diff options
Diffstat (limited to 'source3/passdb')
-rw-r--r-- | source3/passdb/passdb.c | 16 | ||||
-rw-r--r-- | source3/passdb/pdb_get_set.c | 6 | ||||
-rw-r--r-- | source3/passdb/pdb_interface.c | 68 | ||||
-rw-r--r-- | source3/passdb/pdb_ldap.c | 255 |
4 files changed, 14 insertions, 331 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index d2e1eacdd2..715eb9ed4c 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -1890,7 +1890,7 @@ BOOL init_sam_from_buffer_v2(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen) } /* Change from V1 is addition of password history field. */ - pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); + account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen); if (pwHistLen) { char *pw_hist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN); if (!pw_hist) { @@ -2098,7 +2098,7 @@ uint32 init_buffer_from_sam_v2 (uint8 **buf, const SAM_ACCOUNT *sampass, BOOL si nt_pw_len = 0; } - pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); + account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen); nt_pw_hist = pdb_get_pw_history(sampass, &nt_pw_hist_len); if (pwHistLen && nt_pw_hist && nt_pw_hist_len) { nt_pw_hist_len *= PW_HISTORY_ENTRY_LEN; @@ -2307,8 +2307,8 @@ BOOL pdb_update_bad_password_count(SAM_ACCOUNT *sampass, BOOL *updated) return True; } - if (!pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime)) { - DEBUG(0, ("pdb_update_bad_password_count: pdb_get_account_policy failed.\n")); + if (!account_policy_get(AP_RESET_COUNT_TIME, &resettime)) { + DEBUG(0, ("pdb_update_bad_password_count: account_policy_get failed.\n")); return False; } @@ -2349,8 +2349,8 @@ BOOL pdb_update_autolock_flag(SAM_ACCOUNT *sampass, BOOL *updated) return True; } - if (!pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration)) { - DEBUG(0, ("pdb_update_autolock_flag: pdb_get_account_policy failed.\n")); + if (!account_policy_get(AP_LOCK_ACCOUNT_DURATION, &duration)) { + DEBUG(0, ("pdb_update_autolock_flag: account_policy_get failed.\n")); return False; } @@ -2398,9 +2398,9 @@ BOOL pdb_increment_bad_password_count(SAM_ACCOUNT *sampass) return False; /* Retrieve the account lockout policy */ - if (!pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, + if (!account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout)) { - DEBUG(0, ("pdb_increment_bad_password_count: pdb_get_account_policy failed.\n")); + DEBUG(0, ("pdb_increment_bad_password_count: account_policy_get failed.\n")); return False; } diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index e0fc0ef280..4b59b5fdf9 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -1123,7 +1123,7 @@ BOOL pdb_set_pass_changed_now (SAM_ACCOUNT *sampass) if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED)) return False; - if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) + if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) || (expire==(uint32)-1) || (expire == 0)) { if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED)) return False; @@ -1134,7 +1134,7 @@ BOOL pdb_set_pass_changed_now (SAM_ACCOUNT *sampass) return False; } - if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age) + if (!account_policy_get(AP_MIN_PASSWORD_AGE, &min_age) || (min_age==(uint32)-1)) { if (!pdb_set_pass_can_change_time (sampass, 0, PDB_CHANGED)) return False; @@ -1189,7 +1189,7 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOUNT *sampass, const char *plaintext) if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) { uchar *pwhistory; uint32 pwHistLen; - pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); + account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen); if (pwHistLen != 0){ uint32 current_history_len; /* We need to make sure we don't have a race condition here - the diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 938622abff..382c028b0c 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -622,35 +622,6 @@ static NTSTATUS context_enum_alias_memberships(struct pdb_context *context, num_members, aliases, num); } -static NTSTATUS context_get_account_policy(struct pdb_context *context, - int policy_index, int *value) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->get_account_policy(context->pdb_methods, - policy_index, value); -} - -static NTSTATUS context_set_account_policy(struct pdb_context *context, - int policy_index, int value) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->set_account_policy(context->pdb_methods, - policy_index, value); -} - - /****************************************************************** Free and cleanup a pdb context, any associated data and anything that the attached modules might have associated. @@ -779,9 +750,6 @@ static NTSTATUS make_pdb_context(struct pdb_context **context) (*context)->pdb_enum_aliasmem = context_enum_aliasmem; (*context)->pdb_enum_alias_memberships = context_enum_alias_memberships; - (*context)->pdb_get_account_policy = context_get_account_policy; - (*context)->pdb_set_account_policy = context_set_account_policy; - (*context)->free_fn = free_pdb_context; return NT_STATUS_OK; @@ -1234,30 +1202,6 @@ BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members, aliases, num)); } -BOOL pdb_get_account_policy(int policy_index, int *value) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_get_account_policy(pdb_context, policy_index, value)); -} - -BOOL pdb_set_account_policy(int policy_index, int value) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_set_account_policy(pdb_context, policy_index, value)); -} - /*************************************************************** Initialize the static context (at smbd startup etc). @@ -1315,16 +1259,6 @@ static void pdb_default_endsampwent(struct pdb_methods *methods) return; /* NT_STATUS_NOT_IMPLEMENTED; */ } -static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, int *value) -{ - return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; -} - -static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, int value) -{ - return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; -} - NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) { *methods = TALLOC_P(mem_ctx, struct pdb_methods); @@ -1362,8 +1296,6 @@ NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) (*methods)->del_aliasmem = pdb_default_del_aliasmem; (*methods)->enum_aliasmem = pdb_default_enum_aliasmem; (*methods)->enum_alias_memberships = pdb_default_alias_memberships; - (*methods)->get_account_policy = pdb_default_get_account_policy; - (*methods)->set_account_policy = pdb_default_set_account_policy; return NT_STATUS_OK; } diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 6fdf80074c..ff99b21f1f 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -729,7 +729,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, ZERO_STRUCT(smbntpwd); } - pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); + account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen); if (pwHistLen > 0){ uint8 *pwhist = NULL; int i; @@ -1073,7 +1073,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, if (need_update(sampass, PDB_PWHISTORY)) { int pwHistLen = 0; - pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); + account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen); if (pwHistLen == 0) { /* Remove any password history from the LDAP store. */ memset(temp, '0', 64); /* NOTE !!!! '0' *NOT '\0' */ @@ -1138,7 +1138,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, uint16 badcount = pdb_get_bad_password_count(sampass); time_t badtime = pdb_get_bad_password_time(sampass); uint32 pol; - pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &pol); + account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &pol); DEBUG(3, ("updating bad password fields, policy=%u, count=%u, time=%u\n", (unsigned int)pol, (unsigned int)badcount, (unsigned int)badtime)); @@ -2880,252 +2880,6 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, return NT_STATUS_OK; } -static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods, int policy_index, int *value) -{ - NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - int count; - int rc; - pstring filter; - char **vals; - const char *policy_string = NULL; - int tmp_val; - BOOL found_tdb = False; - - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; - - const char *attrs[] = { - NULL, - NULL, - NULL - }; - - attrs[0] = get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME); - attrs[1] = get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL); - - if (cache_account_policy_get(policy_index, value)) { - DEBUG(11,("ldapsam_get_account_policy: got valid value from cache\n")); - return NT_STATUS_OK; - } - - policy_string = decode_account_policy_name(policy_index); - if (!policy_string) { - DEBUG(0,("ldapsam_get_account_policy: invalid policy index: %d\n", policy_index)); - return ntstatus; - } - - pstr_sprintf(filter, "(&(objectclass=%s)(%s=%s))", - LDAP_OBJ_ACCOUNT_POLICY, - get_attr_key2string(acctpol_attr_list, - LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string); - - if (!ldap_state->domain_dn) { - return NT_STATUS_INVALID_PARAMETER; - } - -search: - rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn, - LDAP_SCOPE_ONELEVEL, filter, attrs, 0, &result); - - if (rc != LDAP_SUCCESS) - return ntstatus; - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - result); - - /* handle deleted ldap-entries (migrate on the fly, use a default as last resort) - gd */ - if (count < 1 && !found_tdb) { - - found_tdb = False; - - DEBUG(3,("ldapsam_get_account_policy: no entry for that policy in ldap found\n")); - - if (!account_policy_get(policy_index, &tmp_val)) { - DEBUG(10,("ldapsam_get_account_policy: failed to get account_policy from tdb\n")); - found_tdb = True; - } - - if (!found_tdb && !account_policy_get_default(policy_index, &tmp_val)) { - ldap_msgfree(result); - return ntstatus; - } - - if (!pdb_set_account_policy(policy_index, tmp_val)) { - DEBUG(1,("ldapsam_get_account_policy: failed to set account_policy\n")); - ldap_msgfree(result); - return ntstatus; - } - - DEBUG(3,("ldapsam_get_account_policy: set account policy value based on %s value.