summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJean-François Micouleau <jfm@samba.org>2001-12-03 17:14:23 +0000
committerJean-François Micouleau <jfm@samba.org>2001-12-03 17:14:23 +0000
commitcdf9b42754b7e97faa7fc4eb1ec69e32c0bfd1a0 (patch)
tree7af8817fc9a706d3152635395e1e689495f874b4
parentfc85a6096231d7e8c45c150f2beaa99c16e9227a (diff)
downloadsamba-cdf9b42754b7e97faa7fc4eb1ec69e32c0bfd1a0.tar.gz
samba-cdf9b42754b7e97faa7fc4eb1ec69e32c0bfd1a0.tar.bz2
samba-cdf9b42754b7e97faa7fc4eb1ec69e32c0bfd1a0.zip
added a tdb to store the account policy informations.
You can change them with either usermanager->policies->account or from a command prompt on NT/W2K: net accounts /domain we can add a rpc accounts to the net command. As the net_rpc.c is still empty, I did not start. How should I add command to it ? Should I take the rpcclient/cmd_xxx functions and call them from there ? alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more for jeremy ;-) J.F. (This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21)
-rw-r--r--source3/Makefile.in2
-rw-r--r--source3/groupdb/mapping.c3
-rw-r--r--source3/include/rpc_samr.h5
-rw-r--r--source3/include/smb.h14
-rw-r--r--source3/lib/account_pol.c132
-rw-r--r--source3/lib/time.c88
-rw-r--r--source3/passdb/passdb.c14
-rw-r--r--source3/rpc_parse/parse_samr.c50
-rw-r--r--source3/rpc_server/srv_samr_nt.c255
-rw-r--r--source3/smbd/server.c13
-rw-r--r--source3/utils/smbgroupedit.c22
11 files changed, 465 insertions, 133 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 993d441d9f..8c121fea0d 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -122,7 +122,7 @@ LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \
lib/ms_fnmatch.o lib/select.o lib/error.o lib/messages.o \
lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \
nsswitch/wb_client.o nsswitch/wb_common.o \
- intl/lang_tdb.o $(TDB_OBJ)
+ intl/lang_tdb.o lib/account_pol.o $(TDB_OBJ)
READLINE_OBJ = lib/readline.o
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index a0f6148e90..137f971228 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -166,6 +166,9 @@ BOOL init_group_mapping(void)
}
tdb_unlock_bystring(tdb, vstring);
+ /* write a list of default groups */
+ if(!default_group_mapping())
+ return False;
return True;
}
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index b3b46c6f0c..0d0dd7237c 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -481,14 +481,11 @@ typedef struct q_samr_query_domain_info
typedef struct sam_unknown_info_3_info
{
- uint32 unknown_0; /* 0x0000 0000 */
- uint32 unknown_1;
-
+ NTTIME logout;
/* 0x8000 0000 */ /* DON'T forcibly disconnect remote users from server when logon hours expire*/
/* 0x0000 0000 */ /* forcibly disconnect remote users from server when logon hours expire*/
-
} SAM_UNK_INFO_3;
typedef struct sam_unknown_info_6_info
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 13fe6abffa..0ac2118b94 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -631,6 +631,20 @@ typedef struct sam_passwd
} SAM_ACCOUNT;
/*
+ * Flags for account policy.
+ */
+#define AP_MIN_PASSWORD_LEN 1
+#define AP_PASSWORD_HISTORY 2
+#define AP_USER_MUST_LOGON_TO_CHG_PASS 3
+#define AP_MAX_PASSWORD_AGE 4
+#define AP_MIN_PASSWORD_AGE 5
+#define AP_LOCK_ACCOUNT_DURATION 6
+#define AP_RESET_COUNT_TIME 7
+#define AP_BAD_ATTEMPT_LOCKOUT 8
+#define AP_TIME_TO_LOGOUT 9
+
+
+/*
* Flags for local user manipulation.
*/
diff --git a/source3/lib/account_pol.c b/source3/lib/account_pol.c
new file mode 100644
index 0000000000..aad6f8e11d
--- /dev/null
+++ b/source3/lib/account_pol.c
@@ -0,0 +1,132 @@
+/*
+ * Unix SMB/Netbios implementation.
+ * Version 1.9.
+ * account policy storage
+ * Copyright (C) Jean François Micouleau 1998-2001.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+static TDB_CONTEXT *tdb; /* used for driver files */
+
+#define DATABASE_VERSION 1
+
+/****************************************************************************
+open the account policy tdb
+****************************************************************************/
+BOOL init_account_policy(void)
+{
+ static pid_t local_pid;
+ char *vstring = "INFO/version";
+
+ if (tdb && local_pid == sys_getpid()) return True;
+ tdb = tdb_open_log(lock_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+ if (!tdb) {
+ DEBUG(0,("Failed to open account policy database\n"));
+ return False;
+ }
+
+ local_pid = sys_getpid();
+
+ /* handle a Samba upgrade */
+ tdb_lock_bystring(tdb, vstring);
+ if (tdb_fetch_int(tdb, vstring) != DATABASE_VERSION) {
+ tdb_traverse(tdb, (tdb_traverse_func)tdb_delete, NULL);
+ tdb_store_int(tdb, vstring, DATABASE_VERSION);
+
+ account_policy_set(AP_MIN_PASSWORD_LEN, MINPASSWDLENGTH); /* 5 chars minimum */
+ account_policy_set(AP_PASSWORD_HISTORY, 0); /* don't keep any old password */
+ account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, 0); /* don't force user to logon */
+ account_policy_set(AP_MAX_PASSWORD_AGE, MAX_PASSWORD_AGE); /* 21 days */
+ account_policy_set(AP_MIN_PASSWORD_AGE, 0); /* 0 days */
+ account_policy_set(AP_LOCK_ACCOUNT_DURATION, 0); /* lockout for 0 minutes */
+ account_policy_set(AP_RESET_COUNT_TIME, 0); /* reset immediatly */
+ account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, 0); /* don't lockout */
+ account_policy_set(AP_TIME_TO_LOGOUT, -1); /* don't force logout */
+ }
+ tdb_unlock_bystring(tdb, vstring);
+
+
+ return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static char *decode_account_policy_name(field)
+{
+ switch (field) {
+ case AP_MIN_PASSWORD_LEN:
+ return "min password length";
+ break;
+ case AP_PASSWORD_HISTORY:
+ return "password history";
+ break;
+ case AP_USER_MUST_LOGON_TO_CHG_PASS:
+ return "user must logon to change password";
+ break;
+ case AP_MAX_PASSWORD_AGE:
+ return "maximum password age";
+ break;
+ case AP_MIN_PASSWORD_AGE:
+ return "minimum password age";
+ break;
+ case AP_LOCK_ACCOUNT_DURATION:
+ return "lockout duration";
+ break;
+ case AP_RESET_COUNT_TIME:
+ return "reset count minutes";
+ break;
+ case AP_BAD_ATTEMPT_LOCKOUT:
+ return "bad lockout attempt";
+ break;
+ case AP_TIME_TO_LOGOUT:
+ return "disconnect time";
+ break;
+ default:
+ return "undefined value";
+ break;
+ }
+}
+
+
+/****************************************************************************
+****************************************************************************/
+BOOL account_policy_get(int field, int *value)
+{
+ fstring name;
+
+ fstrcpy(name, decode_account_policy_name(field));
+ *value=tdb_fetch_int(tdb, name);
+ DEBUG(10,("account_policy_get: %s:%d\n", name, *value));
+ return True;
+}
+
+
+/****************************************************************************
+****************************************************************************/
+BOOL account_policy_set(int field, int value)
+{
+ fstring name;
+
+ fstrcpy(name, decode_account_policy_name(field));
+ if ( tdb_store_int(tdb, name, value)== -1)
+ return False;
+ DEBUG(10,("account_policy_set: %s:%d\n", name, value));
+
+ return True;
+}
+
diff --git a/source3/lib/time.c b/source3/lib/time.c
index b302726a95..f0f62ca841 100644
--- a/source3/lib/time.c
+++ b/source3/lib/time.c
@@ -304,6 +304,50 @@ time_t nt_time_to_unix(NTTIME *nt)
return(ret);
}
+/****************************************************************************
+convert a NTTIME structure to a time_t
+It's originally in "100ns units"
+
+this is an absolute version of the one above.
