svn commit: samba r15977 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch

Wed May 31 10:09:32 GMT 2006

Author: gd
Date: 2006-05-31 10:09:31 +0000 (Wed, 31 May 2006)
New Revision: 15977

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15977

Log:
Fillup the password_policy method in winbindd for winbindd_passdb. This
should make pam_winbind work again on a Samba PDC (and fix Bug #3800).

Guenther


Modified:
   branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c
   trunk/source/nsswitch/winbindd_passdb.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c
===================================================================

--- branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c	2006-05-31 09:25:44 UTC (rev 15976)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c	2006-05-31 10:09:31 UTC (rev 15977)
@@ -443,8 +443,47 @@
 				TALLOC_CTX *mem_ctx,
 				SAM_UNK_INFO_1 *policy)
 {
-	/* actually we have that */
-	return NT_STATUS_NOT_IMPLEMENTED;
+	uint32 min_pass_len,pass_hist,password_properties;
+	time_t u_expire, u_min_age;
+	NTTIME nt_expire, nt_min_age;
+	uint32 account_policy_temp;
+
+	if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	min_pass_len = account_policy_temp;
+
+	if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	pass_hist = account_policy_temp;
+
+	if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	password_properties = account_policy_temp;
+	
+	if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	u_expire = account_policy_temp;
+
+	if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	u_min_age = account_policy_temp;
+
+	unix_to_nt_time_abs(&nt_expire, u_expire);
+	unix_to_nt_time_abs(&nt_min_age, u_min_age);
+
+	init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist, 
+	               password_properties, nt_expire, nt_min_age);
+
+	return NT_STATUS_OK;
 }
 
 /* get a list of trusted domains */

Modified: trunk/source/nsswitch/winbindd_passdb.c
===================================================================
--- trunk/source/nsswitch/winbindd_passdb.c	2006-05-31 09:25:44 UTC (rev 15976)
+++ trunk/source/nsswitch/winbindd_passdb.c	2006-05-31 10:09:31 UTC (rev 15977)
@@ -455,8 +455,47 @@
 				TALLOC_CTX *mem_ctx,
 				SAM_UNK_INFO_1 *policy)
 {
-	/* actually we have that */
-	return NT_STATUS_NOT_IMPLEMENTED;
+	uint32 min_pass_len,pass_hist,password_properties;
+	time_t u_expire, u_min_age;
+	NTTIME nt_expire, nt_min_age;
+	uint32 account_policy_temp;
+
+	if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	min_pass_len = account_policy_temp;
+
+	if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	pass_hist = account_policy_temp;
+
+	if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	password_properties = account_policy_temp;
+	
+	if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	u_expire = account_policy_temp;
+
+	if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	u_min_age = account_policy_temp;
+
+	unix_to_nt_time_abs(&nt_expire, u_expire);
+	unix_to_nt_time_abs(&nt_min_age, u_min_age);
+
+	init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist, 
+	               password_properties, nt_expire, nt_min_age);
+
+	return NT_STATUS_OK;
 }
 
 /* get a list of trusted domains */