\n", - found_tdb ? "tdb":"default")); - - ldap_msgfree(result); - goto search; - } - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result); - - if (!entry) { - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - vals = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, - get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL)); - - if (vals == NULL) - goto out; - - *value = (uint32)atol(vals[0]); - - if (!cache_account_policy_set(policy_index, *value)) { - DEBUG(0,("ldapsam_get_account_policy: failed to update local tdb as a cache\n")); - return ntstatus; - } - - ntstatus = NT_STATUS_OK; - -out: - ldap_value_free(vals); - ldap_msgfree(result); - - return ntstatus; -} - -static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods, int policy_index, int value) -{ - NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - int count; - int rc; - pstring filter, dn; - int modop; - LDAPMod **mods = NULL; - fstring value_string; - char *old_dn = NULL; - const char *policy_string = NULL; - const char *policy_description = NULL; - - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; - - const char *attrs[] = { - NULL, - NULL, - NULL - }; - - attrs[0] = get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), - attrs[1] = get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL), - - policy_string = decode_account_policy_name(policy_index); - if (!policy_string) { - DEBUG(0,("ldapsam_set_account_policy: invalid policy\n")); - return ntstatus; - } - - policy_description = account_policy_get_comment(policy_index); - if (!policy_description) { - DEBUG(0,("ldapsam_set_account_policy: no description for policy found\n")); - return ntstatus; - } - - pstr_sprintf(filter, "(&(objectclass=%s)(%s=%s))", - LDAP_OBJ_ACCOUNT_POLICY, - get_attr_key2string(acctpol_attr_list, - LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string); - - if (!ldap_state->domain_dn) { - return NT_STATUS_INVALID_PARAMETER; - } - - rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn, - LDAP_SCOPE_ONELEVEL, filter, attrs, 0, &result); - - if (rc != LDAP_SUCCESS) - return ntstatus; - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); - - slprintf(value_string, sizeof(value_string) - 1, "%i", value); - - if (count == 1) { - - modop = LDAP_MOD_REPLACE; - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result); - - if (!entry) { - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - old_dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); - if (!old_dn) { - ldap_msgfree(result); - return ntstatus; - } - - smbldap_set_mod(&mods, modop, - get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL), - value_string); - - rc = smbldap_modify(ldap_state->smbldap_state, old_dn, mods); - - } else { - - modop = LDAP_MOD_ADD; - - pstr_sprintf(dn, "%s=%s,%s", - get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string, - ldap_state->domain_dn); - - smbldap_set_mod( &mods, modop, "objectClass", LDAP_OBJ_ACCOUNT_POLICY ); - - smbldap_make_mod( ldap_state->smbldap_state->ldap_struct, entry, &mods, - get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), - policy_string); - - smbldap_make_mod( ldap_state->smbldap_state->ldap_struct, entry, &mods, - get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL), - value_string); - - smbldap_make_mod( ldap_state->smbldap_state->ldap_struct, entry, &mods, - "description", - policy_description); - - rc = smbldap_add(ldap_state->smbldap_state, dn, mods); - } - - ldap_mods_free(mods, True); - ldap_msgfree(result); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - ldap_get_option(ldap_state->smbldap_state->ldap_struct, - LDAP_OPT_ERROR_STRING,&ld_error); - - DEBUG(0, ("ldapsam_set_account_policy: Could not set account policy " - "for %s, error: %s (%s)\n", dn, ldap_err2string(rc), - ld_error?ld_error:"unknown")); - SAFE_FREE(ld_error); - SAFE_FREE(old_dn); - return ntstatus; - } - - SAFE_FREE(old_dn); - - if (!cache_account_policy_set(policy_index, value)) { - DEBUG(0,("ldapsam_set_account_policy: failed to update local tdb cache\n")); - return ntstatus; - } - - return NT_STATUS_OK; -} - /********************************************************************** Housekeeping *********************************************************************/ @@ -3183,9 +2937,6 @@ static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS ** (*pdb_method)->enum_group_mapping = ldapsam_enum_group_mapping; (*pdb_method)->enum_group_memberships = ldapsam_enum_group_memberships; - (*pdb_method)->get_account_policy = ldapsam_get_account_policy; - (*pdb_method)->set_account_policy = ldapsam_set_account_policy; - /* TODO: Setup private data and free */ ldap_state = TALLOC_ZERO_P(pdb_context->mem_ctx, struct ldapsam_privates); |