+By absolute I mean, it doesn't adjust from 1/1/1601 to 1/1/1970
+if the NTTIME was 5 seconds, the time_t is 5 seconds. JFM
+****************************************************************************/
+time_t nt_time_to_unix_abs(NTTIME *nt)
+{
+ double d;
+ time_t ret;
+ /* The next two lines are a fix needed for the
+ broken SCO compiler. JRA. */
+ time_t l_time_min = TIME_T_MIN;
+ time_t l_time_max = TIME_T_MAX;
+
+ if (nt->high == 0)
+ return(0);
+
+ if (nt->high==0x80000000 && nt->low==0)
+ return -1;
+
+ /* reverse the time */
+ /* it's a negative value, turn it to positive */
+ nt->high=~nt->high;
+ nt->low=~nt->low;
+
+ d = ((double)nt->high)*4.0*(double)(1<<30);
+ d += (nt->low&0xFFF00000);
+ d *= 1.0e-7;
+
+ if (!(l_time_min <= d && d <= l_time_max))
+ return(0);
+
+ ret = (time_t)(d+0.5);
+
+ /* this takes us from kludge-GMT to real GMT */
+ ret -= get_serverzone();
+ ret += LocTimeDiff(ret);
+
+ return(ret);
+}
+
/****************************************************************************
@@ -355,6 +399,50 @@ void unix_to_nt_time(NTTIME *nt, time_t t)
nt->low = (uint32)(d - ((double)nt->high)*4.0*(double)(1<<30));
}
+/****************************************************************************
+convert a time_t to a NTTIME structure
+
+this is an absolute version of the one above.
+By absolute I mean, it doesn't adjust from 1/1/1970 to 1/1/1601
+if the nttime_t was 5 seconds, the NTTIME is 5 seconds. JFM
+****************************************************************************/
+void unix_to_nt_time_abs(NTTIME *nt, time_t t)
+{
+ double d;
+
+ if (t==0) {
+ nt->low = 0;
+ nt->high = 0;
+ return;
+ }
+
+ if (t == TIME_T_MAX) {
+ nt->low = 0xffffffff;
+ nt->high = 0x7fffffff;
+ return;
+ }
+
+ if (t == -1) {
+ /* that's what NT uses for infinite */
+ nt->low = 0x0;
+ nt->high = 0x80000000;
+ return;
+ }
+
+ /* this converts GMT to kludge-GMT */
+ t -= LocTimeDiff(t) - get_serverzone();
+
+ d = (double)(t);
+ d *= 1.0e7;
+
+ nt->high = (uint32)(d * (1.0/(4.0*(double)(1<<30))));
+ nt->low = (uint32)(d - ((double)nt->high)*4.0*(double)(1<<30));
+
+ /* convert to a negative value */
+ nt->high=~nt->high;
+ nt->low=~nt->low;
+}
+
/****************************************************************************
take an NTTIME structure, containing high / low time. convert to unix time.
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 8555186826..e469718b5c 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1776,6 +1776,7 @@ BOOL pdb_set_hours (SAM_ACCOUNT *sampass, const uint8 *hours)
BOOL pdb_set_pass_changed_now (SAM_ACCOUNT *sampass)
{
+ time_t expire;
if (!sampass)
return False;
@@ -1783,10 +1784,17 @@ BOOL pdb_set_pass_changed_now (SAM_ACCOUNT *sampass)
if (!pdb_set_pass_last_set_time (sampass, time(NULL)))
return False;
- if (!pdb_set_pass_must_change_time (sampass,
+ account_policy_get(AP_MAX_PASSWORD_AGE, (int *)&expire);
+
+ if (expire==-1) {
+ if (!pdb_set_pass_must_change_time (sampass, 0))
+ return False;
+ } else {
+ if (!pdb_set_pass_must_change_time (sampass,
pdb_get_pass_last_set_time(sampass)
- + MAX_PASSWORD_AGE))
- return False;
+ + expire))
+ return False;
+ }
return True;
}
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 99c0fe30be..dfc58839e5 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -345,8 +345,15 @@ void init_samr_r_get_usrdom_pwinfo(SAMR_R_GET_USRDOM_PWINFO *r_u, NTSTATUS statu
DEBUG(5, ("init_samr_r_get_usrdom_pwinfo\n"));
r_u->unknown_0 = 0x0000;
- r_u->unknown_1 = 0x0015;
- r_u->unknown_2 = 0x00000000;
+
+ /*
+ * used to be
+ * r_u->unknown_1 = 0x0015;
+ * but for trusts.
