summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-09-07 12:21:00 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-09-07 13:44:44 +0200
commitc640e9235fe0af6eb7dd9474807942ffdecbb8c4 (patch)
tree27ccb5a025f842842eee1f8dfe615460d28a5ba9
parent61543577fa3b7aeaee27800c239f6c78fb74fd26 (diff)
downloadsamba-c640e9235fe0af6eb7dd9474807942ffdecbb8c4.tar.gz
samba-c640e9235fe0af6eb7dd9474807942ffdecbb8c4.tar.bz2
samba-c640e9235fe0af6eb7dd9474807942ffdecbb8c4.zip
s4-s3-upgrade: convert password age policies to the negative NTTIME format
This previously caused all accounts to be locked out. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Sep 7 13:44:44 CEST 2011 on sn-devel-104
-rw-r--r--source4/scripting/python/samba/upgrade.py29
1 files changed, 21 insertions, 8 deletions
diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 2bb5ccccbe..92ab86b696 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -33,7 +33,7 @@ from samba.dcerpc import lsa, samr, security
from samba.dcerpc.security import dom_sid
from samba import dsdb
from samba.ndr import ndr_pack
-
+from samba import unix2nttime
def import_sam_policy(samdb, policy, logger):
"""Import a Samba 3 policy.
@@ -53,16 +53,29 @@ def import_sam_policy(samdb, policy, logger):
m = ldb.Message()
m.dn = samdb.get_default_basedn()
- m['a01'] = ldb.MessageElement(str(policy['min password length']), ldb.FLAG_MOD_REPLACE,
+ m['a01'] = ldb.MessageElement(str(unix2nttime(policy['min password length'])), ldb.FLAG_MOD_REPLACE,
'minPwdLength')
m['a02'] = ldb.MessageElement(str(policy['password history']), ldb.FLAG_MOD_REPLACE,
'pwdHistoryLength')
- m['a03'] = ldb.MessageElement(str(policy['minimum password age']), ldb.FLAG_MOD_REPLACE,
- 'minPwdAge')
- m['a04'] = ldb.MessageElement(str(policy['maximum password age']), ldb.FLAG_MOD_REPLACE,
- 'maxPwdAge')
- m['a05'] = ldb.MessageElement(str(policy['lockout duration']), ldb.FLAG_MOD_REPLACE,
- 'lockoutDuration')
+
+ min_pw_age_unix = policy['minimum password age']
+ min_pw_age_nt = 0 - unix2nttime(min_pw_age_unix)
+ m['a03'] = ldb.MessageElement(str(min_pw_age_nt), ldb.FLAG_MOD_REPLACE, 'minPwdAge')
+
+ max_pw_age_unix = policy['maximum password age']
+ if (max_pw_age_unix == 0xFFFFFFFF):
+ max_pw_age_nt = 0
+ else:
+ max_pw_age_nt = unix2nttime(max_pw_age_unix)
+
+ m['a04'] = ldb.MessageElement(str(max_pw_age_nt), ldb.FLAG_MOD_REPLACE,
+ 'maxPwdAge')
+
+ lockout_duration_mins = policy['lockout duration']
+ lockout_duration_nt = unix2nttime(lockout_duration_mins * 60)
+
+ m['a05'] = ldb.MessageElement(str(lockout_duration_nt), ldb.FLAG_MOD_REPLACE,
+ 'lockoutDuration')
try:
samdb.modify(m)