P(mem_ctx, struct pdb_methods);
@@ -1362,8 +1296,6 @@ NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods)
         (*methods)->del_aliasmem = pdb_default_del_aliasmem;
         (*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
         (*methods)->enum_alias_memberships = pdb_default_alias_memberships;
-       (*methods)->get_account_policy = pdb_default_get_account_policy;
-       (*methods)->set_account_policy = pdb_default_set_account_policy;
  
         return NT_STATUS_OK;
  }
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c

index 6fdf80074c580ba068ef65d8a95b46ffefa0db29..ff99b21f1f98b3be502f6aef4659fcb00b7bc70f 100644 (file)
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -729,7 +729,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
                 ZERO_STRUCT(smbntpwd);
         }
  
-       pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+       account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen);
         if (pwHistLen > 0){
                 uint8 *pwhist = NULL;
                 int i;
@@ -1073,7 +1073,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
  
                 if (need_update(sampass, PDB_PWHISTORY)) {
                         int pwHistLen = 0;
-                       pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+                       account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen);
                         if (pwHistLen == 0) {
                                 /* Remove any password history from the LDAP store. */
                                 memset(temp, '0', 64); /* NOTE !!!! '0' *NOT '\0' */
@@ -1138,7 +1138,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
                 uint16 badcount = pdb_get_bad_password_count(sampass);
                 time_t badtime = pdb_get_bad_password_time(sampass);
                 uint32 pol;
-               pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &pol);
+               account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &pol);
  
                 DEBUG(3, ("updating bad password fields, policy=%u, count=%u, time=%u\n",
                         (unsigned int)pol, (unsigned int)badcount, (unsigned int)badtime));
@@ -2880,252 +2880,6 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
         return NT_STATUS_OK;
  }
  