+ */
+ r_u->unknown_1 = 0x01D1;
+
+ r_u->unknown_2 = 0x00000000;
r_u->status = status;
}
@@ -461,10 +468,10 @@ BOOL samr_io_q_query_dom_info(char *desc, SAMR_Q_QUERY_DOMAIN_INFO * q_u,
inits a structure.
********************************************************************/
-void init_unk_info3(SAM_UNK_INFO_3 * u_3)
+void init_unk_info3(SAM_UNK_INFO_3 *u_3, NTTIME nt_logout)
{
- u_3->unknown_0 = 0x00000000;
- u_3->unknown_1 = 0x80000000;
+ u_3->logout.low = nt_logout.low;
+ u_3->logout.high = nt_logout.high;
}
/*******************************************************************
@@ -480,9 +487,7 @@ static BOOL sam_io_unk_info3(char *desc, SAM_UNK_INFO_3 * u_3,
prs_debug(ps, depth, desc, "sam_io_unk_info3");
depth++;
- if(!prs_uint32("unknown_0", ps, depth, &u_3->unknown_0)) /* 0x0000 0000 */
- return False;
- if(!prs_uint32("unknown_1", ps, depth, &u_3->unknown_1)) /* 0x8000 0000 */
+ if(!smb_io_time("logout", &u_3->logout, ps, depth))
return False;
return True;
@@ -554,14 +559,14 @@ static BOOL sam_io_unk_info7(char *desc, SAM_UNK_INFO_7 * u_7,
inits a structure.
********************************************************************/
-void init_unk_info12(SAM_UNK_INFO_12 * u_12)
+void init_unk_info12(SAM_UNK_INFO_12 * u_12, NTTIME nt_lock_duration, NTTIME nt_reset_time, uint16 lockout)
{
- u_12->duration.low = 0xcf1dcc00;
- u_12->duration.high = 0xfffffffb;
- u_12->reset_count.low = 0xcf1dcc00;
- u_12->reset_count.high = 0xfffffffb;
+ u_12->duration.low = nt_lock_duration.low;
+ u_12->duration.high = nt_lock_duration.high;
+ u_12->reset_count.low = nt_reset_time.low;
+ u_12->reset_count.high = nt_reset_time.high;
- u_12->bad_attempt_lockout = 0x0000;
+ u_12->bad_attempt_lockout = lockout;
}
/*******************************************************************
@@ -719,19 +724,20 @@ static BOOL sam_io_unk_info2(char *desc, SAM_UNK_INFO_2 * u_2,
inits a structure.
********************************************************************/
-void init_unk_info1(SAM_UNK_INFO_1 * u_1)
+void init_unk_info1(SAM_UNK_INFO_1 *u_1, uint16 min_pass_len, uint16 pass_hist,
+ uint32 flag, NTTIME nt_expire, NTTIME nt_min_age)
{
- u_1->min_length_password = 0;
- u_1->password_history = 0;
- u_1->flag = 0;
+ u_1->min_length_password = min_pass_len;
+ u_1->password_history = pass_hist;
+ u_1->flag = flag;
/* password never expire */
- u_1->expire.high = 0x80000000;
- u_1->expire.low = 0;
+ u_1->expire.high = nt_expire.high;
+ u_1->expire.low = nt_expire.low;
/* can change the password now */
- u_1->min_passwordage.high = 0;
- u_1->min_passwordage.low = 0;
+ u_1->min_passwordage.high = nt_min_age.high;
+ u_1->min_passwordage.low = nt_min_age.low;
}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 8882b0801a..13340d0a60 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1907,53 +1907,84 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SAMR_R_QUERY_DOMAIN_INFO *r_u)
{
- SAM_UNK_CTR *ctr;
+ SAM_UNK_CTR *ctr;
+ uint32 min_pass_len,pass_hist,flag;
+ time_t u_expire, u_min_age;
+ NTTIME nt_expire, nt_min_age;
+
+ time_t u_lock_duration, u_reset_time;
+ NTTIME nt_lock_duration, nt_reset_time;
+ uint32 lockout;
+
+ time_t u_logout;
+ NTTIME nt_logout;
+
if ((ctr = (SAM_UNK_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_UNK_CTR))) == NULL)
return NT_STATUS_NO_MEMORY;
- ZERO_STRUCTP(ctr);
+ ZERO_STRUCTP(ctr);
- r_u->status = NT_STATUS_OK;
+ r_u->status = NT_STATUS_OK;
- DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
+ DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
- /* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
- return NT_STATUS_INVALID_HANDLE;
+ /* find the policy handle. open a policy on it. */
+ if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
+ return NT_STATUS_INVALID_HANDLE;
- switch (q_u->switch_value) {
- case 0x01:
- init_unk_info1(&ctr->info.inf1);
- break;
- case 0x02:
+ switch (q_u->switch_value) {
+ case 0x01:
+ account_policy_get(AP_MIN_PASSWORD_LEN, &min_pass_len);
+ account_policy_get(AP_PASSWORD_HISTORY, &pass_hist);
+ account_policy_get(AP_USER_MUST_LOGON_TO_CHG_PASS, &flag);
+ account_policy_get(AP_MAX_PASSWORD_AGE, (int *)&u_expire);
+ account_policy_get(AP_MIN_PASSWORD_AGE, (int *)&u_min_age);
+
+ unix_to_nt_time_abs(&nt_expire, u_expire);
+ unix_to_nt_time_abs(&nt_min_age, u_min_age);
+
+ init_unk_info1(&ctr->info.inf1, (uint16)min_pass_len, (uint16)pass_hist,
+ flag, nt_expire, nt_min_age);
+ break;
+ case 0x02:
/* The time call below is to get a sequence number for the sam. FIXME !!! JRA. */
- init_unk_info2(&ctr->info.inf2, global_myworkgroup, global_myname, (uint32) time(NULL));
- break;
- case 0x03:
- init_unk_info3(&ctr->info.inf3);
- break;
- case 0x05:
- init_unk_info5(&ctr->info.inf5, global_myname);
- break;
- case 0x06:
- init_unk_info6(&ctr->info.inf6);
- break;
- case 0x07:
- init_unk_info7(&ctr->info.inf7);
- break;
- case 0x0c:
- init_unk_info12(&ctr->info.inf12);
- break;
- default:
- return NT_STATUS_INVALID_INFO_CLASS;
- }
+ init_unk_info2(&ctr->info.inf2, global_myworkgroup, global_myname, (uint32) time(NULL));
+ break;
+ case 0x03:
+ account_policy_get(AP_TIME_TO_LOGOUT, (int *)&u_logout);
+ unix_to_nt_time_abs(&nt_logout, u_logout);
+
+ init_unk_info3(&ctr->info.inf3, nt_logout);
+ break;
+ case 0x05:
+ init_unk_info5(&ctr->info.inf5, global_myname);
+ break;
+ case 0x06:
+ init_unk_info6(&ctr->info.inf6);
+ break;
+ case 0x07:
+ init_unk_info7(&ctr->info.inf7);
+ break;
+ case 0x0c:
+ account_policy_get(AP_LOCK_ACCOUNT_DURATION, (int *)&u_lock_duration);
+ account_policy_get(AP_RESET_COUNT_TIME, (int *)&u_reset_time);
+ account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &lockout);
+
+ unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
+ unix_to_nt_time_abs(&nt_reset_time, u_reset_time);
+
+ init_unk_info12(&ctr->info.inf12, nt_lock_duration, nt_reset_time, (uint16)lockout);
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
- init_samr_r_query_dom_info(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
+ init_samr_r_query_dom_info(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
- DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
+ DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
- return r_u->status;
+ return r_u->status;
}
/*******************************************************************
@@ -3460,53 +3491,83 @@ NTSTATUS _samr_unknown_2d(pipes_struct *p, SAMR_Q_UNKNOWN_2D *q_u, SAMR_R_UNKNOW
NTSTATUS _samr_unknown_2e(pipes_struct *p, SAMR_Q_UNKNOWN_2E *q_u, SAMR_R_UNKNOWN_2E *r_u)
{
- SAM_UNK_CTR *ctr;
+ SAM_UNK_CTR *ctr;
+ uint32 min_pass_len,pass_hist,flag;
+ time_t u_expire, u_min_age;
+ NTTIME nt_expire, nt_min_age;
+
+ time_t u_lock_duration, u_reset_time;
+ NTTIME nt_lock_duration, nt_reset_time;
+ uint32 lockout;
+
+ time_t u_logout;
+ NTTIME nt_logout;
if ((ctr = (SAM_UNK_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_UNK_CTR))) == NULL)
