summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/winbindd/winbindd.h12
-rw-r--r--source3/winbindd/winbindd_cache.c83
-rw-r--r--source3/winbindd/winbindd_dual.c2
-rw-r--r--source3/winbindd/winbindd_pam.c22
-rw-r--r--source3/winbindd/winbindd_passdb.c14
-rw-r--r--source3/winbindd/winbindd_reconnect.c4
-rw-r--r--source3/winbindd/winbindd_rpc.c54
7 files changed, 106 insertions, 85 deletions
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index c4c1278d73..b812d69aeb 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -301,15 +301,15 @@ struct winbindd_methods {
NTSTATUS (*sequence_number)(struct winbindd_domain *domain, uint32 *seq);
/* return the lockout policy */
- NTSTATUS (*lockout_policy)(struct winbindd_domain *domain,
+ NTSTATUS (*lockout_policy)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *lockout_policy);
-
+ struct samr_DomInfo12 *lockout_policy);
+
/* return the lockout policy */
- NTSTATUS (*password_policy)(struct winbindd_domain *domain,
+ NTSTATUS (*password_policy)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *password_policy);
-
+ struct samr_DomInfo1 *password_policy);
+
/* enumerate trusted domains */
NTSTATUS (*trusted_domains)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index c293861492..f235e401e8 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -908,7 +908,9 @@ static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WI
centry_free(centry);
}
-static void wcache_save_lockout_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_12 *lockout_policy)
+static void wcache_save_lockout_policy(struct winbindd_domain *domain,
+ NTSTATUS status,
+ struct samr_DomInfo12 *lockout_policy)
{
struct cache_entry *centry;
@@ -916,18 +918,20 @@ static void wcache_save_lockout_policy(struct winbindd_domain *domain, NTSTATUS
if (!centry)
return;
- centry_put_nttime(centry, lockout_policy->duration);
- centry_put_nttime(centry, lockout_policy->reset_count);
- centry_put_uint16(centry, lockout_policy->bad_attempt_lockout);
+ centry_put_nttime(centry, lockout_policy->lockout_duration);
+ centry_put_nttime(centry, lockout_policy->lockout_window);
+ centry_put_uint16(centry, lockout_policy->lockout_threshold);
centry_end(centry, "LOC_POL/%s", domain->name);
-
+
DEBUG(10,("wcache_save_lockout_policy: %s\n", domain->name));
centry_free(centry);
}
-static void wcache_save_password_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_1 *policy)
+static void wcache_save_password_policy(struct winbindd_domain *domain,
+ NTSTATUS status,
+ struct samr_DomInfo1 *policy)
{
struct cache_entry *centry;
@@ -935,14 +939,14 @@ static void wcache_save_password_policy(struct winbindd_domain *domain, NTSTATUS
if (!centry)
return;
- centry_put_uint16(centry, policy->min_length_password);
- centry_put_uint16(centry, policy->password_history);
+ centry_put_uint16(centry, policy->min_password_length);
+ centry_put_uint16(centry, policy->password_history_length);
centry_put_uint32(centry, policy->password_properties);
- centry_put_nttime(centry, policy->expire);
- centry_put_nttime(centry, policy->min_passwordage);
+ centry_put_nttime(centry, policy->max_password_age);
+ centry_put_nttime(centry, policy->min_password_age);
centry_end(centry, "PWD_POL/%s", domain->name);
-
+
DEBUG(10,("wcache_save_password_policy: %s\n", domain->name));
centry_free(centry);
@@ -2131,55 +2135,56 @@ skip_save:
/* get lockout policy */
static NTSTATUS lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *policy){
+ struct samr_DomInfo12 *policy)
+{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
NTSTATUS status;
-
+
if (!cache->tdb)
goto do_query;
-
+
centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
-
+
if (!centry)
goto do_query;
-
- policy->duration = centry_nttime(centry);
- policy->reset_count = centry_nttime(centry);
- policy->bad_attempt_lockout = centry_uint16(centry);
-
+
+ policy->lockout_duration = centry_nttime(centry);
+ policy->lockout_window = centry_nttime(centry);
+ policy->lockout_threshold = centry_uint16(centry);
+
status = centry->status;
-
+
DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
domain->name, nt_errstr(status) ));
-
+
centry_free(centry);
return status;
-
+
do_query:
ZERO_STRUCTP(policy);
-
+
/* Return status value returned by seq number check */
if (!NT_STATUS_IS_OK(domain->last_status))
return domain->last_status;
-
+
DEBUG(10,("lockout_policy: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
-
- status = domain->backend->lockout_policy(domain, mem_ctx, policy);
-
+
+ status = domain->backend->lockout_policy(domain, mem_ctx, policy);
+
/* and save it */
refresh_sequence_number(domain, false);
wcache_save_lockout_policy(domain, status, policy);
-
+
return status;
}
