The branch, master has been updated
via 9f15ef11bdf75dbc1a1af3c2bc35b1d653216f62 (commit)
from 39fa9468c6b8099429b971d75c0647033b60901c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9f15ef11bdf75dbc1a1af3c2bc35b1d653216f62
Author: Günther Deschner <g...@samba.org>
Date: Mon Jul 13 23:53:49 2009 +0200
s3-account_policy: add pdb_policy_type enum.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/include/passdb.h | 22 ++++++-
source3/include/proto.h | 22 +++---
source3/include/smb.h | 14 ----
source3/lib/account_pol.c | 88 ++++++++++++------------
source3/libnet/libnet_samsync_passdb.c | 23 ++++---
source3/passdb/passdb.c | 16 ++--
source3/passdb/pdb_ads.c | 10 ++-
source3/passdb/pdb_get_set.c | 6 +-
source3/passdb/pdb_interface.c | 16 ++--
source3/passdb/pdb_ldap.c | 40 ++++++-----
source3/registry/reg_backend_netlogon_params.c | 2 +-
source3/rpc_server/srv_samr_nt.c | 62 ++++++++--------
source3/rpc_server/srv_samr_util.c | 2 +-
source3/smbd/chgpasswd.c | 6 +-
source3/torture/pdbtest.c | 6 +-
source3/winbindd/winbindd_passdb.c | 10 ++--
16 files changed, 179 insertions(+), 166 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 4e53311..2b4f9c2 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -205,6 +205,22 @@ struct pdb_domain_info {
struct GUID guid;
};
+/*
+ * Types of account policy.
+ */
+enum pdb_policy_type {
+ PDB_POLICY_MIN_PASSWORD_LEN = 1,
+ PDB_POLICY_PASSWORD_HISTORY = 2,
+ PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS = 3,
+ PDB_POLICY_MAX_PASSWORD_AGE = 4,
+ PDB_POLICY_MIN_PASSWORD_AGE = 5,
+ PDB_POLICY_LOCK_ACCOUNT_DURATION = 6,
+ PDB_POLICY_RESET_COUNT_TIME = 7,
+ PDB_POLICY_BAD_ATTEMPT_LOCKOUT = 8,
+ PDB_POLICY_TIME_TO_LOGOUT = 9,
+ PDB_POLICY_REFUSE_MACHINE_PW_CHANGE = 10
+};
+
#define PDB_CAP_STORE_RIDS 0x0001
#define PDB_CAP_ADS 0x0002
@@ -351,10 +367,12 @@ struct pdb_methods
enum lsa_SidType *attrs);
NTSTATUS (*get_account_policy)(struct pdb_methods *methods,
- int policy_index, uint32 *value);
+ enum pdb_policy_type type,
+ uint32_t *value);
NTSTATUS (*set_account_policy)(struct pdb_methods *methods,
- int policy_index, uint32 value);
+ enum pdb_policy_type type,
+ uint32_t value);
NTSTATUS (*get_seq_num)(struct pdb_methods *methods, time_t *seq_num);
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 7b3eaa0..0dd1e98 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -290,16 +290,16 @@ bool check_access(int sock, const char **allow_list,
const char **deny_list);
/* The following definitions come from lib/account_pol.c */
void account_policy_names_list(const char ***names, int *num_names);
-const char *decode_account_policy_name(int field);
-const char *get_account_policy_attr(int field);
-const char *account_policy_get_desc(int field);
-int account_policy_name_to_fieldnum(const char *name);
-bool account_policy_get_default(int account_policy, uint32 *val);
+const char *decode_account_policy_name(enum pdb_policy_type type);
+const char *get_account_policy_attr(enum pdb_policy_type type);
+const char *account_policy_get_desc(enum pdb_policy_type type);
+enum pdb_policy_type account_policy_name_to_typenum(const char *name);
+bool account_policy_get_default(enum pdb_policy_type type, uint32_t *val);
bool init_account_policy(void);
-bool account_policy_get(int field, uint32 *value);
-bool account_policy_set(int field, uint32 value);
-bool cache_account_policy_set(int field, uint32 value);
-bool cache_account_policy_get(int field, uint32 *value);
+bool account_policy_get(enum pdb_policy_type type, uint32_t *value);
+bool account_policy_set(enum pdb_policy_type type, uint32_t value);
+bool cache_account_policy_set(enum pdb_policy_type type, uint32_t value);
+bool cache_account_policy_get(enum pdb_policy_type type, uint32_t *value);
struct db_context *get_account_pol_db( void );
/* The following definitions come from lib/adt_tree.c */
@@ -4595,8 +4595,8 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
const char **names,
uint32 *rids,
enum lsa_SidType *attrs);
-bool pdb_get_account_policy(int policy_index, uint32 *value);
-bool pdb_set_account_policy(int policy_index, uint32 value);
+bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value);
+bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value);
bool pdb_get_seq_num(time_t *seq_num);
bool pdb_uid_to_rid(uid_t uid, uint32 *rid);
bool pdb_uid_to_sid(uid_t uid, DOM_SID *sid);
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 9afeb67..2e9cf1b 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -834,20 +834,6 @@ struct pipe_open_rec {
#define MAX_PW_HISTORY_LEN 24
/*
- * Flags for account policy.