-static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods, int policy_index, int *value)
-{
-       NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
-       LDAPMessage *result = NULL;
-       LDAPMessage *entry = NULL;
-       int count;
-       int rc;
-       pstring filter;
-       char **vals;
-       const char *policy_string = NULL;
-       int tmp_val;
-       BOOL found_tdb = False;
-
-       struct ldapsam_privates *ldap_state =
-               (struct ldapsam_privates *)methods->private_data;
-
-       const char *attrs[] = {
-               NULL,
-               NULL,
-               NULL 
-       };
-
-       attrs[0] = get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME);
-       attrs[1] = get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL);
-
-       if (cache_account_policy_get(policy_index, value)) {
-               DEBUG(11,("ldapsam_get_account_policy: got valid value from cache\n"));
-               return NT_STATUS_OK;
-       }
-
-       policy_string = decode_account_policy_name(policy_index);
-       if (!policy_string) {
-               DEBUG(0,("ldapsam_get_account_policy: invalid policy index: %d\n", policy_index));
-               return ntstatus;
-       }
-
-       pstr_sprintf(filter, "(&(objectclass=%s)(%s=%s))",
-                    LDAP_OBJ_ACCOUNT_POLICY, 
-                    get_attr_key2string(acctpol_attr_list,
-                                        LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string);
-       
-       if (!ldap_state->domain_dn) {
-               return NT_STATUS_INVALID_PARAMETER;
-       }
-
-search:                
-       rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn,
-                           LDAP_SCOPE_ONELEVEL, filter, attrs, 0, &result);
-
-       if (rc != LDAP_SUCCESS) 
-               return ntstatus;
-
-       count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
-                                  result);
-
-       /* handle deleted ldap-entries (migrate on the fly, use a default as last resort) - gd */
-       if (count < 1 && !found_tdb) {
-
-               found_tdb = False;
-
-               DEBUG(3,("ldapsam_get_account_policy: no entry for that policy in ldap found\n"));
-
-               if (!account_policy_get(policy_index, &tmp_val)) {
-                       DEBUG(10,("ldapsam_get_account_policy: failed to get account_policy from tdb\n"));
-                       found_tdb = True;
-               }
-
-               if (!found_tdb && !account_policy_get_default(policy_index, &tmp_val)) {
-                       ldap_msgfree(result);
-                       return ntstatus;
-               }
-
-               if (!pdb_set_account_policy(policy_index, tmp_val)) {
-                       DEBUG(1,("ldapsam_get_account_policy: failed to set account_policy\n"));
-                       ldap_msgfree(result);
-                       return ntstatus;
-               }
-
-               DEBUG(3,("ldapsam_get_account_policy: set account policy value based on %s value.\n", 
-                       found_tdb ? "tdb":"default"));
-
-               ldap_msgfree(result);
-               goto search;
-       }
-
-       entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
-
-       if (!entry) {
-               ldap_msgfree(result);
-               return NT_STATUS_UNSUCCESSFUL;
-       }
-
-       vals = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, 
-               get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL));
-
-       if (vals == NULL) 
-               goto out;
-
-       *value = (uint32)atol(vals[0]);
-
-       if (!cache_account_policy_set(policy_index, *value)) {
-               DEBUG(0,("ldapsam_get_account_policy: failed to update local tdb as a cache\n"));
-               return ntstatus;
-       }
-
-       ntstatus = NT_STATUS_OK;
-
-out:
-       ldap_value_free(vals);
-       ldap_msgfree(result);
-
-       return ntstatus;
-}
-
-static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods, int policy_index, int value)
-{
-       NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
-       LDAPMessage *result = NULL;
-       LDAPMessage *entry = NULL;
-       int count;
-       int rc;
-       pstring filter, dn;
-       int modop;
-       LDAPMod **mods = NULL;
-       fstring value_string;
-       char *old_dn = NULL;
-       const char *policy_string = NULL;
-       const char *policy_description = NULL;
-
-       struct ldapsam_privates *ldap_state =
-               (struct ldapsam_privates *)methods->private_data;
-
-       const char *attrs[] = {
-               NULL,
-               NULL,
-               NULL 
-       };
-
-       attrs[0] = get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), 
-       attrs[1] = get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL), 
-
-       policy_string = decode_account_policy_name(policy_index);
-       if (!policy_string) {
-               DEBUG(0,("ldapsam_set_account_policy: invalid policy\n"));
-               return ntstatus;
-       }
-
-       policy_description = account_policy_get_comment(policy_index);
-       if (!policy_description) {
-               DEBUG(0,("ldapsam_set_account_policy: no description for policy found\n"));
-               return ntstatus;
-       }
-
-       pstr_sprintf(filter, "(&(objectclass=%s)(%s=%s))",
-                    LDAP_OBJ_ACCOUNT_POLICY, 
-                    get_attr_key2string(acctpol_attr_list,
-                                        LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string);
-
-       if (!ldap_state->domain_dn) {
-               return NT_STATUS_INVALID_PARAMETER;
-       }
-
-       rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn,
-                           LDAP_SCOPE_ONELEVEL, filter, attrs, 0, &result);
-
-       if (rc != LDAP_SUCCESS) 
-               return ntstatus;
-
-       count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
-
-       slprintf(value_string, sizeof(value_string) - 1, "%i", value);
-
-       if (count == 1) {
-
-               modop = LDAP_MOD_REPLACE;
-
-               entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
-
-               if (!entry) {
-                       ldap_msgfree(result);
-                       return NT_STATUS_UNSUCCESSFUL;
-               }
-
-               old_dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
-               if (!old_dn) {
-                       ldap_msgfree(result);
-                       return ntstatus;
-               }
-
-               smbldap_set_mod(&mods, modop,
-                       get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL), 
-                       value_string);
-
-               rc = smbldap_modify(ldap_state->smbldap_state, old_dn, mods);
-
-       } else {
-
-               modop = LDAP_MOD_ADD;
-
-               pstr_sprintf(dn, "%s=%s,%s",
-                       get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string,
-                       ldap_state->domain_dn);
-
-               smbldap_set_mod( &mods, modop, "objectClass", LDAP_OBJ_ACCOUNT_POLICY );
-
-               smbldap_make_mod( ldap_state->smbldap_state->ldap_struct, entry, &mods, 
-                       get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), 
-                       policy_string);
-
-               smbldap_make_mod( ldap_state->smbldap_state->ldap_struct, entry, &mods, 
-                       get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL), 
-                       value_string);
-
-               smbldap_make_mod( ldap_state->smbldap_state->ldap_struct, entry, &mods, 
-                       "description", 
-                       policy_description);
-
-               rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
-       }
-
-       ldap_mods_free(mods, True);
-       ldap_msgfree(result);
-
-       if (rc != LDAP_SUCCESS) {
-               char *ld_error = NULL;
-               ldap_get_option(ldap_state->smbldap_state->ldap_struct,
-                               LDAP_OPT_ERROR_STRING,&ld_error);
-               
-               DEBUG(0, ("ldapsam_set_account_policy: Could not set account policy "
-                         "for %s, error: %s (%s)\n", dn, ldap_err2string(rc),
-                         ld_error?ld_error:"unknown"));
-               SAFE_FREE(ld_error);
-               SAFE_FREE(old_dn);
-               return ntstatus;
-       }
-
-       SAFE_FREE(old_dn);
-
-       if (!cache_account_policy_set(policy_index, value)) {
-               DEBUG(0,("ldapsam_set_account_policy: failed to update local tdb cache\n"));
-               return ntstatus;
-       }
-
-       return NT_STATUS_OK;
-}
-
  /**********************************************************************
   Housekeeping
   *********************************************************************/
@@ -3183,9 +2937,6 @@ static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS **
         (*pdb_method)->enum_group_mapping = ldapsam_enum_group_mapping;
         (*pdb_method)->enum_group_memberships = ldapsam_enum_group_memberships;
  
