summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/passdb.c16
-rw-r--r--source3/passdb/pdb_get_set.c6
-rw-r--r--source3/passdb/pdb_interface.c68
-rw-r--r--source3/passdb/pdb_ldap.c255
4 files changed, 14 insertions, 331 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index d2e1eacdd2..715eb9ed4c 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1890,7 +1890,7 @@ BOOL init_sam_from_buffer_v2(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen)
}
/* Change from V1 is addition of password history field. */
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen) {
char *pw_hist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
if (!pw_hist) {
@@ -2098,7 +2098,7 @@ uint32 init_buffer_from_sam_v2 (uint8 **buf, const SAM_ACCOUNT *sampass, BOOL si
nt_pw_len = 0;
}
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen);
nt_pw_hist = pdb_get_pw_history(sampass, &nt_pw_hist_len);
if (pwHistLen && nt_pw_hist && nt_pw_hist_len) {
nt_pw_hist_len *= PW_HISTORY_ENTRY_LEN;
@@ -2307,8 +2307,8 @@ BOOL pdb_update_bad_password_count(SAM_ACCOUNT *sampass, BOOL *updated)
return True;
}
- if (!pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime)) {
- DEBUG(0, ("pdb_update_bad_password_count: pdb_get_account_policy failed.\n"));
+ if (!account_policy_get(AP_RESET_COUNT_TIME, &resettime)) {
+ DEBUG(0, ("pdb_update_bad_password_count: account_policy_get failed.\n"));
return False;
}
@@ -2349,8 +2349,8 @@ BOOL pdb_update_autolock_flag(SAM_ACCOUNT *sampass, BOOL *updated)
return True;
}
- if (!pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration)) {
- DEBUG(0, ("pdb_update_autolock_flag: pdb_get_account_policy failed.\n"));
+ if (!account_policy_get(AP_LOCK_ACCOUNT_DURATION, &duration)) {
+ DEBUG(0, ("pdb_update_autolock_flag: account_policy_get failed.\n"));
return False;
}
@@ -2398,9 +2398,9 @@ BOOL pdb_increment_bad_password_count(SAM_ACCOUNT *sampass)
return False;
/* Retrieve the account lockout policy */
- if (!pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT,
+ if (!account_policy_get(AP_BAD_ATTEMPT_LOCKOUT,
&account_policy_lockout)) {
- DEBUG(0, ("pdb_increment_bad_password_count: pdb_get_account_policy failed.\n"));
+ DEBUG(0, ("pdb_increment_bad_password_count: account_policy_get failed.\n"));
return False;
}
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index e0fc0ef280..4b59b5fdf9 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -1123,7 +1123,7 @@ BOOL pdb_set_pass_changed_now (SAM_ACCOUNT *sampass)
if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
return False;
- if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
+ if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire)
|| (expire==(uint32)-1) || (expire == 0)) {
if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED))
return False;
@@ -1134,7 +1134,7 @@ BOOL pdb_set_pass_changed_now (SAM_ACCOUNT *sampass)
return False;
}
- if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age)
+ if (!account_policy_get(AP_MIN_PASSWORD_AGE, &min_age)
|| (min_age==(uint32)-1)) {
if (!pdb_set_pass_can_change_time (sampass, 0, PDB_CHANGED))
return False;
@@ -1189,7 +1189,7 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOUNT *sampass, const char *plaintext)
if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
uchar *pwhistory;
uint32 pwHistLen;
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen != 0){
uint32 current_history_len;
/* We need to make sure we don't have a race condition here - the
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 938622abff..382c028b0c 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -622,35 +622,6 @@ static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
num_members, aliases, num);
}
-static NTSTATUS context_get_account_policy(struct pdb_context *context,
- int policy_index, int *value)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->get_account_policy(context->pdb_methods,
- policy_index, value);
-}
-
-static NTSTATUS context_set_account_policy(struct pdb_context *context,
- int policy_index, int value)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->set_account_policy(context->pdb_methods,
- policy_index, value);
-}
-
-
/******************************************************************
Free and cleanup a pdb context, any associated data and anything
that the attached modules might have associated.
@@ -779,9 +750,6 @@ static NTSTATUS make_pdb_context(struct pdb_context **context)
(*context)->pdb_enum_aliasmem = context_enum_aliasmem;
(*context)->pdb_enum_alias_memberships = context_enum_alias_memberships;
- (*context)->pdb_get_account_policy = context_get_account_policy;
- (*context)->pdb_set_account_policy = context_set_account_policy;
-
(*context)->free_fn = free_pdb_context;
return NT_STATUS_OK;
@@ -1234,30 +1202,6 @@ BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members,
aliases, num));
}
-BOOL pdb_get_account_policy(int policy_index, int *value)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_get_account_policy(pdb_context, policy_index, value));
-}
-
-BOOL pdb_set_account_policy(int policy_index, int value)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_set_account_policy(pdb_context, policy_index, value));
-}
-
/***************************************************************
Initialize the static context (at smbd startup etc).