- */
-#define AP_MIN_PASSWORD_LEN 1
-#define AP_PASSWORD_HISTORY 2
-#define AP_USER_MUST_LOGON_TO_CHG_PASS 3
-#define AP_MAX_PASSWORD_AGE 4
-#define AP_MIN_PASSWORD_AGE 5
-#define AP_LOCK_ACCOUNT_DURATION 6
-#define AP_RESET_COUNT_TIME 7
-#define AP_BAD_ATTEMPT_LOCKOUT 8
-#define AP_TIME_TO_LOGOUT 9
-#define AP_REFUSE_MACHINE_PW_CHANGE 10
-
-/*
* Flags for local user manipulation.
*/
diff --git a/source3/lib/account_pol.c b/source3/lib/account_pol.c
index 4b63375..f4101e9 100644
--- a/source3/lib/account_pol.c
+++ b/source3/lib/account_pol.c
@@ -31,7 +31,7 @@ static struct db_context *db;
struct ap_table {
- int field;
+ enum pdb_policy_type type;
const char *string;
uint32 default_val;
const char *description;
@@ -39,43 +39,43 @@ struct ap_table {
};
static const struct ap_table account_policy_names[] = {
- {AP_MIN_PASSWORD_LEN, "min password length", MINPASSWDLENGTH,
+ {PDB_POLICY_MIN_PASSWORD_LEN, "min password length", MINPASSWDLENGTH,
"Minimal password length (default: 5)",
"sambaMinPwdLength" },
- {AP_PASSWORD_HISTORY, "password history", 0,
+ {PDB_POLICY_PASSWORD_HISTORY, "password history", 0,
"Length of Password History Entries (default: 0 => off)",
"sambaPwdHistoryLength" },
- {AP_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change password",
0,
+ {PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS, "user must logon to change
password", 0,
"Force Users to logon for password change (default: 0 => off, 2
=> on)",
"sambaLogonToChgPwd" },
- {AP_MAX_PASSWORD_AGE, "maximum password age", (uint32) -1,
+ {PDB_POLICY_MAX_PASSWORD_AGE, "maximum password age", (uint32) -1,
"Maximum password age, in seconds (default: -1 => never expire
passwords)",
"sambaMaxPwdAge" },
- {AP_MIN_PASSWORD_AGE,"minimum password age", 0,
+ {PDB_POLICY_MIN_PASSWORD_AGE,"minimum password age", 0,
"Minimal password age, in seconds (default: 0 => allow
immediate password change)",
"sambaMinPwdAge" },
- {AP_LOCK_ACCOUNT_DURATION, "lockout duration", 30,
+ {PDB_POLICY_LOCK_ACCOUNT_DURATION, "lockout duration", 30,
"Lockout duration in minutes (default: 30, -1 => forever)",
"sambaLockoutDuration" },
- {AP_RESET_COUNT_TIME, "reset count minutes", 30,
+ {PDB_POLICY_RESET_COUNT_TIME, "reset count minutes", 30,
"Reset time after lockout in minutes (default: 30)",
"sambaLockoutObservationWindow" },
- {AP_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt", 0,
+ {PDB_POLICY_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt", 0,
"Lockout users after bad logon attempts (default: 0 => off)",
"sambaLockoutThreshold" },
- {AP_TIME_TO_LOGOUT, "disconnect time", (uint32) -1,
+ {PDB_POLICY_TIME_TO_LOGOUT, "disconnect time", (uint32) -1,
"Disconnect Users outside logon hours (default: -1 => off, 0 =>
on)",
"sambaForceLogoff" },
- {AP_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change", 0,
+ {PDB_POLICY_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change",
0,
"Allow Machine Password changes (default: 0 => off)",
"sambaRefuseMachinePwdChange" },
@@ -106,11 +106,11 @@ void account_policy_names_list(const char ***names, int
*num_names)
Get the account policy name as a string from its #define'ed number
****************************************************************************/
-const char *decode_account_policy_name(int field)
+const char *decode_account_policy_name(enum pdb_policy_type type)
{
int i;
for (i=0; account_policy_names[i].string; i++) {
- if (field == account_policy_names[i].field) {
+ if (type == account_policy_names[i].type) {
return account_policy_names[i].string;
}
}
@@ -121,11 +121,11 @@ const char *decode_account_policy_name(int field)
Get the account policy LDAP attribute as a string from its #define'ed number
