diff options
| author | Günther Deschner <gd@samba.org> | 2006-05-31 10:09:31 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:17:16 -0500 |
| commit | b283a205da69db7b2ee3ae7e0a37532660707476 (patch) | |
| tree | e82009fb6cc2de7fbed5a46e6317d60d7519cf89 | |
| parent | 690d117b256e4c3e698b861b0d05723fad1f3846 (diff) | |
| download | samba-b283a205da69db7b2ee3ae7e0a37532660707476.tar.gz samba-b283a205da69db7b2ee3ae7e0a37532660707476.tar.bz2 samba-b283a205da69db7b2ee3ae7e0a37532660707476.zip | |
r15977: Fillup the password_policy method in winbindd for winbindd_passdb. This
should make pam_winbind work again on a Samba PDC (and fix Bug #3800).
Guenther
(This used to be commit 4addabd054a2627133d3fff71234db18cf2c822c)
| -rw-r--r-- | source3/nsswitch/winbindd_passdb.c | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/source3/nsswitch/winbindd_passdb.c b/source3/nsswitch/winbindd_passdb.c index 2aaed1acef..b949ea0808 100644 --- a/source3/nsswitch/winbindd_passdb.c +++ b/source3/nsswitch/winbindd_passdb.c @@ -443,8 +443,47 @@ static NTSTATUS password_policy(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, SAM_UNK_INFO_1 *policy) { - /* actually we have that */ - return NT_STATUS_NOT_IMPLEMENTED; + uint32 min_pass_len,pass_hist,password_properties; + time_t u_expire, u_min_age; + NTTIME nt_expire, nt_min_age; + uint32 account_policy_temp; + + if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) { + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + min_pass_len = account_policy_temp; + + if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + pass_hist = account_policy_temp; + + if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + password_properties = account_policy_temp; + + if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + u_expire = account_policy_temp; + + if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + u_min_age = account_policy_temp; + + unix_to_nt_time_abs(&nt_expire, u_expire); + unix_to_nt_time_abs(&nt_min_age, u_min_age); + + init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist, + password_properties, nt_expire, nt_min_age); + + return NT_STATUS_OK; } /* get a list of trusted domains */ |