@@ -1315,16 +1259,6 @@ static void pdb_default_endsampwent(struct pdb_methods *methods)
return; /* NT_STATUS_NOT_IMPLEMENTED; */
}
-static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, int *value)
-{
- return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, int value)
-{
- return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods)
{
*methods = TALLOC_P(mem_ctx, struct pdb_methods);
@@ -1362,8 +1296,6 @@ NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods)
(*methods)->del_aliasmem = pdb_default_del_aliasmem;
(*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
(*methods)->enum_alias_memberships = pdb_default_alias_memberships;
- (*methods)->get_account_policy = pdb_default_get_account_policy;
- (*methods)->set_account_policy = pdb_default_set_account_policy;
return NT_STATUS_OK;
}
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 6fdf80074c..ff99b21f1f 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -729,7 +729,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
ZERO_STRUCT(smbntpwd);
}
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen > 0){
uint8 *pwhist = NULL;
int i;
@@ -1073,7 +1073,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
if (need_update(sampass, PDB_PWHISTORY)) {
int pwHistLen = 0;
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen == 0) {
/* Remove any password history from the LDAP store. */
memset(temp, '0', 64); /* NOTE !!!! '0' *NOT '\0' */
@@ -1138,7 +1138,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
uint16 badcount = pdb_get_bad_password_count(sampass);
time_t badtime = pdb_get_bad_password_time(sampass);
uint32 pol;
- pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &pol);
+ account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &pol);
DEBUG(3, ("updating bad password fields, policy=%u, count=%u, time=%u\n",
(unsigned int)pol, (unsigned int)badcount, (unsigned int)badtime));
@@ -2880,252 +2880,6 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
return NT_STATUS_OK;
}
-static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods, int policy_index, int *value)
-{
- NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
- LDAPMessage *result = NULL;
- LDAPMessage *entry = NULL;
- int count;
- int rc;
- pstring filter;
- char **vals;
- const char *policy_string = NULL;
- int tmp_val;
- BOOL found_tdb = False;
-
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)methods->private_data;
-
- const char *attrs[] = {
- NULL,
- NULL,
- NULL
- };
-
- attrs[0] = get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME);
- attrs[1] = get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL);
-
- if (cache_account_policy_get(policy_index, value)) {
- DEBUG(11,("ldapsam_get_account_policy: got valid value from cache\n"));
- return NT_STATUS_OK;
- }
-
- policy_string = decode_account_policy_name(policy_index);
- if (!policy_string) {
- DEBUG(0,("ldapsam_get_account_policy: invalid policy index: %d\n", policy_index));
- return ntstatus;
- }
-
- pstr_sprintf(filter, "(&(objectclass=%s)(%s=%s))",
- LDAP_OBJ_ACCOUNT_POLICY,
- get_attr_key2string(acctpol_attr_list,
- LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string);
-
- if (!ldap_state->domain_dn) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
-search:
- rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn,
- LDAP_SCOPE_ONELEVEL, filter, attrs, 0, &result);
-
- if (rc != LDAP_SUCCESS)
- return ntstatus;
-
- count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
- result);
-
- /* handle deleted ldap-entries (migrate on the fly, use a default as last resort) - gd */
- if (count < 1 && !found_tdb) {
-
- found_tdb = False;
-
- DEBUG(3,("ldapsam_get_account_policy: no entry for that policy in ldap found\n"));
-
- if (!account_policy_get(policy_index, &tmp_val)) {
- DEBUG(10,("ldapsam_get_account_policy: failed to get account_policy from tdb\n"));
- found_tdb = True;
- }
-
- if (!found_tdb && !account_policy_get_default(policy_index, &tmp_val)) {
- ldap_msgfree(result);
- return ntstatus;
- }
-
- if (!pdb_set_account_policy(policy_index, tmp_val)) {
- DEBUG(1,("ldapsam_get_account_policy: failed to set account_policy\n"));
- ldap_msgfree(result);
- return ntstatus;
- }
-
- DEBUG(3,("ldapsam_get_account_policy: set account policy value based on %s value.\n",
- found_tdb ? "tdb":"default"));
-
- ldap_msgfree(result);
- goto search;
- }
-
- entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
-
- if (!entry) {
- ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- vals = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry,
