added a tdb to store the account policy informations.

You can change them with either usermanager->policies->account
or from a command prompt on NT/W2K: net accounts /domain

we can add a rpc accounts to the net command. As the net_rpc.c is still
empty, I did not start. How should I add command to it ? Should I take the
rpcclient/cmd_xxx functions and call them from there ?

alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more
for jeremy ;-)

        J.F.
(This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21)

2 files changed, 220 insertions, 0 deletions

diff --git a/source3/lib/account_pol.c b/source3/lib/account_pol.c
new file mode 100644
index 0000000000..aad6f8e11d
--- /dev/null
+++ b/source3/lib/account_pol.c
@@ -0,0 +1,132 @@
+/* 
+ *  Unix SMB/Netbios implementation.
+ *  Version 1.9.
+ *  account policy storage
+ *  Copyright (C) Jean François Micouleau      1998-2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+static TDB_CONTEXT *tdb; /* used for driver files */
+
+#define DATABASE_VERSION 1
+
+/****************************************************************************
+open the account policy tdb
+****************************************************************************/
+BOOL init_account_policy(void)
+{
+	static pid_t local_pid;
+	char *vstring = "INFO/version";
+
+	if (tdb && local_pid == sys_getpid()) return True;
+	tdb = tdb_open_log(lock_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+	if (!tdb) {
+		DEBUG(0,("Failed to open account policy database\n"));
+		return False;
+	}
+
+	local_pid = sys_getpid();
+
+	/* handle a Samba upgrade */
+	tdb_lock_bystring(tdb, vstring);
+	if (tdb_fetch_int(tdb, vstring) != DATABASE_VERSION) {
+		tdb_traverse(tdb, (tdb_traverse_func)tdb_delete, NULL);
+		tdb_store_int(tdb, vstring, DATABASE_VERSION);
+		
+		account_policy_set(AP_MIN_PASSWORD_LEN, MINPASSWDLENGTH);   /* 5 chars minimum             */
+		account_policy_set(AP_PASSWORD_HISTORY, 0);		    /* don't keep any old password */
+		account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, 0);	    /* don't force user to logon   */
+		account_policy_set(AP_MAX_PASSWORD_AGE, MAX_PASSWORD_AGE);  /* 21 days                     */
+		account_policy_set(AP_MIN_PASSWORD_AGE, 0);		    /* 0 days                      */
+		account_policy_set(AP_LOCK_ACCOUNT_DURATION, 0);	    /* lockout for 0 minutes       */
+		account_policy_set(AP_RESET_COUNT_TIME, 0);		    /* reset immediatly            */
+		account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, 0);		    /* don't lockout               */
+		account_policy_set(AP_TIME_TO_LOGOUT, -1);		    /* don't force logout          */
+	}
+	tdb_unlock_bystring(tdb, vstring);
+
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static char *decode_account_policy_name(field)
+{
+	switch (field) {
+		case AP_MIN_PASSWORD_LEN:
+			return "min password length";
+			break;
+		case AP_PASSWORD_HISTORY:
+			return "password history";
+			break;
+		case AP_USER_MUST_LOGON_TO_CHG_PASS:
+			return "user must logon to change password";
+			break;
+		case AP_MAX_PASSWORD_AGE:
+			return "maximum password age";
+			break;
+		case AP_MIN_PASSWORD_AGE:
+			return "minimum password age";
+			break;
+		case AP_LOCK_ACCOUNT_DURATION:
+			return "lockout duration";
+			break;
+		case AP_RESET_COUNT_TIME:
+			return "reset count minutes";
+			break;
+		case AP_BAD_ATTEMPT_LOCKOUT:
+			return "bad lockout attempt";
+			break;
+		case AP_TIME_TO_LOGOUT:
+			return "disconnect time";
+			break;
+		default:
+			return "undefined value";
+			break;
+	}
+}
+
+
+/****************************************************************************
+****************************************************************************/
+BOOL account_policy_get(int field, int *value)
+{
+	fstring name;
+
+	fstrcpy(name, decode_account_policy_name(field));
+	*value=tdb_fetch_int(tdb, name);
+	DEBUG(10,("account_policy_get: %s:%d\n", name, *value));
+	return True;
+}
+
+
+/****************************************************************************
+****************************************************************************/
+BOOL account_policy_set(int field, int value)
+{
+	fstring name;
+
+	fstrcpy(name, decode_account_policy_name(field));
+	if ( tdb_store_int(tdb, name, value)== -1)
+		return False;
+	DEBUG(10,("account_policy_set: %s:%d\n", name, value));
+	
+	return True;
+}
+
diff --git a/source3/lib/time.c b/source3/lib/time.c
index b302726a95..f0f62ca841 100644
--- a/source3/lib/time.c
+++ b/source3/lib/time.c
@@ -304,6 +304,50 @@ time_t nt_time_to_unix(NTTIME *nt)
   return(ret);
 }
 
