From c640e9235fe0af6eb7dd9474807942ffdecbb8c4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 7 Sep 2011 12:21:00 +1000 Subject: s4-s3-upgrade: convert password age policies to the negative NTTIME format This previously caused all accounts to be locked out. Andrew Bartlett Autobuild-User: Andrew Bartlett Autobuild-Date: Wed Sep 7 13:44:44 CEST 2011 on sn-devel-104 --- source4/scripting/python/samba/upgrade.py | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 2bb5ccccbe..92ab86b696 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -33,7 +33,7 @@ from samba.dcerpc import lsa, samr, security from samba.dcerpc.security import dom_sid from samba import dsdb from samba.ndr import ndr_pack - +from samba import unix2nttime def import_sam_policy(samdb, policy, logger): """Import a Samba 3 policy. @@ -53,16 +53,29 @@ def import_sam_policy(samdb, policy, logger): m = ldb.Message() m.dn = samdb.get_default_basedn() - m['a01'] = ldb.MessageElement(str(policy['min password length']), ldb.FLAG_MOD_REPLACE, + m['a01'] = ldb.MessageElement(str(unix2nttime(policy['min password length'])), ldb.FLAG_MOD_REPLACE, 'minPwdLength') m['a02'] = ldb.MessageElement(str(policy['password history']), ldb.FLAG_MOD_REPLACE, 'pwdHistoryLength') - m['a03'] = ldb.MessageElement(str(policy['minimum password age']), ldb.FLAG_MOD_REPLACE, - 'minPwdAge') - m['a04'] = ldb.MessageElement(str(policy['maximum password age']), ldb.FLAG_MOD_REPLACE, - 'maxPwdAge') - m['a05'] = ldb.MessageElement(str(policy['lockout duration']), ldb.FLAG_MOD_REPLACE, - 'lockoutDuration') + + min_pw_age_unix = policy['minimum password age'] + min_pw_age_nt = 0 - unix2nttime(min_pw_age_unix) + m['a03'] = ldb.MessageElement(str(min_pw_age_nt), ldb.FLAG_MOD_REPLACE, 'minPwdAge') + + max_pw_age_unix = policy['maximum password age'] + if (max_pw_age_unix == 0xFFFFFFFF): + max_pw_age_nt = 0 + else: + max_pw_age_nt = unix2nttime(max_pw_age_unix) + + m['a04'] = ldb.MessageElement(str(max_pw_age_nt), ldb.FLAG_MOD_REPLACE, + 'maxPwdAge') + + lockout_duration_mins = policy['lockout duration'] + lockout_duration_nt = unix2nttime(lockout_duration_mins * 60) + + m['a05'] = ldb.MessageElement(str(lockout_duration_nt), ldb.FLAG_MOD_REPLACE, + 'lockoutDuration') try: samdb.modify(m) -- cgit