From 24675d99e51609de542c70a8e6f39befeed46722 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 24 Jul 2002 05:26:32 +0000 Subject: Make it possible to query account policy values from pdbedit (set to come soon). Update account_pol.c to use just uint32, rather then uint32 for paramaters, int32 for storage. (The int32 functions didn't have seperate return/status values, uint32 functions use a pointer-paramater). Move the #define -> string from a swtich to a table, so we can look it up both ways. Andrew Bartlett (This used to be commit c5b5e3d653f5c38a283d901a409be6603d5103f7) --- source3/lib/account_pol.c | 88 +++++++++++++++++++++++++++++++++-------------- source3/utils/pdbedit.c | 40 +++++++++++++++------ 2 files changed, 91 insertions(+), 37 deletions(-) diff --git a/source3/lib/account_pol.c b/source3/lib/account_pol.c index 07676e2202..f603f0f191 100644 --- a/source3/lib/account_pol.c +++ b/source3/lib/account_pol.c @@ -2,6 +2,7 @@ * Unix SMB/CIFS implementation. * account policy storage * Copyright (C) Jean François Micouleau 1998-2001. + * Copyright (C) Andrew Bartlett 2002 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,6 +32,7 @@ BOOL init_account_policy(void) { static pid_t local_pid; char *vstring = "INFO/version"; + uint32 version; if (tdb && local_pid == sys_getpid()) return True; @@ -44,9 +46,9 @@ BOOL init_account_policy(void) /* handle a Samba upgrade */ tdb_lock_bystring(tdb, vstring); - if (tdb_fetch_int32(tdb, vstring) != DATABASE_VERSION) { + if (!tdb_fetch_uint32(tdb, vstring, &version) || version != DATABASE_VERSION) { tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); - tdb_store_int32(tdb, vstring, DATABASE_VERSION); + tdb_store_uint32(tdb, vstring, DATABASE_VERSION); account_policy_set(AP_MIN_PASSWORD_LEN, MINPASSWDLENGTH); /* 5 chars minimum */ account_policy_set(AP_PASSWORD_HISTORY, 0); /* don't keep any old password */ @@ -63,33 +65,50 @@ BOOL init_account_policy(void) return True; } +static const struct { + int field; + char *string; +} account_policy_names[] = { + {AP_MIN_PASSWORD_LEN, "min password length"}, + {AP_PASSWORD_HISTORY, "password history"}, + {AP_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password"}, + {AP_MAX_PASSWORD_AGE, "maximum password age"}, + {AP_MIN_PASSWORD_AGE,"minimum password age"}, + {AP_LOCK_ACCOUNT_DURATION, "lockout duration"}, + {AP_RESET_COUNT_TIME, "reset count minutes"}, + {AP_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt"}, + {AP_TIME_TO_LOGOUT, "disconnect time"}, + {0, NULL} +}; + +/**************************************************************************** +Get the account policy name as a string from its #define'ed number +****************************************************************************/ + +static const char *decode_account_policy_name(int field) +{ + int i; + for (i=0; account_policy_names[i].string; i++) { + if (field == account_policy_names[i].field) + return account_policy_names[i].string; + } + return NULL; + +} + /**************************************************************************** +Get the account policy name as a string from its #define'ed number ****************************************************************************/ -static char *decode_account_policy_name(int field) +int account_policy_name_to_feildnum(const char *name) { - switch (field) { - case AP_MIN_PASSWORD_LEN: - return "min password length"; - case AP_PASSWORD_HISTORY: - return "password history"; - case AP_USER_MUST_LOGON_TO_CHG_PASS: - return "user must logon to change password"; - case AP_MAX_PASSWORD_AGE: - return "maximum password age"; - case AP_MIN_PASSWORD_AGE: - return "minimum password age"; - case AP_LOCK_ACCOUNT_DURATION: - return "lockout duration"; - case