From 9f15ef11bdf75dbc1a1af3c2bc35b1d653216f62 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 13 Jul 2009 23:53:49 +0200 Subject: s3-account_policy: add pdb_policy_type enum. Guenther --- source3/include/passdb.h | 22 ++++++- source3/include/proto.h | 22 +++---- source3/include/smb.h | 14 ---- source3/lib/account_pol.c | 88 +++++++++++++------------- source3/libnet/libnet_samsync_passdb.c | 23 ++++--- source3/passdb/passdb.c | 16 ++--- source3/passdb/pdb_ads.c | 10 +-- source3/passdb/pdb_get_set.c | 6 +- source3/passdb/pdb_interface.c | 16 ++--- source3/passdb/pdb_ldap.c | 40 ++++++------ source3/registry/reg_backend_netlogon_params.c | 2 +- source3/rpc_server/srv_samr_nt.c | 62 +++++++++--------- source3/rpc_server/srv_samr_util.c | 2 +- source3/smbd/chgpasswd.c | 6 +- source3/torture/pdbtest.c | 6 +- source3/winbindd/winbindd_passdb.c | 10 +-- 16 files changed, 179 insertions(+), 166 deletions(-) (limited to 'source3') diff --git a/source3/include/passdb.h b/source3/include/passdb.h index 4e53311eba..2b4f9c2e43 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -205,6 +205,22 @@ struct pdb_domain_info { struct GUID guid; }; +/* + * Types of account policy. + */ +enum pdb_policy_type { + PDB_POLICY_MIN_PASSWORD_LEN = 1, + PDB_POLICY_PASSWORD_HISTORY = 2, + PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS = 3, + PDB_POLICY_MAX_PASSWORD_AGE = 4, + PDB_POLICY_MIN_PASSWORD_AGE = 5, + PDB_POLICY_LOCK_ACCOUNT_DURATION = 6, + PDB_POLICY_RESET_COUNT_TIME = 7, + PDB_POLICY_BAD_ATTEMPT_LOCKOUT = 8, + PDB_POLICY_TIME_TO_LOGOUT = 9, + PDB_POLICY_REFUSE_MACHINE_PW_CHANGE = 10 +}; + #define PDB_CAP_STORE_RIDS 0x0001 #define PDB_CAP_ADS 0x0002 @@ -351,10 +367,12 @@ struct pdb_methods enum lsa_SidType *attrs); NTSTATUS (*get_account_policy)(struct pdb_methods *methods, - int policy_index, uint32 *value); + enum pdb_policy_type type, + uint32_t *value); NTSTATUS (*set_account_policy)(struct pdb_methods *methods, - int policy_index, uint32 value); + enum pdb_policy_type type, + uint32_t value); NTSTATUS (*get_seq_num)(struct pdb_methods *methods, time_t *seq_num); diff --git a/source3/include/proto.h b/source3/include/proto.h index 7b3eaa0659..0dd1e98c86 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -290,16 +290,16 @@ bool check_access(int sock, const char **allow_list, const char **deny_list); /* The following definitions come from lib/account_pol.c */ void account_policy_names_list(const char ***names, int *num_names); -const char *decode_account_policy_name(int field); -const char *get_account_policy_attr(int field); -const char *account_policy_get_desc(int field); -int account_policy_name_to_fieldnum(const char *name); -bool account_policy_get_default(int account_policy, uint32 *val); +const char *decode_account_policy_name(enum pdb_policy_type type); +const char *get_account_policy_attr(enum pdb_policy_type type); +const char *account_policy_get_desc(enum pdb_policy_type type); +enum pdb_policy_type account_policy_name_to_typenum(const char *name); +bool account_policy_get_default(enum pdb_policy_type type, uint32_t *val); bool init_account_policy(void); -bool account_policy_get(int field, uint32 *value); -bool account_policy_set(int field, uint32 value); -bool cache_account_policy_set(int field, uint32 value); -bool cache_account_policy_get(int field, uint32 *value); +bool account_policy_get(enum pdb_policy_type type, uint32_t *value); +bool account_policy_set(enum pdb_policy_type type, uint32_t value); +bool cache_account_policy_set(enum pdb_policy_type type, uint32_t value); +bool cache_account_policy_get(enum pdb_policy_type type, uint32_t *value); struct db_context *get_account_pol_db( void ); /* The following definitions come from lib/adt_tree.c */ @@ -4595,8 +4595,8 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid, const char **names, uint32 *rids, enum lsa_SidType *attrs); -bool pdb_get_account_policy(int policy_index, uint32 *value); -bool pdb_set_account_policy(int policy_index, uint32 value); +bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value); +bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value); bool pdb_get_seq_num(time_t *seq_num); bool pdb_uid_to_rid(uid_t uid, uint32 *rid); bool pdb_uid_to_sid(uid_t uid, DOM_SID *sid); diff --git a/source3/include/smb.h b/source3/include/smb.h index 9afeb67b00..2e9cf1b54a 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -833,20 +833,6 @@ struct pipe_open_rec { #define PW_HISTORY_ENTRY_LEN (PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN) #define MAX_PW_HISTORY_LEN 24 -/* - * Flags for account policy. - */ -#define AP_MIN_PASSWORD_LEN 1 -#define AP_PASSWORD_HISTORY 2 -#define AP_USER_MUST_LOGON_TO_CHG_PASS 3 -#define AP_MAX_PASSWORD_AGE 4 -#define AP_MIN_PASSWORD_AGE 5 -#define AP_LOCK_ACCOUNT_DURATION 6 -#define AP_RESET_COUNT_TIME 7 -#define AP_BAD_ATTEMPT_LOCKOUT 8 -#define AP_TIME_TO_LOGOUT 9 -#define AP_REFUSE_MACHINE_PW_CHANGE 10 - /* * Flags for local user manipulation. */ diff --git a/source3/lib/account_pol.c b/source3/lib/account_pol.c index 4b63375e29..f4101e96bc 100644 --- a/source3/lib/account_pol.c +++ b/source3/lib/account_pol.c @@ -31,7 +31,7 @@ static struct db_context *db; struct ap_table { - int field; + enum pdb_policy_type type; const char *string; uint32 default_val; const char *description; @@ -39,43 +39,43 @@ struct ap_table { }; static const struct ap_table account_policy_names[] = { - {AP_MIN_PASSWORD_LEN, "min password length", MINPASSWDLENGTH, + {PDB_POLICY_MIN_PASSWORD_LEN, "min password length", MINPASSWDLENGTH, "Minimal password length (default: 5)", "sambaMinPwdLength" }, - {AP_PASSWORD_HISTORY, "password history", 0, + {PDB_POLICY_PASSWORD_HISTORY, "password history", 0, "Length of Password History Entries (default: 0 => off)", "sambaPwdHistoryLength" }, - {AP_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password", 0, + {PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password", 0, "Force Users to logon for password change (default: 0 => off, 2 => on)", "sambaLogonToChgPwd" }, - {AP_MAX_PASSWORD_AGE, "maximum password age", (uint32) -1, + {PDB_POLICY_MAX_PASSWORD_AGE, "maximum password age", (uint32) -1, "Maximum password age, in seconds (default: -1 => never expire passwords)", "sambaMaxPwdAge" }, - {AP_MIN_PASSWORD_AGE,"minimum password age", 0, + {PDB_POLICY_MIN_PASSWORD_AGE,"minimum password age", 0, "Minimal password age, in seconds (default: 0 => allow immediate password change)", "sambaMinPwdAge" }, - {AP_LOCK_ACCOUNT_DURATION, "lockout duration", 30, + {PDB_POLICY_LOCK_ACCOUNT_DURATION, "lockout duration", 30, "Lockout duration in minutes (default: 30, -1 => forever)", "sambaLockoutDuration" }, - {AP_RESET_COUNT_TIME, "reset count minutes", 30, + {PDB_POLICY_RESET_COUNT_TIME, "reset count minutes", 30, "Reset time after lockout in minutes (default: 30)", "sambaLockoutObservationWindow" }, - {AP_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt", 0, + {PDB_POLICY_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt", 0, "Lockout users after bad logon attempts (default: 0 => off)", "sambaLockoutThreshold" }, - {AP_TIME_TO_LOGOUT, "disconnect time", (uint32) -1, + {PDB_POLICY_TIME_TO_LOGOUT, "disconnect time", (uint32) -1, "Disconnect Users outside logon hours (default: -1 => off, 0 => on)", "sambaForceLogoff" }, - {AP_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change", 0, + {PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change", 0, "Allow Machine Password changes (default: 0 => off)", "sambaRefuseMachinePwdChange" }, @@ -106,11 +106,11 @@ void account_policy_names_list(const char ***names, int *num_names) Get the account policy name as a string from its #define'ed number ****************************************************************************/ -const char *decode_account_policy_name(int field) +const char *decode_account_policy_name(enum pdb_policy_type type) { int i; for (i=0; account_policy_names[i].string; i++) { - if (field == account_policy_names[i].field) { + if (type == account_policy_names[i].type) { return account_policy_names[i].string; } } @@ -121,11 +121,11 @@ const char *decode_account_policy_name(int field) Get the account policy LDAP attribute as a string from its #define'ed number ****************************************************************************/ -const char *get_account_policy_attr(int field) +const char *get_account_policy_attr(enum pdb_policy_type type) { int i; - for (i=0; account_policy_names[i].field; i++) { - if (field == account_policy_names[i].field) { + for (i=0; account_policy_names[i].type; i++) { + if (type == account_policy_names[i].type) { return account_policy_names[i].ldap_attr; } } @@ -136,11 +136,11 @@ const char *get_account_policy_attr(int field) Get the account policy description as a string from its #define'ed number ****************************************************************************/ -const char *account_policy_get_desc(int field) +const char *account_policy_get_desc(enum pdb_policy_type type) { int i; for (i=0; account_policy_names[i].string; i++) { - if (field == account_policy_names[i].field) { + if (type == account_policy_names[i].type) { return account_policy_names[i].description; } } @@ -151,12 +151,12 @@ const char *account_policy_get_desc(int field) Get the account policy name as a string from its #define'ed number ****************************************************************************/ -int account_policy_name_to_fieldnum(const char *name) +enum pdb_policy_type account_policy_name_to_typenum(const char *name) { int i; for (i=0; account_policy_names[i].string; i++) { if (strcmp(name, account_policy_names[i].string) == 0) { - return account_policy_names[i].field; + return account_policy_names[i].type; } } return 0; @@ -166,35 +166,35 @@ int account_policy_name_to_fieldnum(const char *name) Get default value for account policy *****************************************************************************/ -bool account_policy_get_default(int account_policy, uint32 *val) +bool account_policy_get_default(enum pdb_policy_type type, uint32_t *val) { int i; - for (i=0; account_policy_names[i].field; i++) { - if (account_policy_names[i].field == account_policy) { + for (i=0; account_policy_names[i].type; i++) { + if (account_policy_names[i].type == type) { *val = account_policy_names[i].default_val; return True; } } DEBUG(0,("no default for account_policy index %d found. This should never happen\n", - account_policy)); + type)); return False; } /***************************************************************************** - Set default for a field if it is empty + Set default for a type if it is empty *****************************************************************************/ -static bool account_policy_set_default_on_empty(int account_policy) +static bool account_policy_set_default_on_empty(enum pdb_policy_type type) { uint32 value; - if (!account_policy_get(account_policy, &value) && - !account_policy_get_default(account_policy, &value)) { + if (!account_policy_get(type, &value) && + !account_policy_get_default(type, &value)) { return False; } - return account_policy_set(account_policy, value); + return account_policy_set(type, value); } /***************************************************************************** @@ -255,9 +255,9 @@ bool init_account_policy(void) goto cancel; } - for (i=0; account_policy_names[i].field; i++) { + for (i=0; account_policy_names[i].type; i++) { - if (!account_policy_set_default_on_empty(account_policy_names[i].field)) { + if (!account_policy_set_default_on_empty(account_policy_names[i].type)) { DEBUG(0,("failed to set default value in account policy tdb\n")); goto cancel; } @@ -302,7 +302,7 @@ bool init_account_policy(void) Get an account policy (from tdb) *****************************************************************************/ -bool account_policy_get(int field, uint32 *value) +bool account_policy_get(enum pdb_policy_type type, uint32_t *value) { const char *name; uint32 regval; @@ -315,14 +315,14 @@ bool account_policy_get(int field, uint32 *value) *value = 0; } - name = decode_account_policy_name(field); + name = decode_account_policy_name(type); if (name == NULL) { - DEBUG(1, ("account_policy_get: Field %d is not a valid account policy type! Cannot get, returning 0.\n", field)); + DEBUG(1, ("account_policy_get: Field %d is not a valid account policy type! Cannot get, returning 0.\n", type)); return False; } if (!dbwrap_fetch_uint32(db, name, ®val)) { - DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for field %d (%s), returning 0\n", field, name)); + DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for type %d (%s), returning 0\n", type, name)); return False; } @@ -339,7 +339,7 @@ bool account_policy_get(int field, uint32 *value) Set an account policy (in tdb) ****************************************************************************/ -bool account_policy_set(int field, uint32 value) +bool account_policy_set(enum pdb_policy_type type, uint32_t value) { const char *name; NTSTATUS status; @@ -348,16 +348,16 @@ bool account_policy_set(int field, uint32 value) return False; } - name = decode_account_policy_name(field); + name = decode_account_policy_name(type); if (name == NULL) { - DEBUG(1, ("Field %d is not a valid account policy type! Cannot set.\n", field)); + DEBUG(1, ("Field %d is not a valid account policy type! Cannot set.\n", type)); return False; } status = dbwrap_trans_store_uint32(db, name, value); if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("store_uint32 failed for field %d (%s) on value " - "%u: %s\n", field, name, value, nt_errstr(status))); + DEBUG(1, ("store_uint32 failed for type %d (%s) on value " + "%u: %s\n", type, name, value, nt_errstr(status))); return False; } @@ -370,14 +370,14 @@ bool account_policy_set(int field, uint32 value) Set an account policy in the cache ****************************************************************************/ -bool cache_account_policy_set(int field, uint32 value) +bool cache_account_policy_set(enum pdb_policy_type type, uint32_t value) { const char *policy_name = NULL; char *cache_key = NULL; char *cache_value = NULL; bool ret = False; - policy_name = decode_account_policy_name(field); + policy_name = decode_account_policy_name(type); if (policy_name == NULL) { DEBUG(0,("cache_account_policy_set: no policy found\n")); return False; @@ -407,14 +407,14 @@ bool cache_account_policy_set(int field, uint32 value) Get an account policy from the cache *****************************************************************************/ -bool cache_account_policy_get(int field, uint32 *value) +bool cache_account_policy_get(enum pdb_policy_type type, uint32_t *value) { const char *policy_name = NULL; char *cache_key = NULL; char *cache_value = NULL; bool ret = False; - policy_name = decode_account_policy_name(field); + policy_name = decode_account_policy_name(type); if (policy_name == NULL) { DEBUG(0,("cache_account_policy_set: no policy found\n")); return False; diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 27c7aac7e7..41a9b3d9f3 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -676,21 +676,24 @@ static NTSTATUS fetch_domain_info(TALLOC_CTX *mem_ctx, } - if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, + if (!pdb_set_account_policy(PDB_POLICY_PASSWORD_HISTORY, r->password_history_length)) return nt_status; - if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, + if (!pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, r->min_password_length)) return nt_status; - if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) + if (!pdb_set_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, + (uint32)u_max_age)) return nt_status; - if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age)) + if (!pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, + (uint32)u_min_age)) return nt_status; - if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout)) + if (!pdb_set_account_policy(PDB_POLICY_TIME_TO_LOGOUT, + (uint32)u_logout)) return nt_status; if (lockstr) { @@ -699,21 +702,23 @@ static NTSTATUS fetch_domain_info(TALLOC_CTX *mem_ctx, u_lockoutreset = uint64s_nt_time_to_unix_abs(&lockstr->reset_count); u_lockouttime = uint64s_nt_time_to_unix_abs((uint64_t *)&lockstr->lockout_duration); - if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, + if (!pdb_set_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, lockstr->bad_attempt_lockout)) return nt_status; - if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32_t)u_lockoutreset/60)) + if (!pdb_set_account_policy(PDB_POLICY_RESET_COUNT_TIME, + (uint32_t)u_lockoutreset/60)) return nt_status; if (u_lockouttime != -1) u_lockouttime /= 60; - if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32_t)u_lockouttime)) + if (!pdb_set_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, + (uint32_t)u_lockouttime)) return nt_status; } - if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + if (!pdb_set_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS, r->logon_to_chgpass)) return nt_status; diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 4ed04e4e7a..0678181669 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -1439,7 +1439,7 @@ static bool init_samu_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 bu } /* Change from V1 is addition of password history field. */ - pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); + pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen); if (pwHistLen) { uint8 *pw_hist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN); if (!pw_hist) { @@ -1674,7 +1674,7 @@ static bool init_samu_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 bu } } - pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); + pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen); if (pwHistLen) { uint8 *pw_hist = (uint8 *)SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN); if (!pw_hist) { @@ -1879,7 +1879,7 @@ static uint32 init_buffer_from_samu_v3 (uint8 **buf, struct samu *sampass, bool nt_pw_len = 0; } - pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); + pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen); nt_pw_hist = pdb_get_pw_history(sampass, &nt_pw_hist_len); if (pwHistLen && nt_pw_hist && nt_pw_hist_len) { nt_pw_hist_len *= PW_HISTORY_ENTRY_LEN; @@ -2085,7 +2085,7 @@ bool pdb_copy_sam_account(struct samu *dst, struct samu *src ) } /********************************************************************* - Update the bad password count checking the AP_RESET_COUNT_TIME + Update the bad password count checking the PDB_POLICY_RESET_COUNT_TIME *********************************************************************/ bool pdb_update_bad_password_count(struct samu *sampass, bool *updated) @@ -2102,7 +2102,7 @@ bool pdb_update_bad_password_count(struct samu *sampass, bool *updated) } become_root(); - res = pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime); + res = pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &resettime); unbecome_root(); if (!res) { @@ -2131,7 +2131,7 @@ bool pdb_update_bad_password_count(struct samu *sampass, bool *updated) } /********************************************************************* - Update the ACB_AUTOLOCK flag checking the AP_LOCK_ACCOUNT_DURATION + Update the ACB_AUTOLOCK flag checking the PDB_POLICY_LOCK_ACCOUNT_DURATION *********************************************************************/ bool pdb_update_autolock_flag(struct samu *sampass, bool *updated) @@ -2147,7 +2147,7 @@ bool pdb_update_autolock_flag(struct samu *sampass, bool *updated) } become_root(); - res = pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration); + res = pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, &duration); unbecome_root(); if (!res) { @@ -2199,7 +2199,7 @@ bool pdb_increment_bad_password_count(struct samu *sampass) /* Retrieve the account lockout policy */ become_root(); - ret = pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout); + ret = pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout); unbecome_root(); if ( !ret ) { DEBUG(0, ("pdb_increment_bad_password_count: pdb_get_account_policy failed.