-       (*pdb_method)->get_account_policy = ldapsam_get_account_policy;
-       (*pdb_method)->set_account_policy = ldapsam_set_account_policy;
-
         /* TODO: Setup private data and free */
  
         ldap_state = TALLOC_ZERO_P(pdb_context->mem_ctx, struct ldapsam_privates);
diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c

index 3a5c9658204c6a5126a063b29b3cb53cb1ab7c18..c11e0d59a056915253dd83b54e35a33fda704125 100644 (file)
--- a/source3/rpc_server/srv_reg_nt.c
+++ b/source3/rpc_server/srv_reg_nt.c
@@ -380,7 +380,7 @@ WERROR _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u)
                         return WERR_NOMEM;
                 }
  
-               if (!pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, &dwValue))
+               if (!account_policy_get(AP_REFUSE_MACHINE_PW_CHANGE, &dwValue))
                         dwValue = 0;
                 regval_ctr_addvalue(&regvals, "RefusePasswordChange", 
                                     REG_DWORD,
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c

index 971f5ed40ce1feeeaf3612b3065b3f8a87e5495f..ffb7882e110fb72e1aed8184531047a6428a7f95 100644 (file)
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -785,6 +785,7 @@ static BOOL api_samr_set_userinfo(pipes_struct *p)
         if (!samr_io_q_set_userinfo("", &q_u, data, 0)) {
                 DEBUG(0,("api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.\n"));
                 /* Fix for W2K SP2 */
+               /* what is that status-code ? - gd */
                 if (q_u.switch_value == 0x1a) {
                         setup_fault_pdu(p, NT_STATUS(0x1c000006));
                         return True;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c

index 9c8a35045f02027cbf9c2fe8ffd374f9fe17ef4f..291d8713d58f5e0860c906ce2545a91ddc283063 100644 (file)
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2092,19 +2092,19 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
         switch (q_u->switch_value) {
                 case 0x01:
                         
-                       pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp);
+                       account_policy_get(AP_MIN_PASSWORD_LEN, &account_policy_temp);
                         min_pass_len = account_policy_temp;
  
-                       pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp);
+                       account_policy_get(AP_PASSWORD_HISTORY, &account_policy_temp);
                         pass_hist = account_policy_temp;
  
-                       pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp);
+                       account_policy_get(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp);
                         flag = account_policy_temp;
  
-                       pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp);
+                       account_policy_get(AP_MAX_PASSWORD_AGE, &account_policy_temp);
                         u_expire = account_policy_temp;
  
-                       pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp);
+                       account_policy_get(AP_MIN_PASSWORD_AGE, &account_policy_temp);
                         u_min_age = account_policy_temp;
                         
                         unix_to_nt_time_abs(&nt_expire, u_expire);
@@ -2132,7 +2132,7 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
                         num_groups=info->disp_info.num_group_account;
                         free_samr_db(info);
  
-                       pdb_get_account_policy(AP_TIME_TO_LOGOUT, &account_policy_temp);
+                       account_policy_get(AP_TIME_TO_LOGOUT, &account_policy_temp);
                         u_logout = account_policy_temp;
  
                         unix_to_nt_time_abs(&nt_logout, u_logout);
@@ -2146,7 +2146,7 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
                                        num_users, num_groups, num_aliases, nt_logout, server_role);
                         break;
                 case 0x03:
-                       pdb_get_account_policy(AP_TIME_TO_LOGOUT, (unsigned int *)&u_logout);
+                       account_policy_get(AP_TIME_TO_LOGOUT, (unsigned int *)&u_logout);
                         unix_to_nt_time_abs(&nt_logout, u_logout);
                         