AP_RESET_COUNT_TIME: - return "reset count minutes"; - case AP_BAD_ATTEMPT_LOCKOUT: - return "bad lockout attempt"; - case AP_TIME_TO_LOGOUT: - return "disconnect time"; - default: - return "undefined value"; + int i; + for (i=0; account_policy_names[i].string; i++) { + if (strcmp(name, account_policy_names[i].string) == 0) + return account_policy_names[i].field; } + return 0; + } @@ -101,8 +120,17 @@ BOOL account_policy_get(int field, uint32 *value) init_account_policy(); + *value = 0; + fstrcpy(name, decode_account_policy_name(field)); - *value=tdb_fetch_int32(tdb, name); + if (!*name) { + DEBUG(1, ("account_policy_get: Field %d is not a valid account policy type! Cannot get, returning 0.\n", field)); + return False; + } + if (!tdb_fetch_uint32(tdb, name, value)) { + DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for feild %d (%s), returning 0", field, name)); + return False; + } DEBUG(10,("account_policy_get: %s:%d\n", name, *value)); return True; } @@ -117,8 +145,16 @@ BOOL account_policy_set(int field, uint32 value) init_account_policy(); fstrcpy(name, decode_account_policy_name(field)); - if ( tdb_store_int32(tdb, name, value)== -1) + if (!*name) { + DEBUG(1, ("Field %d is not a valid account policy type! Cannot set.\n", field)); return False; + } + + if (!tdb_store_uint32(tdb, name, value)) { + DEBUG(1, ("tdb_store_uint32 failed for feild %d (%s) on value %u", field, name, value)); + return False; + } + DEBUG(10,("account_policy_set: %s:%d\n", name, value)); return True; diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index f48c24fbc0..4f67cf7ab7 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -416,6 +416,7 @@ int main (int argc, char **argv) static char *profile_path = NULL; static char *config_file = dyn_CONFIGFILE; static char *new_debuglevel = NULL; + static char *account_policy = NULL; struct pdb_context *in; poptContext pc; @@ -437,34 +438,51 @@ int main (int argc, char **argv) {"export", 'e',POPT_ARG_STRING,&backend_out,0,"export user accounts to backend", NULL}, {"debuglevel",'D', POPT_ARG_STRING, &new_debuglevel,0,"set debuglevel",NULL}, {"configfile",'c',POPT_ARG_STRING, &config_file,0,"use different configuration file",NULL}, + {"account-policy-get",'P',POPT_ARG_STRING, &account_policy,0,"get the value of an account policy (like maximum password age)",NULL}, + {0,0,0,0} }; - + setup_logging("pdbedit", True); - + pc = poptGetContext(NULL, argc, (const char **) argv, long_options, - POPT_CONTEXT_KEEP_FIRST); - + POPT_CONTEXT_KEEP_FIRST); + while((opt = poptGetNextOpt(pc)) != -1); - + if (new_debuglevel){ debug_parse_levels(new_debuglevel); AllowDebugChange = False; } - + if (!lp_load(config_file,True,False,False)) { fprintf(stderr, "Can't load %s - run testparm to debug it\n", - config_file); + config_file); exit(1); } - - + + setparms = (full_name || home_dir || home_drive || logon_script || profile_path); - - if (((add_user?1:0) + (delete_user?1:0) + (list_users?1:0) + (import?1:0) + (setparms?1:0)) + (backend_out?1:0) > 1) { + + if (((add_user?1:0) + (delete_user?1:0) + (list_users?1:0) + (import?1:0) + (setparms?1:0)) + (backend_out?1:0) + (account_policy?1:0) > 1) { fprintf (stderr, "Incompatible options on command line!\n"); exit(1); } + + if (account_policy) { + uint32 value; + int field = account_policy_name_to_feildnum(account_policy); + if (field == 0) { + fprintf(stderr, "No account policy by that name\n"); + exit(1); + } + if (!account_policy_get(field, &value)){ + fprintf(stderr, "valid account policy, but unable to fetch value!\n"); + exit(1); + } + printf("account policy value for %s is %u\n", account_policy, value); + exit(0); + } if (!backend_in) { if (!NT_STATUS_IS_OK(make_pdb_context_list(&in, lp_passdb_backend()))){ -- cgit