- get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL));
-
- if (vals == NULL)
- goto out;
-
- *value = (uint32)atol(vals[0]);
-
- if (!cache_account_policy_set(policy_index, *value)) {
- DEBUG(0,("ldapsam_get_account_policy: failed to update local tdb as a cache\n"));
- return ntstatus;
- }
-
- ntstatus = NT_STATUS_OK;
-
-out:
- ldap_value_free(vals);
- ldap_msgfree(result);
-
- return ntstatus;
-}
-
-static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods, int policy_index, int value)
-{
- NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
- LDAPMessage *result = NULL;
- LDAPMessage *entry = NULL;
- int count;
- int rc;
- pstring filter, dn;
- int modop;
- LDAPMod **mods = NULL;
- fstring value_string;
- char *old_dn = NULL;
- const char *policy_string = NULL;
- const char *policy_description = NULL;
-
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)methods->private_data;
-
- const char *attrs[] = {
- NULL,
- NULL,
- NULL
- };
-
- attrs[0] = get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME),
- attrs[1] = get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL),
-
- policy_string = decode_account_policy_name(policy_index);
- if (!policy_string) {
- DEBUG(0,("ldapsam_set_account_policy: invalid policy\n"));
- return ntstatus;
- }
-
- policy_description = account_policy_get_comment(policy_index);
- if (!policy_description) {
- DEBUG(0,("ldapsam_set_account_policy: no description for policy found\n"));
- return ntstatus;
- }
-
- pstr_sprintf(filter, "(&(objectclass=%s)(%s=%s))",
- LDAP_OBJ_ACCOUNT_POLICY,
- get_attr_key2string(acctpol_attr_list,
- LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string);
-
- if (!ldap_state->domain_dn) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn,
- LDAP_SCOPE_ONELEVEL, filter, attrs, 0, &result);
-
- if (rc != LDAP_SUCCESS)
- return ntstatus;
-
- count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
-
- slprintf(value_string, sizeof(value_string) - 1, "%i", value);
-
- if (count == 1) {
-
- modop = LDAP_MOD_REPLACE;
-
- entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
-
- if (!entry) {
- ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- old_dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
- if (!old_dn) {
- ldap_msgfree(result);
- return ntstatus;
- }
-
- smbldap_set_mod(&mods, modop,
- get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL),
- value_string);
-
- rc = smbldap_modify(ldap_state->smbldap_state, old_dn, mods);
-
- } else {
-
- modop = LDAP_MOD_ADD;
-
- pstr_sprintf(dn, "%s=%s,%s",
- get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string,
- ldap_state->domain_dn);
-
- smbldap_set_mod( &mods, modop, "objectClass", LDAP_OBJ_ACCOUNT_POLICY );
-
- smbldap_make_mod( ldap_state->smbldap_state->ldap_struct, entry, &mods,
- get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME),
- policy_string);
-
- smbldap_make_mod( ldap_state->smbldap_state->ldap_struct, entry, &mods,
- get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL),
- value_string);
-
- smbldap_make_mod( ldap_state->smbldap_state->ldap_struct, entry, &mods,
- "description",
- policy_description);
-
- rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
- }
-
- ldap_mods_free(mods, True);
- ldap_msgfree(result);
-
- if (rc != LDAP_SUCCESS) {
- char *ld_error = NULL;
- ldap_get_option(ldap_state->smbldap_state->ldap_struct,
- LDAP_OPT_ERROR_STRING,&ld_error);
-
- DEBUG(0, ("ldapsam_set_account_policy: Could not set account policy "
- "for %s, error: %s (%s)\n", dn, ldap_err2string(rc),
- ld_error?ld_error:"unknown"));
- SAFE_FREE(ld_error);
- SAFE_FREE(old_dn);
- return ntstatus;
- }
-
- SAFE_FREE(old_dn);
-
- if (!cache_account_policy_set(policy_index, value)) {
- DEBUG(0,("ldapsam_set_account_policy: failed to update local tdb cache\n"));
- return ntstatus;
- }
-
- return NT_STATUS_OK;
-}
-
/**********************************************************************
Housekeeping
*********************************************************************/
@@ -3183,9 +2937,6 @@ static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS **
(*pdb_method)->enum_group_mapping = ldapsam_enum_group_mapping;
(*pdb_method)->enum_group_memberships = ldapsam_enum_group_memberships;
- (*pdb_method)->get_account_policy = ldapsam_get_account_policy;
- (*pdb_method)->set_account_policy = ldapsam_set_account_policy;
-
/* TODO: Setup private data and free */
ldap_state = TALLOC_ZERO_P(pdb_context->mem_ctx, struct ldapsam_privates);