-
+
/* get password policy */
static NTSTATUS password_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *policy)
+ struct samr_DomInfo1 *policy)
{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
@@ -2187,17 +2192,17 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
if (!cache->tdb)
goto do_query;
-
+
centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
-
+
if (!centry)
goto do_query;
- policy->min_length_password = centry_uint16(centry);
- policy->password_history = centry_uint16(centry);
+ policy->min_password_length = centry_uint16(centry);
+ policy->password_history_length = centry_uint16(centry);
policy->password_properties = centry_uint32(centry);
- policy->expire = centry_nttime(centry);
- policy->min_passwordage = centry_nttime(centry);
+ policy->max_password_age = centry_nttime(centry);
+ policy->min_password_age = centry_nttime(centry);
status = centry->status;
@@ -2214,11 +2219,11 @@ do_query:
if (!NT_STATUS_IS_OK(domain->last_status))
return domain->last_status;
-
+
DEBUG(10,("password_policy: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
- status = domain->backend->password_policy(domain, mem_ctx, policy);
+ status = domain->backend->password_policy(domain, mem_ctx, policy);
/* and save it */
refresh_sequence_number(domain, false);
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index 48f37af4d0..2b756b24d1 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -770,7 +770,7 @@ static void account_lockout_policy_handler(struct event_context *ctx,
(struct winbindd_child *)private_data;
TALLOC_CTX *mem_ctx = NULL;
struct winbindd_methods *methods;
- SAM_UNK_INFO_12 lockout_policy;
+ struct samr_DomInfo12 lockout_policy;
NTSTATUS result;
DEBUG(10,("account_lockout_policy_handler called\n"));
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 9435a328dd..c1a277f9b5 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -370,7 +370,7 @@ static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
{
struct winbindd_methods *methods;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- SAM_UNK_INFO_1 password_policy;
+ struct samr_DomInfo1 password_policy;
if ( !winbindd_can_contact_domain( domain ) ) {
DEBUG(5,("fillup_password_policy: No inbound trust to "
@@ -386,28 +386,28 @@ static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
}
state->response.data.auth.policy.min_length_password =
- password_policy.min_length_password;
+ password_policy.min_password_length;
state->response.data.auth.policy.password_history =
- password_policy.password_history;
+ password_policy.password_history_length;
state->response.data.auth.policy.password_properties =
password_policy.password_properties;
state->response.data.auth.policy.expire =
- nt_time_to_unix_abs(&(password_policy.expire));
- state->response.data.auth.policy.min_passwordage =
- nt_time_to_unix_abs(&(password_policy.min_passwordage));
+ nt_time_to_unix_abs((NTTIME *)&(password_policy.max_password_age));
+ state->response.data.auth.policy.min_passwordage =
+ nt_time_to_unix_abs((NTTIME *)&(password_policy.min_password_age));
return NT_STATUS_OK;
}
static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint16 *max_allowed_bad_attempts)
+ uint16 *lockout_threshold)
{
struct winbindd_methods *methods;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- SAM_UNK_INFO_12 lockout_policy;
+ struct samr_DomInfo12 lockout_policy;
- *max_allowed_bad_attempts = 0;
+ *lockout_threshold = 0;
methods = domain->methods;
@@ -416,7 +416,7 @@ static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain
return status;
}
- *max_allowed_bad_attempts = lockout_policy.bad_attempt_lockout;
+ *lockout_threshold = lockout_policy.lockout_threshold;
return NT_STATUS_OK;
}
@@ -427,7 +427,7 @@ static NTSTATUS get_pwd_properties(struct winbindd_domain *domain,
{
struct winbindd_methods *methods;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- SAM_UNK_INFO_1 password_policy;
+ struct samr_DomInfo1 password_policy;
*password_properties = 0;
diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c
index 29db8be857..7c1d7bd71b 100644
--- a/source3/winbindd/winbindd_passdb.c
+++ b/source3/winbindd/winbindd_passdb.c
@@ -338,7 +338,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
static NTSTATUS lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *policy)
+ struct samr_DomInfo12 *policy)
{
/* actually we have that */
return NT_STATUS_NOT_IMPLEMENTED;
@@ -346,14 +346,14 @@ static NTSTATUS lockout_policy(struct winbindd_domain *domain,
static NTSTATUS password_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *policy)
+ struct samr_DomInfo1 *policy)
{
uint32 min_pass_len,pass_hist,password_properties;
time_t u_expire, u_min_age;
NTTIME nt_expire, nt_min_age;