return NT_STATUS_NO_MEMORY;
- ZERO_STRUCTP(ctr);
+ ZERO_STRUCTP(ctr);
- r_u->status = NT_STATUS_OK;
+ r_u->status = NT_STATUS_OK;
- DEBUG(5,("_samr_unknown_2e: %d\n", __LINE__));
+ DEBUG(5,("_samr_unknown_2e: %d\n", __LINE__));
- /* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
- return NT_STATUS_INVALID_HANDLE;
+ /* find the policy handle. open a policy on it. */
+ if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
+ return NT_STATUS_INVALID_HANDLE;
- switch (q_u->switch_value) {
- case 0x01:
- init_unk_info1(&ctr->info.inf1);
- break;
- case 0x02:
+ switch (q_u->switch_value) {
+ case 0x01:
+ account_policy_get(AP_MIN_PASSWORD_LEN, &min_pass_len);
+ account_policy_get(AP_PASSWORD_HISTORY, &pass_hist);
+ account_policy_get(AP_USER_MUST_LOGON_TO_CHG_PASS, &flag);
+ account_policy_get(AP_MAX_PASSWORD_AGE, (int *)&u_expire);
+ account_policy_get(AP_MIN_PASSWORD_AGE, (int *)&u_min_age);
+
+ unix_to_nt_time_abs(&nt_expire, u_expire);
+ unix_to_nt_time_abs(&nt_min_age, u_min_age);
+
+ init_unk_info1(&ctr->info.inf1, (uint16)min_pass_len, (uint16)pass_hist,
+ flag, nt_expire, nt_min_age);
+ break;
+ case 0x02:
/* The time call below is to get a sequence number for the sam. FIXME !!! JRA. */
- init_unk_info2(&ctr->info.inf2, global_myworkgroup, global_myname, (uint32) time(NULL));
- break;
- case 0x03:
- init_unk_info3(&ctr->info.inf3);
- break;
- case 0x05:
- init_unk_info5(&ctr->info.inf5, global_myname);
- break;
- case 0x06:
- init_unk_info6(&ctr->info.inf6);
- break;
- case 0x07:
- init_unk_info7(&ctr->info.inf7);
- break;
- case 0x0c:
- init_unk_info12(&ctr->info.inf12);
- break;
- default:
- return NT_STATUS_INVALID_INFO_CLASS;
- }
+ init_unk_info2(&ctr->info.inf2, global_myworkgroup, global_myname, (uint32) time(NULL));
+ break;
+ case 0x03:
+ account_policy_get(AP_TIME_TO_LOGOUT, (int *)&u_logout);
+ unix_to_nt_time_abs(&nt_logout, u_logout);
+
+ init_unk_info3(&ctr->info.inf3, nt_logout);
+ break;
+ case 0x05:
+ init_unk_info5(&ctr->info.inf5, global_myname);
+ break;
+ case 0x06:
+ init_unk_info6(&ctr->info.inf6);
+ break;
+ case 0x07:
+ init_unk_info7(&ctr->info.inf7);
+ break;
+ case 0x0c:
+ account_policy_get(AP_LOCK_ACCOUNT_DURATION, (int *)&u_lock_duration);
+ account_policy_get(AP_RESET_COUNT_TIME, (int *)&u_reset_time);
+ account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &lockout);
+
+ unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
+ unix_to_nt_time_abs(&nt_reset_time, u_reset_time);
+
+ init_unk_info12(&ctr->info.inf12, nt_lock_duration, nt_reset_time, (uint16)lockout);
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
- init_samr_r_samr_unknown_2e(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
+ init_samr_r_samr_unknown_2e(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
- DEBUG(5,("_samr_unknown_2e: %d\n", __LINE__));
+ DEBUG(5,("_samr_unknown_2e: %d\n", __LINE__));
- return r_u->status;
+ return r_u->status;
}
/*******************************************************************
@@ -3515,6 +3576,10 @@ NTSTATUS _samr_unknown_2e(pipes_struct *p, SAMR_Q_UNKNOWN_2E *q_u, SAMR_R_UNKNOW
NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R_SET_DOMAIN_INFO *r_u)
{
+ time_t u_expire, u_min_age;
+ time_t u_logout;
+ time_t u_lock_duration, u_reset_time;
+
r_u->status = NT_STATUS_OK;
DEBUG(5,("_samr_set_dom_info: %d\n", __LINE__));
