svn commit: samba r4651 - in branches/SAMBA_3_0/source: include lib
rpc_server
jmcd at samba.org
jmcd at samba.org
Mon Jan 10 18:29:53 GMT 2005
Author: jmcd
Date: 2005-01-10 18:29:52 +0000 (Mon, 10 Jan 2005)
New Revision: 4651
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4651
Log:
Add "refuse machine password change" policy field. This update will just
return the appropriate reg value. Enforcement to be added soon.
Also, fix account policy tdb upgrade so it doesn't just wipe out everything
that was in there from a a previous version.
Modified:
branches/SAMBA_3_0/source/include/smb.h
branches/SAMBA_3_0/source/lib/account_pol.c
branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/include/smb.h
===================================================================
--- branches/SAMBA_3_0/source/include/smb.h 2005-01-10 17:28:36 UTC (rev 4650)
+++ branches/SAMBA_3_0/source/include/smb.h 2005-01-10 18:29:52 UTC (rev 4651)
@@ -638,8 +638,8 @@
#define AP_RESET_COUNT_TIME 7
#define AP_BAD_ATTEMPT_LOCKOUT 8
#define AP_TIME_TO_LOGOUT 9
+#define AP_REFUSE_MACHINE_PW_CHANGE 10
-
/*
* Flags for local user manipulation.
*/
Modified: branches/SAMBA_3_0/source/lib/account_pol.c
===================================================================
--- branches/SAMBA_3_0/source/lib/account_pol.c 2005-01-10 17:28:36 UTC (rev 4650)
+++ branches/SAMBA_3_0/source/lib/account_pol.c 2005-01-10 18:29:52 UTC (rev 4651)
@@ -22,9 +22,21 @@
#include "includes.h"
static TDB_CONTEXT *tdb; /* used for driver files */
-#define DATABASE_VERSION 1
+#define DATABASE_VERSION 2
/****************************************************************************
+ Set default for a field if it is empty
+****************************************************************************/
+
+static void set_default_on_empty(int field, uint32 value)
+{
+ if (account_policy_get(field, NULL))
+ return;
+ account_policy_set(field, value);
+ return;
+}
+
+/****************************************************************************
Open the account policy tdb.
****************************************************************************/
@@ -44,18 +56,38 @@
/* handle a Samba upgrade */
tdb_lock_bystring(tdb, vstring,0);
if (!tdb_fetch_uint32(tdb, vstring, &version) || version != DATABASE_VERSION) {
- tdb_traverse(tdb, tdb_traverse_delete_fn, NULL);
tdb_store_uint32(tdb, vstring, DATABASE_VERSION);
- account_policy_set(AP_MIN_PASSWORD_LEN, MINPASSWDLENGTH); /* 5 chars minimum */
- account_policy_set(AP_PASSWORD_HISTORY, 0); /* don't keep any old password */
- account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, 0); /* don't force user to logon */
- account_policy_set(AP_MAX_PASSWORD_AGE, (uint32)-1); /* don't expire */
- account_policy_set(AP_MIN_PASSWORD_AGE, 0); /* 0 days */
- account_policy_set(AP_LOCK_ACCOUNT_DURATION, 30); /* lockout for 30 minutes */
- account_policy_set(AP_RESET_COUNT_TIME, 30); /* reset after 30 minutes */
- account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, 0); /* don't lockout */
- account_policy_set(AP_TIME_TO_LOGOUT, -1); /* don't force logout */
+ set_default_on_empty(
+ AP_MIN_PASSWORD_LEN,
+ MINPASSWDLENGTH);/* 5 chars minimum */
+ set_default_on_empty(
+ AP_PASSWORD_HISTORY,
+ 0); /* don't keep any old password */
+ set_default_on_empty(
+ AP_USER_MUST_LOGON_TO_CHG_PASS,
+ 0); /* don't force user to logon */
+ set_default_on_empty(
+ AP_MAX_PASSWORD_AGE,
+ (uint32)-1); /* don't expire */
+ set_default_on_empty(
+ AP_MIN_PASSWORD_AGE,
+ 0); /* 0 days */
+ set_default_on_empty(
+ AP_LOCK_ACCOUNT_DURATION,
+ 30); /* lockout for 30 minutes */
+ set_default_on_empty(
+ AP_RESET_COUNT_TIME,
+ 30); /* reset after 30 minutes */
+ set_default_on_empty(
+ AP_BAD_ATTEMPT_LOCKOUT,
+ 0); /* don't lockout */
+ set_default_on_empty(
+ AP_TIME_TO_LOGOUT,
+ -1); /* don't force logout */
+ set_default_on_empty(
+ AP_REFUSE_MACHINE_PW_CHANGE,
+ 0); /* allow machine pw changes */
}
tdb_unlock_bystring(tdb, vstring);
@@ -75,6 +107,7 @@
{AP_RESET_COUNT_TIME, "reset count minutes"},
{AP_BAD_ATTEMPT_LOCKOUT, "bad lockout attempt"},
{AP_TIME_TO_LOGOUT, "disconnect time"},
+ {AP_REFUSE_MACHINE_PW_CHANGE, "refuse machine password change"},
{0, NULL}
};
@@ -138,21 +171,26 @@
BOOL account_policy_get(int field, uint32 *value)
{
fstring name;
+ uint32 regval;
if(!init_account_policy())return False;
- *value = 0;
+ if (value)
+ *value = 0;
fstrcpy(name, decode_account_policy_name(field));
if (!*name) {
DEBUG(1, ("account_policy_get: Field %d is not a valid account policy type! Cannot get, returning 0.\n", field));
return False;
}
- if (!tdb_fetch_uint32(tdb, name, value)) {
+ if (!tdb_fetch_uint32(tdb, name, ®val)) {
DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for field %d (%s), returning 0\n", field, name));
return False;
}
- DEBUG(10,("account_policy_get: %s:%d\n", name, *value));
+ if (value)
+ *value = regval;
+
+ DEBUG(10,("account_policy_get: %s:%d\n", name, regval));
return True;
}
Modified: branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c 2005-01-10 17:28:36 UTC (rev 4650)
+++ branches/SAMBA_3_0/source/rpc_server/srv_reg_nt.c 2005-01-10 18:29:52 UTC (rev 4651)
@@ -373,11 +373,22 @@
/* couple of hard coded registry values */
if ( strequal(name, "RefusePasswordChange") ) {
+ uint32 dwValue;
+
if ( (val = SMB_MALLOC_P(REGISTRY_VALUE)) == NULL ) {
DEBUG(0,("_reg_info: malloc() failed!\n"));
return NT_STATUS_NO_MEMORY;
}
- ZERO_STRUCTP( val );
+
+ if (!account_policy_get(AP_REFUSE_MACHINE_PW_CHANGE, &dwValue))
+ dwValue = 0;
+ regval_ctr_addvalue(®vals, "RefusePasswordChange",
+ REG_DWORD,
+ (const char*)&dwValue, sizeof(dwValue));
+ val = dup_registry_value(
+ regval_ctr_specific_value( ®vals, 0 ) );
+
+ status = NT_STATUS_OK;
goto out;
}
More information about the samba-cvs
mailing list