+/****************************************************************************
+convert a NTTIME structure to a time_t
+It's originally in "100ns units"
+
+this is an absolute version of the one above.
+By absolute I mean, it doesn't adjust from 1/1/1601 to 1/1/1970
+if the NTTIME was 5 seconds, the time_t is 5 seconds. JFM
+****************************************************************************/
+time_t nt_time_to_unix_abs(NTTIME *nt)
+{
+	double d;
+	time_t ret;
+	/* The next two lines are a fix needed for the 
+	   broken SCO compiler. JRA. */
+	time_t l_time_min = TIME_T_MIN;
+	time_t l_time_max = TIME_T_MAX;
+
+	if (nt->high == 0)
+		return(0);
+
+	if (nt->high==0x80000000 && nt->low==0)
+		return -1;
+
+	/* reverse the time */
+	/* it's a negative value, turn it to positive */
+	nt->high=~nt->high;
+	nt->low=~nt->low;
+
+	d = ((double)nt->high)*4.0*(double)(1<<30);
+	d += (nt->low&0xFFF00000);
+	d *= 1.0e-7;
+  
+	if (!(l_time_min <= d && d <= l_time_max))
+		return(0);
+
+	ret = (time_t)(d+0.5);
+
+	/* this takes us from kludge-GMT to real GMT */
+	ret -= get_serverzone();
+	ret += LocTimeDiff(ret);
+
+	return(ret);
+}
+
 
 
 /****************************************************************************
@@ -355,6 +399,50 @@ void unix_to_nt_time(NTTIME *nt, time_t t)
 	nt->low  = (uint32)(d - ((double)nt->high)*4.0*(double)(1<<30));
 }
 
+/****************************************************************************
+convert a time_t to a NTTIME structure
+
+this is an absolute version of the one above.
+By absolute I mean, it doesn't adjust from 1/1/1970 to 1/1/1601
+if the nttime_t was 5 seconds, the NTTIME is 5 seconds. JFM
+****************************************************************************/
+void unix_to_nt_time_abs(NTTIME *nt, time_t t)
+{
+	double d;
+
+	if (t==0) {
+		nt->low = 0;
+		nt->high = 0;
+		return;
+	}
+
+	if (t == TIME_T_MAX) {
+		nt->low = 0xffffffff;
+		nt->high = 0x7fffffff;
+		return;
+	}
+		
+	if (t == -1) {
+		/* that's what NT uses for infinite */
+		nt->low = 0x0;
+		nt->high = 0x80000000;
+		return;
+	}		
+
+	/* this converts GMT to kludge-GMT */
+	t -= LocTimeDiff(t) - get_serverzone(); 
+
+	d = (double)(t);
+	d *= 1.0e7;
+
+	nt->high = (uint32)(d * (1.0/(4.0*(double)(1<<30))));
+	nt->low  = (uint32)(d - ((double)nt->high)*4.0*(double)(1<<30));
+
+	/* convert to a negative value */
+	nt->high=~nt->high;
+	nt->low=~nt->low;
+}
+
 
 /****************************************************************************
 take an NTTIME structure, containing high / low time.  convert to unix time.