1 files changed, 169 insertions, 0 deletions
diff --git a/source4/lib/account_pol.c b/source4/lib/account_pol.c
new file mode 100644
index 0000000000..df1479da3a
--- /dev/null
+++ b/source4/lib/account_pol.c
@@ -0,0 +1,169 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  account policy storage
+ *  Copyright (C) Jean Fran�ois Micouleau      1998-2001.
+ *  Copyright (C) Andrew Bartlett              2002
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+static TDB_CONTEXT *tdb; /* used for driver files */
+
+#define DATABASE_VERSION 1
+
+/****************************************************************************
+ Open the account policy tdb.
+****************************************************************************/
+
+BOOL init_account_policy(void)
+{
+	static pid_t local_pid;
+	const char *vstring = "INFO/version";
+	uint32 version;
+	TALLOC_CTX *mem_ctx;
+
+	if (tdb && local_pid == getpid())
+		return True;
+	mem_ctx = talloc_init("init_account_policy");
+	if (!mem_ctx) {
+		DEBUG(0,("No memory to open account policy database\n"));
+		return False;
+	}
+	tdb = tdb_open_log(lock_path(mem_ctx, "account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+	talloc_destroy(mem_ctx);
+	if (!tdb) {
+		DEBUG(0,("Failed to open account policy database\n"));
+		return False;
+	}
+
+	local_pid = getpid();
+
+	/* handle a Samba upgrade */
+	tdb_lock_bystring(tdb, vstring,0);
+	if (!tdb_fetch_uint32(tdb, vstring, &version) || version != DATABASE_VERSION) {
+		tdb_traverse(tdb, tdb_traverse_delete_fn, NULL);
+		tdb_store_uint32(tdb, vstring, DATABASE_VERSION);
+		
+		account_policy_set(AP_MIN_PASSWORD_LEN, MINPASSWDLENGTH);   /* 5 chars minimum             */
+		account_policy_set(AP_PASSWORD_HISTORY, 0);		    /* don't keep any old password */
+		account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, 0);	    /* don't force user to logon   */
+		account_policy_set(AP_MAX_PASSWORD_AGE, MAX_PASSWORD_AGE);  /* 21 days                     */
+		account_policy_set(AP_MIN_PASSWORD_AGE, 0);		    /* 0 days                      */
+		account_policy_set(AP_LOCK_ACCOUNT_DURATION, 0);	    /* lockout for 0 minutes       */
+		account_policy_set(AP_RESET_COUNT_TIME, 0);		    /* reset immediatly            */
+		account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, 0);		    /* don't lockout               */
+		account_policy_set(AP_TIME_TO_LOGOUT, -1);		    /* don't force logout          */
+	}
+	tdb_unlock_bystring(tdb, vstring);
+
+	return True;
+}
+
+static const struct {
+	int field;
+	const char *string;
+} account_policy_names[] = {
+	{AP_MIN_PASSWORD_LEN, "min password length"},
+	{AP_PASSWORD_HISTORY, "password history"},
+	{AP_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password"},
+	{AP_MAX_PASSWORD_AGE, "maximum password age"},
+	{AP_MIN_PASSWORD_AGE,"minimum password age"},
+	{AP_LOCK_ACCOUNT_DURATION, "lockout duration"},
+	{AP_RESET_COUNT_TIME, "reset count minutes"},
+	{AP_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt"},
+	{AP_TIME_TO_LOGOUT, "disconnect time"},
+	{0, NULL}
+};
+
+/****************************************************************************
+Get the account policy name as a string from its #define'ed number
+****************************************************************************/
+
+static const char *decode_account_policy_name(int field)
+{
+	int i;
+	for (i=0; account_policy_names[i].string; i++) {
+		if (field == account_policy_names[i].field)
+			return account_policy_names[i].string;
+	}
+	return NULL;
+
+}
+
+/****************************************************************************
+Get the account policy name as a string from its #define'ed number
+****************************************************************************/
+
+int account_policy_name_to_fieldnum(const char *name)
+{
+	int i;
+	for (i=0; account_policy_names[i].string; i++) {
+		if (strcmp(name, account_policy_names[i].string) == 0)
+			return account_policy_names[i].field;
+	}
+	return 0;
+
+}
+
+
+/****************************************************************************
+****************************************************************************/
+BOOL account_policy_get(int field, uint32 *value)
+{
+	fstring name;
+
+	init_account_policy();
+
+	*value = 0;
+
+	fstrcpy(name, decode_account_policy_name(field));
+	if (!*name) {
+		DEBUG(1, ("account_policy_get: Field %d is not a valid account policy type!  Cannot get, returning 0.\n", field));
+		return False;
+	}
+	if (!tdb_fetch_uint32(tdb, name, value)) {
+		DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for efild %d (%s), returning 0", field, name));
+		return False;
+	}
+	DEBUG(10,("account_policy_get: %s:%d\n", name, *value));
+	return True;
+}
+
+
+/****************************************************************************
+****************************************************************************/
+BOOL account_policy_set(int field, uint32 value)
+{
+	fstring name;
+
+	init_account_policy();
+
+	fstrcpy(name, decode_account_policy_name(field));
+	if (!*name) {
+		DEBUG(1, ("Field %d is not a valid account policy type!  Cannot set.\n", field));
+		return False;
+	}
+
+	if (!tdb_store_uint32(tdb, name, value)) {
+		DEBUG(1, ("tdb_store_uint32 failed for field %d (%s) on value %u", field, name, value));
+		return False;
+	}
+
+	DEBUG(10,("account_policy_set: %s:%d\n", name, value));
+	
+	return True;
+}
+