@@ -3523,25 +3588,41 @@ NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R
if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
return NT_STATUS_INVALID_HANDLE;
- DEBUG(0,("_samr_set_dom_info: switch_value: %d\n", q_u->switch_value));
+ DEBUG(5,("_samr_set_dom_info: switch_value: %d\n", q_u->switch_value));
switch (q_u->switch_value) {
- case 0x01:
- break;
- case 0x02:
- break;
- case 0x03:
- break;
- case 0x05:
- break;
- case 0x06:
- break;
- case 0x07:
- break;
- case 0x0c:
- break;
- default:
- return NT_STATUS_INVALID_INFO_CLASS;
+ case 0x01:
+ u_expire=nt_time_to_unix_abs(&q_u->ctr->info.inf1.expire);
+ u_min_age=nt_time_to_unix_abs(&q_u->ctr->info.inf1.min_passwordage);
+
+ account_policy_set(AP_MIN_PASSWORD_LEN, (uint32)q_u->ctr->info.inf1.min_length_password);
+ account_policy_set(AP_PASSWORD_HISTORY, (uint32)q_u->ctr->info.inf1.password_history);
+ account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)q_u->ctr->info.inf1.flag);
+ account_policy_set(AP_MAX_PASSWORD_AGE, (int)u_expire);
+ account_policy_set(AP_MIN_PASSWORD_AGE, (int)u_min_age);
+ break;
+ case 0x02:
+ break;
+ case 0x03:
+ u_logout=nt_time_to_unix_abs(&q_u->ctr->info.inf3.logout);
+ account_policy_set(AP_TIME_TO_LOGOUT, (int)u_logout);
+ break;
+ case 0x05:
+ break;
+ case 0x06:
+ break;
+ case 0x07:
+ break;
+ case 0x0c:
+ u_lock_duration=nt_time_to_unix_abs(&q_u->ctr->info.inf12.duration);
+ u_reset_time=nt_time_to_unix_abs(&q_u->ctr->info.inf12.reset_count);
+
+ account_policy_set(AP_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
+ account_policy_set(AP_RESET_COUNT_TIME, (int)u_reset_time);
+ account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, (uint32)q_u->ctr->info.inf12.bad_attempt_lockout);
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
}
init_samr_r_set_domain_info(r_u, NT_STATUS_OK);
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 2f374e48aa..df56dfe9ab 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -825,13 +825,18 @@ static void usage(char *pname)
/* possibly reload the services file. */
reload_services(True);
- if (init_group_mapping()==False) {
- printf("Could not open tdb mapping file.\n");
+ if(!pdb_generate_sam_sid()) {
+ DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
+ exit(1);
+ }
+
+ if (!init_group_mapping()) {
+ DEBUG(0,("Could not open tdb mapping file.\n"));
return 0;
}
- if(!pdb_generate_sam_sid()) {
- DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
+ if (!init_account_policy()) {
+ DEBUG(0,("Could not open account policy tdb.\n"));
exit(1);
}
diff --git a/source3/utils/smbgroupedit.c b/source3/utils/smbgroupedit.c
index 9d42d2fc92..58ed0a8294 100644
--- a/source3/utils/smbgroupedit.c
+++ b/source3/utils/smbgroupedit.c
@@ -246,6 +246,16 @@ int main (int argc, char **argv)
exit(1);
}
+ if(pdb_generate_sam_sid()==False) {
+ printf("Can not read machine SID\n");
+ return 0;
+ }
+
+ if (init_group_mapping()==False) {
+ printf("Could not open tdb mapping file.\n");
+ return 0;
+ }
+
while ((ch = getopt(argc, argv, "a:c:d:ln:p:st:u:vx:")) != EOF) {
switch(ch) {
case 'a':
@@ -325,18 +335,6 @@ int main (int argc, char **argv)
break;
}
}
-
- if (init_group_mapping()==False) {
- printf("Could not open tdb mapping file.\n");
- return 0;
- }
-
- if(pdb_generate_sam_sid()==False) {
- printf("Can not read machine SID\n");
- return 0;
- }
-
- default_group_mapping();
if (add_group)
return addgroup(group, sid_type, ntgroup, group_desc, privilege);