uint32 account_policy_temp;
- if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) {
+ if ((policy = TALLOC_ZERO_P(mem_ctx, struct samr_DomInfo1)) == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -385,8 +385,12 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
unix_to_nt_time_abs(&nt_expire, u_expire);
unix_to_nt_time_abs(&nt_min_age, u_min_age);
- init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist,
- password_properties, nt_expire, nt_min_age);
+ init_samr_DomInfo1(policy,
+ (uint16)min_pass_len,
+ (uint16)pass_hist,
+ password_properties,
+ nt_expire,
+ nt_min_age);
return NT_STATUS_OK;
}
diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
index a1f96a0359..25debccc5a 100644
--- a/source3/winbindd/winbindd_reconnect.c
+++ b/source3/winbindd/winbindd_reconnect.c
@@ -247,7 +247,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
/* find the lockout policy of a domain */
static NTSTATUS lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *policy)
+ struct samr_DomInfo12 *policy)
{
NTSTATUS result;
@@ -262,7 +262,7 @@ static NTSTATUS lockout_policy(struct winbindd_domain *domain,
/* find the password policy of a domain */
static NTSTATUS password_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *policy)
+ struct samr_DomInfo1 *policy)
{
NTSTATUS result;
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index a318199b62..98e4077a4d 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -884,7 +884,7 @@ static int get_ldap_sequence_number(struct winbindd_domain *domain, uint32 *seq)
static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
{
TALLOC_CTX *mem_ctx;
- SAM_UNK_CTR ctr;
+ union samr_DomainInfo *info = NULL;
NTSTATUS result;
POLICY_HND dom_pol;
bool got_seq_num = False;
@@ -935,21 +935,27 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
/* Query domain info */
- result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 8, &ctr);
+ result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+ &dom_pol,
+ 8,
+ &info);
if (NT_STATUS_IS_OK(result)) {
- *seq = ctr.info.inf8.seq_num;
+ *seq = info->info8.sequence_num;
got_seq_num = True;
goto seq_num;
}
/* retry with info-level 2 in case the dc does not support info-level 8
- * (like all older samba2 and samba3 dc's - Guenther */
+ * (like all older samba2 and samba3 dc's) - Guenther */
+
+ result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+ &dom_pol,
+ 2,
+ &info);
- result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 2, &ctr);
-
if (NT_STATUS_IS_OK(result)) {
- *seq = ctr.info.inf2.seq_num;
+ *seq = info->info2.sequence_num;
got_seq_num = True;
}
@@ -1033,14 +1039,14 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
}
/* find the lockout policy for a domain */
-NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
+NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *lockout_policy)
+ struct samr_DomInfo12 *lockout_policy)
{
NTSTATUS result;
struct rpc_pipe_client *cli;
POLICY_HND dom_pol;
- SAM_UNK_CTR ctr;
+ union samr_DomainInfo *info = NULL;
DEBUG(10,("rpc: fetch lockout policy for %s\n", domain->name));
@@ -1055,15 +1061,18 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
goto done;
}
- result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 12, &ctr);
+ result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+ &dom_pol,
+ 12,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- *lockout_policy = ctr.info.inf12;
+ *lockout_policy = info->info12;
- DEBUG(10,("msrpc_lockout_policy: bad_attempt_lockout %d\n",
- ctr.info.inf12.bad_attempt_lockout));
+ DEBUG(10,("msrpc_lockout_policy: lockout_threshold %d\n",
+ info->info12.lockout_threshold));
done:
@@ -1071,14 +1080,14 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
}
/* find the password policy for a domain */
-NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
+NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *password_policy)
+ struct samr_DomInfo1 *password_policy)
{
NTSTATUS result;
struct rpc_pipe_client *cli;
POLICY_HND dom_pol;
- SAM_UNK_CTR ctr;
+ union samr_DomainInfo *info = NULL;
DEBUG(10,("rpc: fetch password policy for %s\n", domain->name));
@@ -1093,15 +1102,18 @@ NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
goto done;
}
- result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 1, &ctr);
+ result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+ &dom_pol,
+ 1,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- *password_policy = ctr.info.inf1;
+ *password_policy = info->info1;
- DEBUG(10,("msrpc_password_policy: min_length_password %d\n",
- ctr.info.inf1.min_length_password));
+ DEBUG(10,("msrpc_password_policy: min_length_password %d\n",
+ info->info1.min_password_length));
done: