summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2005-01-22 03:37:09 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:55:08 -0500
commitb4afdc08d5336e4a337e453443d7af1d8655a31a (patch)
tree3d2e3351c4e767cbd05006b349006bb427ed3ec1 /source3/utils
parent686ceda3c3d3510f873d44c7bbb89d9134e0cf88 (diff)
downloadsamba-b4afdc08d5336e4a337e453443d7af1d8655a31a.tar.gz
samba-b4afdc08d5336e4a337e453443d7af1d8655a31a.tar.bz2
samba-b4afdc08d5336e4a337e453443d7af1d8655a31a.zip
r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/net_rpc_samsync.c18
-rw-r--r--source3/utils/pdbedit.c42
2 files changed, 44 insertions, 16 deletions
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index 320341ec05..2db8ff054b 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -1000,34 +1000,34 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta)
}
- if (!account_policy_set(AP_PASSWORD_HISTORY, delta->pwd_history_len))
+ if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, delta->pwd_history_len))
return nt_status;
- if (!account_policy_set(AP_MIN_PASSWORD_LEN, delta->min_pwd_len))
+ if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, delta->min_pwd_len))
return nt_status;
- if (!account_policy_set(AP_MAX_PASSWORD_AGE, (uint32)u_max_age))
+ if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age))
return nt_status;
- if (!account_policy_set(AP_MIN_PASSWORD_AGE, (uint32)u_min_age))
+ if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age))
return nt_status;
- if (!account_policy_set(AP_TIME_TO_LOGOUT, (uint32)u_logout))
+ if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout))
return nt_status;
- if (!account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout))
+ if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout))
return nt_status;
- if (!account_policy_set(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60))
+ if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60))
return nt_status;
if (u_lockouttime != -1)
u_lockouttime /= 60;
- if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime))
+ if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime))
return nt_status;
- if (!account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass))
+ if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass))
return nt_status;
return NT_STATUS_OK;
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index 3584ef0367..d29b6ea66c 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -119,6 +119,27 @@ static int export_groups (struct pdb_context *in, struct pdb_context *out) {
}
/*********************************************************
+ Add all currently available account policy from tdb to one backend
+ ********************************************************/
+
+static int export_account_policies (struct pdb_context *in, struct pdb_context *out)
+{
+ int i;
+
+ for (i=1; decode_account_policy_name(i) != NULL; i++) {
+ uint32 policy_value;
+ if (NT_STATUS_IS_ERR(in->pdb_get_account_policy(in, i, &policy_value))) {
+ fprintf(stderr, "Can't get account policy from tdb\n");
+ return -1;
+ }
+ out->pdb_set_account_policy(out, i, policy_value);
+ }
+
+ return 0;
+}
+
+
+/*********************************************************
Print info from sam structure
**********************************************************/
@@ -648,6 +669,7 @@ int main (int argc, char **argv)
static char *backend_in = NULL;
static char *backend_out = NULL;
static BOOL transfer_groups = False;
+ static BOOL transfer_account_policies = False;
static BOOL force_initialised_password = False;
static char *logon_script = NULL;
static char *profile_path = NULL;
@@ -688,6 +710,7 @@ int main (int argc, char **argv)
{"import", 'i', POPT_ARG_STRING, &backend_in, 0, "import user accounts from this backend", NULL},
{"export", 'e', POPT_ARG_STRING, &backend_out, 0, "export user accounts to this backend", NULL},
{"group", 'g', POPT_ARG_NONE, &transfer_groups, 0, "use -i and -e for groups", NULL},
+ {"policies", 'y', POPT_ARG_NONE, &transfer_account_policies, 0, "use -i and -e to move account policies between backends", NULL},
{"account-policy", 'P', POPT_ARG_STRING, &account_policy, 0,"value of an account policy (like maximum password age)",NULL},
{"value", 'C', POPT_ARG_LONG, &account_policy_value, 'C',"set the account policy to this value", NULL},
{"account-control", 'c', POPT_ARG_STRING, &account_control, 0, "Values of account control", NULL},
@@ -787,20 +810,22 @@ int main (int argc, char **argv)
SAFE_FREE(apn);
exit(1);
}
- if (!account_policy_get(field, &value)) {
+ if (!pdb_get_account_policy(field, &value)) {
fprintf(stderr, "valid account policy, but unable to fetch value!\n");
- exit(1);
+ if (!account_policy_value_set)
+ exit(1);
}
+ printf("account policy \"%s\" description: %s\n", account_policy, account_policy_get_comment(field));
if (account_policy_value_set) {
- printf("account policy value for %s was %u\n", account_policy, value);
- if (!account_policy_set(field, account_policy_value)) {
+ printf("account policy \"%s\" value was: %u\n", account_policy, value);
+ if (!pdb_set_account_policy(field, account_policy_value)) {
fprintf(stderr, "valid account policy, but unable to set value!\n");
exit(1);
}
- printf("account policy value for %s is now %lu\n", account_policy, account_policy_value);
+ printf("account policy \"%s\" value is now: %lu\n", account_policy, account_policy_value);
exit(0);
} else {
- printf("account policy value for %s is %u\n", account_policy, value);
+ printf("account policy \"%s\" value is: %u\n", account_policy, value);
exit(0);
}
}
@@ -824,7 +849,10 @@ int main (int argc, char **argv)
} else {
bout = bdef;
}
- if (transfer_groups) {
+ if (transfer_account_policies) {
+ if (!(checkparms & BIT_USER))
+ return export_account_policies(bin, bout);
+ } else if (transfer_groups) {
if (!(checkparms & BIT_USER))
return export_groups(bin, bout);
} else {