\n")); diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c index 66fdff181f..70d550042b 100644 --- a/source3/passdb/pdb_ads.c +++ b/source3/passdb/pdb_ads.c @@ -1706,16 +1706,18 @@ static NTSTATUS pdb_ads_lookup_names(struct pdb_methods *m, } static NTSTATUS pdb_ads_get_account_policy(struct pdb_methods *m, - int policy_index, uint32 *value) + enum pdb_policy_type type, + uint32_t *value) { - return account_policy_get(policy_index, value) + return account_policy_get(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } static NTSTATUS pdb_ads_set_account_policy(struct pdb_methods *m, - int policy_index, uint32 value) + enum pdb_policy_type type, + uint32_t value) { - return account_policy_set(policy_index, value) + return account_policy_set(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index f55b77f675..30775e49fe 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -88,7 +88,7 @@ time_t pdb_get_pass_can_change_time(const struct samu *sampass) pdb_get_init_flags(sampass, PDB_CANCHANGETIME) == PDB_CHANGED) return sampass->pass_can_change_time; - if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow)) + if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &allow)) allow = 0; /* in normal cases, just calculate it from policy */ @@ -112,7 +112,7 @@ time_t pdb_get_pass_must_change_time(const struct samu *sampass) if (sampass->acct_ctrl & ACB_PWNOEXP) return get_time_t_max(); - if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) + if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire) || expire == (uint32)-1 || expire == 0) return get_time_t_max(); @@ -1013,7 +1013,7 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext) if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) { uchar *pwhistory; uint32 pwHistLen; - pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); + pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen); if (pwHistLen != 0){ uint32 current_history_len; /* We need to make sure we don't have a race condition here - the diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 465a6bf595..5d0b625da5 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -994,25 +994,25 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid, } #endif -bool pdb_get_account_policy(int policy_index, uint32 *value) +bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value) { struct pdb_methods *pdb = pdb_get_methods(); NTSTATUS status; become_root(); - status = pdb->get_account_policy(pdb, policy_index, value); + status = pdb->get_account_policy(pdb, type, value); unbecome_root(); return NT_STATUS_IS_OK(status); } -bool pdb_set_account_policy(int policy_index, uint32 value) +bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value) { struct pdb_methods *pdb = pdb_get_methods(); NTSTATUS status; become_root(); - status = pdb->set_account_policy(pdb, policy_index, value); + status = pdb->set_account_policy(pdb, type, value); unbecome_root(); return NT_STATUS_IS_OK(status); @@ -1174,14 +1174,14 @@ static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, return NT_STATUS_OK; } -static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value) +static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value) { - return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + return account_policy_get(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value) +static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value) { - return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + return account_policy_set(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num) diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 173298561f..11554a76ac 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -902,7 +902,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state, pwHistLen = 0; - pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); + pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen); if (pwHistLen > 0){ uint8 *pwhist = NULL; int i; @@ -1327,7 +1327,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state, if (need_update(sampass, PDB_PWHISTORY)) { char *pwstr = NULL; uint32 pwHistLen = 0; - pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); + pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen); pwstr = SMB_MALLOC_ARRAY(char, 1024); if (!pwstr) { @@ -1404,7 +1404,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state, uint16 badcount = pdb_get_bad_password_count(sampass); time_t badtime = pdb_get_bad_password_time(sampass); uint32 pol; - pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &pol); + pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &pol); DEBUG(3, ("updating