****************************************************************************/
-const char *get_account_policy_attr(int field)
+const char *get_account_policy_attr(enum pdb_policy_type type)
{
int i;
- for (i=0; account_policy_names[i].field; i++) {
- if (field == account_policy_names[i].field) {
+ for (i=0; account_policy_names[i].type; i++) {
+ if (type == account_policy_names[i].type) {
return account_policy_names[i].ldap_attr;
}
}
@@ -136,11 +136,11 @@ const char *get_account_policy_attr(int field)
Get the account policy description as a string from its #define'ed number
****************************************************************************/
-const char *account_policy_get_desc(int field)
+const char *account_policy_get_desc(enum pdb_policy_type type)
{
int i;
for (i=0; account_policy_names[i].string; i++) {
- if (field == account_policy_names[i].field) {
+ if (type == account_policy_names[i].type) {
return account_policy_names[i].description;
}
}
@@ -151,12 +151,12 @@ const char *account_policy_get_desc(int field)
Get the account policy name as a string from its #define'ed number
****************************************************************************/
-int account_policy_name_to_fieldnum(const char *name)
+enum pdb_policy_type account_policy_name_to_typenum(const char *name)
{
int i;
for (i=0; account_policy_names[i].string; i++) {
if (strcmp(name, account_policy_names[i].string) == 0) {
- return account_policy_names[i].field;
+ return account_policy_names[i].type;
}
}
return 0;
@@ -166,35 +166,35 @@ int account_policy_name_to_fieldnum(const char *name)
Get default value for account policy
*****************************************************************************/
-bool account_policy_get_default(int account_policy, uint32 *val)
+bool account_policy_get_default(enum pdb_policy_type type, uint32_t *val)
{
int i;
- for (i=0; account_policy_names[i].field; i++) {
- if (account_policy_names[i].field == account_policy) {
+ for (i=0; account_policy_names[i].type; i++) {
+ if (account_policy_names[i].type == type) {
*val = account_policy_names[i].default_val;
return True;
}
}
DEBUG(0,("no default for account_policy index %d found. This should
never happen\n",
- account_policy));
+ type));
return False;
}
/*****************************************************************************
- Set default for a field if it is empty
+ Set default for a type if it is empty
*****************************************************************************/
-static bool account_policy_set_default_on_empty(int account_policy)
+static bool account_policy_set_default_on_empty(enum pdb_policy_type type)
{
uint32 value;
- if (!account_policy_get(account_policy, &value) &&
- !account_policy_get_default(account_policy, &value)) {
+ if (!account_policy_get(type, &value) &&
+ !account_policy_get_default(type, &value)) {
return False;
}
- return account_policy_set(account_policy, value);
+ return account_policy_set(type, value);
}
/*****************************************************************************
@@ -255,9 +255,9 @@ bool init_account_policy(void)
goto cancel;
}
- for (i=0; account_policy_names[i].field; i++) {
+ for (i=0; account_policy_names[i].type; i++) {
- if
(!account_policy_set_default_on_empty(account_policy_names[i].field)) {
+ if
(!account_policy_set_default_on_empty(account_policy_names[i].type)) {
DEBUG(0,("failed to set default value in
account policy tdb\n"));
goto cancel;
}
@@ -302,7 +302,7 @@ bool init_account_policy(void)
Get an account policy (from tdb)
*****************************************************************************/
-bool account_policy_get(int field, uint32 *value)