                         init_unk_info3(&ctr->info.inf3, nt_logout);
@@ -2168,15 +2168,15 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
                         init_unk_info8(&ctr->info.inf8, (uint32) time(NULL));
                         break;
                 case 0x0c:
-                       pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
+                       account_policy_get(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
                         u_lock_duration = account_policy_temp;
                         if (u_lock_duration != -1)
                                 u_lock_duration *= 60;
  
-                       pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp);
+                       account_policy_get(AP_RESET_COUNT_TIME, &account_policy_temp);
                         u_reset_time = account_policy_temp * 60;
  
-                       pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
+                       account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
                         lockout = account_policy_temp;
  
                         unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
@@ -4572,19 +4572,19 @@ NTSTATUS _samr_unknown_2e(pipes_struct *p, SAMR_Q_UNKNOWN_2E *q_u, SAMR_R_UNKNOW
  
         switch (q_u->switch_value) {
                 case 0x01:
-                       pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp);
+                       account_policy_get(AP_MIN_PASSWORD_LEN, &account_policy_temp);
                         min_pass_len = account_policy_temp;
  
-                       pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp);
+                       account_policy_get(AP_PASSWORD_HISTORY, &account_policy_temp);
                         pass_hist = account_policy_temp;
  
-                       pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp);
+                       account_policy_get(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp);
                         flag = account_policy_temp;
  
-                       pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp);
+                       account_policy_get(AP_MAX_PASSWORD_AGE, &account_policy_temp);
                         u_expire = account_policy_temp;
  
-                       pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp);
+                       account_policy_get(AP_MIN_PASSWORD_AGE, &account_policy_temp);
                         u_min_age = account_policy_temp;
  
                         unix_to_nt_time_abs(&nt_expire, u_expire);
@@ -4612,7 +4612,7 @@ NTSTATUS _samr_unknown_2e(pipes_struct *p, SAMR_Q_UNKNOWN_2E *q_u, SAMR_R_UNKNOW
                         num_groups=info->disp_info.num_group_account;
                         free_samr_db(info);
  
-                       pdb_get_account_policy(AP_TIME_TO_LOGOUT, &account_policy_temp);
+                       account_policy_get(AP_TIME_TO_LOGOUT, &account_policy_temp);
                         u_logout = account_policy_temp;
  
                         unix_to_nt_time_abs(&nt_logout, u_logout);
@@ -4626,7 +4626,7 @@ NTSTATUS _samr_unknown_2e(pipes_struct *p, SAMR_Q_UNKNOWN_2E *q_u, SAMR_R_UNKNOW
                                        num_users, num_groups, num_aliases, nt_logout, server_role);
                         break;
                 case 0x03:
-                       pdb_get_account_policy(AP_TIME_TO_LOGOUT, &account_policy_temp);
+                       account_policy_get(AP_TIME_TO_LOGOUT, &account_policy_temp);
                         u_logout = account_policy_temp;
  
                         unix_to_nt_time_abs(&nt_logout, u_logout);
@@ -4649,15 +4649,15 @@ NTSTATUS _samr_unknown_2e(pipes_struct *p, SAMR_Q_UNKNOWN_2E *q_u, SAMR_R_UNKNOW
                         init_unk_info8(&ctr->info.inf8, (uint32) time(NULL));
                         break;
                 case 0x0c:
-                       pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
+                       account_policy_get(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
                         u_lock_duration = account_policy_temp;
                         if (u_lock_duration != -1)
                                 u_lock_duration *= 60;
  
-                       pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp);
+                       account_policy_get(AP_RESET_COUNT_TIME, &account_policy_temp);
                         u_reset_time = account_policy_temp * 60;
  
-                       pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
+                       account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
                         lockout = account_policy_temp;
         
                         unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
@@ -4701,17 +4701,17 @@ NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R
                         u_expire=nt_time_to_unix_abs(&q_u->ctr->info.inf1.expire);
                         u_min_age=nt_time_to_unix_abs(&q_u->ctr->info.inf1.min_passwordage);
                         
