From b283a205da69db7b2ee3ae7e0a37532660707476 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Wed, 31 May 2006 10:09:31 +0000
Subject: r15977: Fillup the password_policy method in winbindd for
 winbindd_passdb. This should make pam_winbind work again on a Samba PDC (and
 fix Bug #3800).

Guenther
(This used to be commit 4addabd054a2627133d3fff71234db18cf2c822c)
---
 source3/nsswitch/winbindd_passdb.c | 43 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 41 insertions(+), 2 deletions(-)

diff --git a/source3/nsswitch/winbindd_passdb.c b/source3/nsswitch/winbindd_passdb.c
index 2aaed1acef..b949ea0808 100644
--- a/source3/nsswitch/winbindd_passdb.c
+++ b/source3/nsswitch/winbindd_passdb.c
@@ -443,8 +443,47 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
 				TALLOC_CTX *mem_ctx,
 				SAM_UNK_INFO_1 *policy)
 {
-	/* actually we have that */
-	return NT_STATUS_NOT_IMPLEMENTED;
+	uint32 min_pass_len,pass_hist,password_properties;
+	time_t u_expire, u_min_age;
+	NTTIME nt_expire, nt_min_age;
+	uint32 account_policy_temp;
+
+	if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	min_pass_len = account_policy_temp;
+
+	if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	pass_hist = account_policy_temp;
+
+	if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	password_properties = account_policy_temp;
+	
+	if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	u_expire = account_policy_temp;
+
+	if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	u_min_age = account_policy_temp;
+
+	unix_to_nt_time_abs(&nt_expire, u_expire);
+	unix_to_nt_time_abs(&nt_min_age, u_min_age);
+
+	init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist, 
+	               password_properties, nt_expire, nt_min_age);
+
+	return NT_STATUS_OK;
 }
 
 /* get a list of trusted domains */
-- 
cgit