+bool account_policy_get(enum pdb_policy_type type, uint32_t *value)
{
const char *name;
uint32 regval;
@@ -315,14 +315,14 @@ bool account_policy_get(int field, uint32 *value)
*value = 0;
}
- name = decode_account_policy_name(field);
+ name = decode_account_policy_name(type);
if (name == NULL) {
- DEBUG(1, ("account_policy_get: Field %d is not a valid account
policy type! Cannot get, returning 0.\n", field));
+ DEBUG(1, ("account_policy_get: Field %d is not a valid account
policy type! Cannot get, returning 0.\n", type));
return False;
}
if (!dbwrap_fetch_uint32(db, name, ®val)) {
- DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for
field %d (%s), returning 0\n", field, name));
+ DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for type
%d (%s), returning 0\n", type, name));
return False;
}
@@ -339,7 +339,7 @@ bool account_policy_get(int field, uint32 *value)
Set an account policy (in tdb)
****************************************************************************/
-bool account_policy_set(int field, uint32 value)
+bool account_policy_set(enum pdb_policy_type type, uint32_t value)
{
const char *name;
NTSTATUS status;
@@ -348,16 +348,16 @@ bool account_policy_set(int field, uint32 value)
return False;
}
- name = decode_account_policy_name(field);
+ name = decode_account_policy_name(type);
if (name == NULL) {
- DEBUG(1, ("Field %d is not a valid account policy type! Cannot
set.\n", field));
+ DEBUG(1, ("Field %d is not a valid account policy type! Cannot
set.\n", type));
return False;
}
status = dbwrap_trans_store_uint32(db, name, value);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("store_uint32 failed for field %d (%s) on value "
- "%u: %s\n", field, name, value, nt_errstr(status)));
+ DEBUG(1, ("store_uint32 failed for type %d (%s) on value "
+ "%u: %s\n", type, name, value, nt_errstr(status)));
return False;
}
@@ -370,14 +370,14 @@ bool account_policy_set(int field, uint32 value)
Set an account policy in the cache
****************************************************************************/
-bool cache_account_policy_set(int field, uint32 value)
+bool cache_account_policy_set(enum pdb_policy_type type, uint32_t value)
{
const char *policy_name = NULL;
char *cache_key = NULL;
char *cache_value = NULL;
bool ret = False;
- policy_name = decode_account_policy_name(field);
+ policy_name = decode_account_policy_name(type);
if (policy_name == NULL) {
DEBUG(0,("cache_account_policy_set: no policy found\n"));
return False;
@@ -407,14 +407,14 @@ bool cache_account_policy_set(int field, uint32 value)
Get an account policy from the cache
*****************************************************************************/
-bool cache_account_policy_get(int field, uint32 *value)
+bool cache_account_policy_get(enum pdb_policy_type type, uint32_t *value)
{
const char *policy_name = NULL;
char *cache_key = NULL;
char *cache_value = NULL;
bool ret = False;
- policy_name = decode_account_policy_name(field);
+ policy_name = decode_account_policy_name(type);
if (policy_name == NULL) {
DEBUG(0,("cache_account_policy_set: no policy found\n"));
return False;
diff --git a/source3/libnet/libnet_samsync_passdb.c
b/source3/libnet/libnet_samsync_passdb.c
index 27c7aac..41a9b3d 100644
--- a/source3/libnet/libnet_samsync_passdb.c
+++ b/source3/libnet/libnet_samsync_passdb.c
@@ -676,21 +676,24 @@ static NTSTATUS fetch_domain_info(TALLOC_CTX *mem_ctx,
}
- if (!pdb_set_account_policy(AP_PASSWORD_HISTORY,
+ if (!pdb_set_account_policy(PDB_POLICY_PASSWORD_HISTORY,
r->password_history_length))
return nt_status;
- if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN,
+ if (!pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
r->min_password_length))
