patch for account policy, min password age, on samba30a22

Thu, 20 Mar 2003 04:03:59 -0800 

Hi,
I'm working to complete the account policy that today worked only for min 
password len. The first patch is for tne min passwod age, than others...
Now pdbedit is also patched to set/display the min/max password in number of 
days, not seconds.
in attach is the patch.

Jianliang Lu
TieSse s.p.a.
[EMAIL PROTECTED]
[EMAIL PROTECTED]

--- samba-3.0alpha22/source/smbd/chgpasswd.c    Thu Mar 20 12:29:04 2003
+++ samba-3.0alpha22/source/smbd/chgpasswd.c.fix        Thu Mar 20 12:34:42 2003
@@ -944,6 +944,8 @@
 {
        BOOL ret;
        uint32 min_len;
+       uint32 min_age;
+       time_t pwdLastSet;
 
        if (time(NULL) < pdb_get_pass_can_change_time(hnd)) {
                DEBUG(1, ("user %s cannot change password now, must wait until %s\n", 
@@ -969,6 +971,15 @@
 /*             return NT_STATUS_PWD_TOO_SHORT; */
        }
 
+       pwdLastSet =  pdb_get_pass_last_set_time (hnd);
+       if (account_policy_get(AP_MIN_PASSWORD_AGE, &min_age) && ((time(NULL) - 
pwdLastSet) < min_age)) {
+               DEBUG(1, ("user %s cannot change password - password min age 
restriction \n", 
+                         pdb_get_username(hnd)));
+               DEBUGADD(1, (" account policy min password age = %d\n", min_age));
+               return NT_STATUS_PASSWORD_RESTRICTION;
+       }
+
+
        /* TODO:  Add cracklib support here */
 
        /*

--- samba-3.0alpha22/source/utils/pdbedit.c     Thu Mar 20 12:28:13 2003
+++ samba-3.0alpha22/source/utils/pdbedit.c.fix Thu Mar 20 12:42:50 2003
@@ -586,13 +586,21 @@
                        fprintf(stderr, "valid account policy, but unable to fetch 
value!\n");
                        exit(1);
                }
+
+               if ((field == AP_MIN_PASSWORD_AGE) || (field == AP_MAX_PASSWORD_AGE)) {
+                       value = (value) / 86400;
+               }
+
                if (account_policy_value_set) {
+                       if ((field == AP_MIN_PASSWORD_AGE)  || (field == 
AP_MAX_PASSWORD_AGE)) {
+                               account_policy_value = (account_policy_value) * 86400;
+                       }
                        printf("account policy value for %s was %u\n", account_policy, 
value);
                        if (!account_policy_set(field, account_policy_value)) {
                                fprintf(stderr, "valid account policy, but unable to 
set value!\n");
                                exit(1);
                        }
-                       printf("account policy value for %s is now %lu\n", 
account_policy, account_policy_value);
+                       printf("account policy value for %s is now %lu\n", 
account_policy, ((field == AP_MIN_PASSWORD_AGE)  || (field == AP_MAX_PASSWORD_AGE)) ? 
account_policy_value/86400:account_policy_value);
                        exit(0);
                } else {
                        printf("account policy value for %s is %u\n", account_policy, 
value);

Reply via email to