-                       pdb_set_account_policy(AP_MIN_PASSWORD_LEN, (uint32)q_u->ctr->info.inf1.min_length_password);
-                       pdb_set_account_policy(AP_PASSWORD_HISTORY, (uint32)q_u->ctr->info.inf1.password_history);
-                       pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)q_u->ctr->info.inf1.flag);
-                       pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (int)u_expire);
-                       pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (int)u_min_age);
+                       account_policy_set(AP_MIN_PASSWORD_LEN, (uint32)q_u->ctr->info.inf1.min_length_password);
+                       account_policy_set(AP_PASSWORD_HISTORY, (uint32)q_u->ctr->info.inf1.password_history);
+                       account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)q_u->ctr->info.inf1.flag);
+                       account_policy_set(AP_MAX_PASSWORD_AGE, (int)u_expire);
+                       account_policy_set(AP_MIN_PASSWORD_AGE, (int)u_min_age);
                         break;
                 case 0x02:
                         break;
                 case 0x03:
                         u_logout=nt_time_to_unix_abs(&q_u->ctr->info.inf3.logout);
-                       pdb_set_account_policy(AP_TIME_TO_LOGOUT, (int)u_logout);
+                       account_policy_set(AP_TIME_TO_LOGOUT, (int)u_logout);
                         break;
                 case 0x05:
                         break;
@@ -4726,9 +4726,9 @@ NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R
  
                         u_reset_time=nt_time_to_unix_abs(&q_u->ctr->info.inf12.reset_count)/60;
                         
-                       pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
-                       pdb_set_account_policy(AP_RESET_COUNT_TIME, (int)u_reset_time);
-                       pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, (uint32)q_u->ctr->info.inf12.bad_attempt_lockout);
+                       account_policy_set(AP_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
+                       account_policy_set(AP_RESET_COUNT_TIME, (int)u_reset_time);
+                       account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, (uint32)q_u->ctr->info.inf12.bad_attempt_lockout);
                         break;
                 default:
                         return NT_STATUS_INVALID_INFO_CLASS;
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c

index 3765b7d38f17bf705c469b8c9f9a820ffed78a1a..540acfc22509629214626cca3d68f6fa60e20aba 100644 (file)
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -945,7 +945,7 @@ static BOOL check_passwd_history(SAM_ACCOUNT *sampass, const char *plaintext)
         BOOL found = False;
         int i, pwHisLen, curr_pwHisLen;
  
-       pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHisLen);
+       account_policy_get(AP_PASSWORD_HISTORY, &pwHisLen);
         if (pwHisLen == 0) {
                 return False;
         }
@@ -1017,7 +1017,7 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
         }
  
         /* FIXME: AP_MIN_PASSWORD_LEN and lp_min_passwd_length() need to be merged - gd */
-       if (pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) {
+       if (account_policy_get(AP_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) {
                 DEBUG(1, ("user %s cannot change password - password too short\n", 
                           username));
                 DEBUGADD(1, (" account policy min password len = %d\n", min_len));
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c

index cc81719b6ab13a424cacf0f3d13238b7cc59fb99..49aef2a23cd18b8c553ee3d83a458aac796a09d8 100644 (file)
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -1000,34 +1000,34 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta)
         }
  
  
-       if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, delta->pwd_history_len))
+       if (!account_policy_set(AP_PASSWORD_HISTORY, delta->pwd_history_len))
                 return nt_status;
  
-       if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, delta->min_pwd_len))
+       if (!account_policy_set(AP_MIN_PASSWORD_LEN, delta->min_pwd_len))
                 return nt_status;
  
-       if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age))
+       if (!account_policy_set(AP_MAX_PASSWORD_AGE, (uint32)u_max_age))
                 return nt_status;
  
-       if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age))
+       if (!account_policy_set(AP_MIN_PASSWORD_AGE, (uint32)u_min_age))
                 return nt_status;
  
-       if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout))
+       if (!account_policy_set(AP_TIME_TO_LOGOUT, (uint32)u_logout))
                 return nt_status;
  
-       if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout))
+       if (!account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout))
                 return nt_status;
  
-       if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60))
+       if (!account_policy_set(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60))
                 return nt_status;
  
         if (u_lockouttime != -1)
                 u_lockouttime /= 60;
  
-       if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime))
+       if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime))
                 return nt_status;
  
-       if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass))
+       if (!account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass))
                 return nt_status;
  
         return NT_STATUS_OK;
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c

index d29b6ea66cbf7013cf4f6e2e1e0a5a1b462ebe71..3584ef0367aa2e52a2380d9e56bdd6b3427c3ee3 100644 (file)
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -118,27 +118,6 @@ static int export_groups (struct pdb_context *in, struct pdb_context *out) {
         return 0;
  }
  