return nt_status;
- if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age))
+ if (!pdb_set_account_policy(PDB_POLICY_MAX_PASSWORD_AGE,
+ (uint32)u_max_age))
return nt_status;
- if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age))
+ if (!pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_AGE,
+ (uint32)u_min_age))
return nt_status;
- if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout))
+ if (!pdb_set_account_policy(PDB_POLICY_TIME_TO_LOGOUT,
+ (uint32)u_logout))
return nt_status;
if (lockstr) {
@@ -699,21 +702,23 @@ static NTSTATUS fetch_domain_info(TALLOC_CTX *mem_ctx,
u_lockoutreset =
uint64s_nt_time_to_unix_abs(&lockstr->reset_count);
u_lockouttime = uint64s_nt_time_to_unix_abs((uint64_t
*)&lockstr->lockout_duration);
- if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT,
+ if (!pdb_set_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT,
lockstr->bad_attempt_lockout))
return nt_status;
- if (!pdb_set_account_policy(AP_RESET_COUNT_TIME,
(uint32_t)u_lockoutreset/60))
+ if (!pdb_set_account_policy(PDB_POLICY_RESET_COUNT_TIME,
+ (uint32_t)u_lockoutreset/60))
return nt_status;
if (u_lockouttime != -1)
u_lockouttime /= 60;
- if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION,
(uint32_t)u_lockouttime))
+ if (!pdb_set_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION,
+ (uint32_t)u_lockouttime))
return nt_status;
}
- if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+ if (!pdb_set_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
r->logon_to_chgpass))
return nt_status;
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 4ed04e4..0678181 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1439,7 +1439,7 @@ static bool init_samu_from_buffer_v2(struct samu
*sampass, uint8 *buf, uint32 bu
}
/* Change from V1 is addition of password history field. */
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen) {
uint8 *pw_hist = SMB_MALLOC_ARRAY(uint8, pwHistLen *
PW_HISTORY_ENTRY_LEN);
if (!pw_hist) {
@@ -1674,7 +1674,7 @@ static bool init_samu_from_buffer_v3(struct samu
*sampass, uint8 *buf, uint32 bu
}
}
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen) {
uint8 *pw_hist = (uint8 *)SMB_MALLOC(pwHistLen *
PW_HISTORY_ENTRY_LEN);
if (!pw_hist) {
@@ -1879,7 +1879,7 @@ static uint32 init_buffer_from_samu_v3 (uint8 **buf,
struct samu *sampass, bool
nt_pw_len = 0;
}
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
nt_pw_hist = pdb_get_pw_history(sampass, &nt_pw_hist_len);
if (pwHistLen && nt_pw_hist && nt_pw_hist_len) {
nt_pw_hist_len *= PW_HISTORY_ENTRY_LEN;
@@ -2085,7 +2085,7 @@ bool pdb_copy_sam_account(struct samu *dst, struct samu
*src )
}
/*********************************************************************
- Update the bad password count checking the AP_RESET_COUNT_TIME
+ Update the bad password count checking the PDB_POLICY_RESET_COUNT_TIME
*********************************************************************/
bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
@@ -2102,7 +2102,7 @@ bool pdb_update_bad_password_count(struct samu *sampass,
bool *updated)
}
become_root();
- res = pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime);
+ res = pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &resettime);
unbecome_root();
if (!res) {
@@ -2131,7 +2131,7 @@ bool pdb_update_bad_password_count(struct samu *sampass,
bool *updated)
}
/*********************************************************************
- Update the ACB_AUTOLOCK flag checking the AP_LOCK_ACCOUNT_DURATION
+ Update the ACB_AUTOLOCK flag checking the PDB_POLICY_LOCK_ACCOUNT_DURATION
*********************************************************************/
--
Samba Shared Repository