bad password fields, policy=%u, count=%u, time=%u\n", (unsigned int)pol, (unsigned int)badcount, (unsigned int)badtime)); @@ -3762,7 +3762,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, } static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods, - int policy_index, + enum pdb_policy_type type, uint32 value) { NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; @@ -3780,7 +3780,7 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods, return NT_STATUS_INVALID_PARAMETER; } - policy_attr = get_account_policy_attr(policy_index); + policy_attr = get_account_policy_attr(type); if (policy_attr == NULL) { DEBUG(0,("ldapsam_set_account_policy_in_ldap: invalid " "policy\n")); @@ -3800,7 +3800,7 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods, return ntstatus; } - if (!cache_account_policy_set(policy_index, value)) { + if (!cache_account_policy_set(type, value)) { DEBUG(0,("ldapsam_set_account_policy_in_ldap: failed to " "update local tdb cache\n")); return ntstatus; @@ -3810,14 +3810,15 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods, } static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods, - int policy_index, uint32 value) + enum pdb_policy_type type, + uint32_t value) { - return ldapsam_set_account_policy_in_ldap(methods, policy_index, + return ldapsam_set_account_policy_in_ldap(methods, type, value); } static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods, - int policy_index, + enum pdb_policy_type type, uint32 *value) { NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; @@ -3839,10 +3840,10 @@ static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods return NT_STATUS_INVALID_PARAMETER; } - policy_attr = get_account_policy_attr(policy_index); + policy_attr = get_account_policy_attr(type); if (!policy_attr) { DEBUG(0,("ldapsam_get_account_policy_from_ldap: invalid " - "policy index: %d\n", policy_index)); + "policy index: %d\n", type)); return ntstatus; } @@ -3896,17 +3897,18 @@ out: Guenther */ static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods, - int policy_index, uint32 *value) + enum pdb_policy_type type, + uint32_t *value) { NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; - if (cache_account_policy_get(policy_index, value)) { + if (cache_account_policy_get(type, value)) { DEBUG(11,("ldapsam_get_account_policy: got valid value from " "cache\n")); return NT_STATUS_OK; } - ntstatus = ldapsam_get_account_policy_from_ldap(methods, policy_index, + ntstatus = ldapsam_get_account_policy_from_ldap(methods, type, value); if (NT_STATUS_IS_OK(ntstatus)) { goto update_cache; @@ -3917,27 +3919,27 @@ static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods, #if 0 /* should we automagically migrate old tdb value here ? */ - if (account_policy_get(policy_index, value)) + if (account_policy_get(type, value)) goto update_ldap; DEBUG(10,("ldapsam_get_account_policy: no tdb for %d, trying " - "default\n", policy_index)); + "default\n", type)); #endif - if (!account_policy_get_default(policy_index, value)) { + if (!account_policy_get_default(type, value)) { return ntstatus; } /* update_ldap: */ - ntstatus = ldapsam_set_account_policy(methods, policy_index, *value); + ntstatus = ldapsam_set_account_policy(methods, type, *value); if (!NT_STATUS_IS_OK(ntstatus)) { return ntstatus; } update_cache: - if (!cache_account_policy_set(policy_index, *value)) { + if (!cache_account_policy_set(type, *value)) { DEBUG(0,("ldapsam_get_account_policy: failed to update local " "tdb as a cache\n")); return NT_STATUS_UNSUCCESSFUL; diff --git a/source3/registry/reg_backend_netlogon_params.c b/source3/registry/reg_backend_netlogon_params.c index 682c7fe9a5..6fc87efb1d 100644 --- a/source3/registry/reg_backend_netlogon_params.c +++ b/source3/registry/reg_backend_netlogon_params.c @@ -35,7 +35,7 @@ static int netlogon_params_fetch_values(const char *key, struct regval_ctr *regv { uint32 dwValue; - if (!pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, &dwValue)) { + if (!pdb_get_account_policy(PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, &dwValue)) { dwValue = 0; } diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 1085251421..b27603f261 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -639,9 +639,9 @@ NTSTATUS _samr_GetUserPwInfo(pipes_struct *p, switch (sid_type) { case SID_NAME_USER: become_root(); - pdb_get_account_policy(AP_MIN_PASSWORD_LEN, + pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &min_password_length); - pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS, &password_properties); unbecome_root(); @@ -2079,19 +2079,19 @@ NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p, /* AS ROOT !!! */ - pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &tmp); + pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &tmp); dominfo->min_password_length = tmp; - pdb_get_account_policy(AP_PASSWORD_HISTORY, &tmp); + pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &tmp); dominfo->password_history_length = tmp; - pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS, &dominfo->password_properties); - pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp); + pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &account_policy_temp); u_expire = account_policy_temp; - pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp); + pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &account_policy_temp); u_min_age = account_policy_temp; /* !AS ROOT */ @@ -3305,19 +3305,19 @@ static NTSTATUS query_dom_info_1(TALLOC_CTX *mem_ctx, /* AS ROOT !!! */ - pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp); + pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &account_policy_temp); r->min_password_length = account_policy_temp; - pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp); + pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &account_policy_temp); r->password_history_length = account_policy_temp; - pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS, &r->password_properties); - pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp); + pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &account_policy_temp); u_expire = account_policy_temp; - pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp); + pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &account_policy_temp); u_min_age = account_policy_temp; /* !AS ROOT */ @@ -3352,7 +3352,7 @@ static NTSTATUS query_dom_info_2(TALLOC_CTX *mem_ctx, r->num_groups = count_sam_groups(dinfo->disp_info); r->num_aliases = count_sam_aliases(dinfo->disp_info); - pdb_get_account_policy(AP_TIME_TO_LOGOUT, &u_logout); + pdb_get_account_policy(PDB_POLICY_TIME_TO_LOGOUT, &u_logout); unix_to_nt_time_abs(&r->force_logoff_time, u_logout); @@ -3389,7 +3389,7 @@ static NTSTATUS query_dom_info_3(TALLOC_CTX *mem_ctx, { uint32_t ul; - pdb_get_account_policy(AP_TIME_TO_LOGOUT, &ul); + pdb_get_account_policy(PDB_POLICY_TIME_TO_LOGOUT, &ul); u_logout = (time_t)ul; } @@ -3506,16 +3506,16 @@ static NTSTATUS query_dom_info_11(TALLOC_CTX *mem_ctx, become_root(); - pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp); + pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, &account_policy_temp); u_lock_duration = account_policy_temp; if (u_lock_duration != -1) { u_lock_duration *= 60; } - pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp); + pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &account_policy_temp); u_reset_time = account_policy_temp * 60; - pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp); + pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &account_policy_temp); r->lockout_threshold = account_policy_temp; /* !AS ROOT */ @@ -3541,16 +3541,16 @@ static NTSTATUS query_dom_info_12(TALLOC_CTX *mem_ctx, /* AS ROOT !!! */ - pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp); + pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, &account_policy_temp); u_lock_duration = account_policy_temp; if (u_lock_duration != -1) { u_lock_duration *= 60; } - pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp); + pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &account_policy_temp); u_reset_time = account_policy_temp * 60; - pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp); + pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &account_policy_temp); r->lockout_threshold = account_policy_temp; /* !AS ROOT */ @@ -6205,9 +6205,9 @@ NTSTATUS _samr_GetDomPwInfo(pipes_struct *p, } become_root(); - pdb_get_account_policy(AP_MIN_PASSWORD_LEN, + pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &min_password_length); - pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS, &password_properties); unbecome_root(); @@ -6376,14 +6376,14 @@ static NTSTATUS set_dom_info_1(TALLOC_CTX *mem_ctx, u_expire = nt_time_to_unix_abs((NTTIME *)&r->max_password_age); u_min_age = nt_time_to_unix_abs((NTTIME *)&r->min_password_age); - pdb_set_account_policy(AP_MIN_PASSWORD_LEN, + pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, (uint32_t)r->min_password_length); - pdb_set_account_policy(AP_PASSWORD_HISTORY, + pdb_set_account_policy(PDB_POLICY_PASSWORD_HISTORY, (uint32_t)r->password_history_length); - pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + pdb_set_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS, (uint32_t)r->password_properties); - pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (int)u_expire); - pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (int)u_min_age); + pdb_set_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, (int)u_expire); + pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, (int)u_min_age); return NT_STATUS_OK; } @@ -6398,7 +6398,7 @@ static NTSTATUS set_dom_info_3(TALLOC_CTX *mem_ctx, u_logout = nt_time_to_unix_abs((NTTIME *)&r->force_logoff_time); - pdb_set_account_policy(AP_TIME_TO_LOGOUT, (int)u_logout); + pdb_set_account_policy(PDB_POLICY_TIME_TO_LOGOUT, (int)u_logout); return