-/*********************************************************
- Add all currently available account policy from tdb to one backend
- ********************************************************/
-
-static int export_account_policies (struct pdb_context *in, struct pdb_context *out) 
-{
-       int i;
-
-       for (i=1; decode_account_policy_name(i) != NULL; i++) {
-               uint32 policy_value;
-               if (NT_STATUS_IS_ERR(in->pdb_get_account_policy(in, i, &policy_value))) {
-                       fprintf(stderr, "Can't get account policy from tdb\n");
-                       return -1;
-               }
-               out->pdb_set_account_policy(out, i, policy_value);
-       }
-
-       return 0;
-}
-
-
  /*********************************************************
   Print info from sam structure
  **********************************************************/
@@ -669,7 +648,6 @@ int main (int argc, char **argv)
         static char *backend_in = NULL;
         static char *backend_out = NULL;
         static BOOL transfer_groups = False;
-       static BOOL transfer_account_policies = False;
         static BOOL  force_initialised_password = False;
         static char *logon_script = NULL;
         static char *profile_path = NULL;
@@ -710,7 +688,6 @@ int main (int argc, char **argv)
                 {"import",      'i', POPT_ARG_STRING, &backend_in, 0, "import user accounts from this backend", NULL},
                 {"export",      'e', POPT_ARG_STRING, &backend_out, 0, "export user accounts to this backend", NULL},
                 {"group",       'g', POPT_ARG_NONE, &transfer_groups, 0, "use -i and -e for groups", NULL},
-               {"policies",    'y', POPT_ARG_NONE, &transfer_account_policies, 0, "use -i and -e to move account policies between backends", NULL},
                 {"account-policy",      'P', POPT_ARG_STRING, &account_policy, 0,"value of an account policy (like maximum password age)",NULL},
                 {"value",       'C', POPT_ARG_LONG, &account_policy_value, 'C',"set the account policy to this value", NULL},
                 {"account-control",     'c', POPT_ARG_STRING, &account_control, 0, "Values of account control", NULL},
@@ -810,22 +787,20 @@ int main (int argc, char **argv)
                         SAFE_FREE(apn);
                         exit(1);
                 }
-               if (!pdb_get_account_policy(field, &value)) {
+               if (!account_policy_get(field, &value)) {
                         fprintf(stderr, "valid account policy, but unable to fetch value!\n");
-                       if (!account_policy_value_set)
-                               exit(1);
+                       exit(1);
                 }
-               printf("account policy \"%s\" description: %s\n", account_policy, account_policy_get_comment(field));
                 if (account_policy_value_set) {
-                       printf("account policy \"%s\" value was: %u\n", account_policy, value);
-                       if (!pdb_set_account_policy(field, account_policy_value)) {
+                       printf("account policy value for %s was %u\n", account_policy, value);
+                       if (!account_policy_set(field, account_policy_value)) {
                                 fprintf(stderr, "valid account policy, but unable to set value!\n");
                                 exit(1);
                         }
-                       printf("account policy \"%s\" value is now: %lu\n", account_policy, account_policy_value);
+                       printf("account policy value for %s is now %lu\n", account_policy, account_policy_value);
                         exit(0);
                 } else {
-                       printf("account policy \"%s\" value is: %u\n", account_policy, value);
+                       printf("account policy value for %s is %u\n", account_policy, value);
                         exit(0);
                 }
         }
@@ -849,10 +824,7 @@ int main (int argc, char **argv)
                 } else {
                         bout = bdef;
                 }
-               if (transfer_account_policies) {
-                       if (!(checkparms & BIT_USER))
-                               return export_account_policies(bin, bout);
-               } else  if (transfer_groups) {
+               if (transfer_groups) {
                         if (!(checkparms & BIT_USER))
                                 return export_groups(bin, bout);
                 } else {
author	Günther Deschner <gd@samba.org>
	Sat, 12 Feb 2005 00:51:31 +0000 (00:51 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 15:55:38 +0000 (10:55 -0500)
source3/Makefile.in		patch \| blob \| history
source3/include/passdb.h		patch \| blob \| history
source3/include/smbldap.h		patch \| blob \| history
source3/lib/account_pol.c		patch \| blob \| history
source3/lib/smbldap.c		patch \| blob \| history
source3/passdb/passdb.c		patch \| blob \| history
source3/passdb/pdb_get_set.c		patch \| blob \| history
source3/passdb/pdb_interface.c		patch \| blob \| history
source3/passdb/pdb_ldap.c		patch \| blob \| history
source3/rpc_server/srv_reg_nt.c		patch \| blob \| history
source3/rpc_server/srv_samr.c		patch \| blob \| history
source3/rpc_server/srv_samr_nt.c		patch \| blob \| history
source3/smbd/chgpasswd.c		patch \| blob \| history
source3/utils/net_rpc_samsync.c		patch \| blob \| history
source3/utils/pdbedit.c		patch \| blob \| history