NT_STATUS_OK; } @@ -6418,9 +6418,9 @@ static NTSTATUS set_dom_info_12(TALLOC_CTX *mem_ctx, u_reset_time = nt_time_to_unix_abs((NTTIME *)&r->lockout_window)/60; - pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (int)u_lock_duration); - pdb_set_account_policy(AP_RESET_COUNT_TIME, (int)u_reset_time); - pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, + pdb_set_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, (int)u_lock_duration); + pdb_set_account_policy(PDB_POLICY_RESET_COUNT_TIME, (int)u_reset_time); + pdb_set_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, (uint32_t)r->lockout_threshold); return NT_STATUS_OK; diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c index 69daa31e9c..1e5988af33 100644 --- a/source3/rpc_server/srv_samr_util.c +++ b/source3/rpc_server/srv_samr_util.c @@ -619,7 +619,7 @@ void copy_id21_to_sam_passwd(const char *log_prefix, uint32_t pwd_max_age = 0; time_t now = time(NULL); - pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &pwd_max_age); + pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &pwd_max_age); if (pwd_max_age == (uint32_t)-1 || pwd_max_age == 0) { pwd_max_age = get_time_t_max(); diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 2eb09d176d..64f988f1f7 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -1024,7 +1024,7 @@ static bool check_passwd_history(struct samu *sampass, const char *plaintext) int i; uint32 pwHisLen, curr_pwHisLen; - pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHisLen); + pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHisLen); if (pwHisLen == 0) { return False; } @@ -1107,7 +1107,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw * denies machines to change the password. * * Should we deny also SRVTRUST and/or DOMSTRUST ? .SSS. */ if (pdb_get_acct_ctrl(hnd) & ACB_WSTRUST) { - if (pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, &refuse) && refuse) { + if (pdb_get_account_policy(PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, &refuse) && refuse) { DEBUG(1, ("Machine %s cannot change password now, " "denied by Refuse Machine Password Change policy\n", username)); @@ -1130,7 +1130,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw return NT_STATUS_ACCOUNT_RESTRICTION; } - if (pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) { + if (pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) { DEBUG(1, ("user %s cannot change password - password too short\n", username)); DEBUGADD(1, (" account policy min password len = %d\n", min_len)); diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c index ab7edde85d..950177c3ca 100644 --- a/source3/torture/pdbtest.c +++ b/source3/torture/pdbtest.c @@ -288,7 +288,7 @@ int main(int argc, char **argv) pdb_set_homedir(out, "\\\\torture\\home", PDB_SET); pdb_set_logon_script(out, "torture_script.cmd", PDB_SET); - pdb_get_account_policy(AP_PASSWORD_HISTORY, &history); + pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &history); if (history * PW_HISTORY_ENTRY_LEN < NT_HASH_LEN) { buf = (uint8 *)TALLOC(ctx, NT_HASH_LEN); } else { @@ -311,8 +311,8 @@ int main(int argc, char **argv) } pdb_set_pw_history(out, buf, history, PDB_SET); - pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire); - pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age); + pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire); + pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &min_age); pdb_set_pass_last_set_time(out, time(NULL), PDB_SET); if (expire == 0 || expire == (uint32)-1) { diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c index b18f0ff595..9a43c6d6a2 100644 --- a/source3/winbindd/winbindd_passdb.c +++ b/source3/winbindd/winbindd_passdb.c @@ -332,29 +332,29 @@ static NTSTATUS password_policy(struct winbindd_domain *domain, return NT_STATUS_NO_MEMORY; } - if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, + if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN, &account_policy_temp)) { return NT_STATUS_ACCESS_DENIED; } p->min_password_length = account_policy_temp; - if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, + if (!pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &account_policy_temp)) { return NT_STATUS_ACCESS_DENIED; } p->password_history_length = account_policy_temp; - if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + if (!pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS, &p->password_properties)) { return NT_STATUS_ACCESS_DENIED; } - if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) { + if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &account_policy_temp)) { return NT_STATUS_ACCESS_DENIED; } u_expire = account_policy_temp; - if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) { + if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &account_policy_temp)) { return NT_STATUS_ACCESS_DENIED; } u_min_age = account_policy_temp; -- cgit