svn commit: samba r19057 - in branches/SAMBA_3_0_23/source: passdb
rpc_parse rpc_server utils
jmcd at samba.org
jmcd at samba.org
Tue Oct 3 16:48:02 GMT 2006
Author: jmcd
Date: 2006-10-03 16:48:02 +0000 (Tue, 03 Oct 2006)
New Revision: 19057
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19057
Log:
backout 18726, 18748, 18754, 18758 from 3.0.23 until further testing in
SAMBA_3_0. password times go back to previous functionality, for now.
Modified:
branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c
branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c
branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c
branches/SAMBA_3_0_23/source/utils/net_sam.c
branches/SAMBA_3_0_23/source/utils/pdbedit.c
Changeset:
Modified: branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c
===================================================================
--- branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c 2006-10-03 12:21:02 UTC (rev 19056)
+++ branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c 2006-10-03 16:48:02 UTC (rev 19057)
@@ -72,32 +72,12 @@
time_t pdb_get_pass_can_change_time(const struct samu *sampass)
{
- uint32 allow;
-
- if (sampass->pass_last_set_time == 0)
- return (time_t) 0;
-
- if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow))
- allow = 0;
-
- return sampass->pass_last_set_time + allow;
+ return sampass->pass_can_change_time;
}
time_t pdb_get_pass_must_change_time(const struct samu *sampass)
{
- uint32 expire;
-
- if (sampass->pass_last_set_time == 0)
- return (time_t) 0;
-
- if (sampass->acct_ctrl & ACB_PWNOEXP)
- return get_time_t_max();
-
- if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
- || expire == (uint32)-1 || expire == 0)
- return get_time_t_max();
-
- return sampass->pass_last_set_time + expire;
+ return sampass->pass_must_change_time;
}
uint16 pdb_get_logon_divs(const struct samu *sampass)
Modified: branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c
===================================================================
--- branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c 2006-10-03 12:21:02 UTC (rev 19056)
+++ branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c 2006-10-03 16:48:02 UTC (rev 19057)
@@ -6208,7 +6208,6 @@
pass_last_set_time, pass_can_change_time,
pass_must_change_time;
- time_t must_change_time;
const char* user_name = pdb_get_username(pw);
const char* full_name = pdb_get_fullname(pw);
const char* home_dir = pdb_get_homedir(pw);
@@ -6233,16 +6232,12 @@
}
/* Create NTTIME structs */
- unix_to_nt_time (&logon_time, pdb_get_logon_time(pw));
- unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw));
+ unix_to_nt_time (&logon_time, pdb_get_logon_time(pw));
+ unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw));
unix_to_nt_time (&kickoff_time, pdb_get_kickoff_time(pw));
- unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw));
- unix_to_nt_time (&pass_can_change_time,pdb_get_pass_can_change_time(pw));
- must_change_time = pdb_get_pass_must_change_time(pw);
- if (must_change_time == get_time_t_max())
- unix_to_nt_time_abs(&pass_must_change_time, must_change_time);
- else
- unix_to_nt_time(&pass_must_change_time, must_change_time);
+ unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw));
+ unix_to_nt_time (&pass_can_change_time, pdb_get_pass_can_change_time(pw));
+ unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(pw));
/* structure assignment */
usr->logon_time = logon_time;
Modified: branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c
===================================================================
--- branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c 2006-10-03 12:21:02 UTC (rev 19056)
+++ branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c 2006-10-03 16:48:02 UTC (rev 19057)
@@ -99,6 +99,14 @@
pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
}
+ if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) {
+ unix_time=nt_time_to_unix(&from->pass_can_change_time);
+ stored_time = pdb_get_pass_can_change_time(to);
+ DEBUG(10,("INFO_21 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
+ if (stored_time != unix_time)
+ pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED);
+ }
+
if (from->fields_present & ACCT_LAST_PWD_CHANGE) {
unix_time=nt_time_to_unix(&from->pass_last_set_time);
stored_time = pdb_get_pass_last_set_time(to);
@@ -107,6 +115,14 @@
pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
}
+ if (from->fields_present & ACCT_FORCE_PWD_CHANGE) {
+ unix_time=nt_time_to_unix(&from->pass_must_change_time);
+ stored_time=pdb_get_pass_must_change_time(to);
+ DEBUG(10,("INFO_21 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
+ if (stored_time != unix_time)
+ pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED);
+ }
+
if ((from->fields_present & ACCT_USERNAME) &&
(from->hdr_user_name.buffer)) {
old_string = pdb_get_username(to);
@@ -268,16 +284,26 @@
}
}
- /* If the must change flag is set, the last set time goes to zero.
- the must change and can change fields also do, but they are
- calculated from policy, not set from the wire */
-
- if (from->fields_present & ACCT_EXPIRED_FLAG) {
- DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
- if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
- pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
- } else {
- pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED);
+ DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
+ if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
+ pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
+ } else {
+ uint32 expire;
+ time_t new_time;
+ if (pdb_get_pass_must_change_time(to) == 0) {
+ if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
+ || expire == (uint32)-1) {
+ new_time = get_time_t_max();
+ } else {
+ time_t old_time = pdb_get_pass_last_set_time(to);
+ new_time = old_time + expire;
+ if ((new_time) < time(0)) {
+ new_time = time(0) + expire;
+ }
+ }
+ if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) {
+ DEBUG (0, ("pdb_set_pass_must_change_time failed!\n"));
+ }
}
}
@@ -322,6 +348,14 @@
pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
}
+ if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) {
+ unix_time=nt_time_to_unix(&from->pass_can_change_time);
+ stored_time = pdb_get_pass_can_change_time(to);
+ DEBUG(10,("INFO_23 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
+ if (stored_time != unix_time)
+ pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED);
+ }
+
if (from->fields_present & ACCT_LAST_PWD_CHANGE) {
unix_time=nt_time_to_unix(&from->pass_last_set_time);
stored_time = pdb_get_pass_last_set_time(to);
@@ -330,6 +364,14 @@
pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
}
+ if (from->fields_present & ACCT_FORCE_PWD_CHANGE) {
+ unix_time=nt_time_to_unix(&from->pass_must_change_time);
+ stored_time=pdb_get_pass_must_change_time(to);
+ DEBUG(10,("INFO_23 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
+ if (stored_time != unix_time)
+ pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED);
+ }
+
/* Backend should check this for sanity */
if ((from->fields_present & ACCT_USERNAME) &&
(from->hdr_user_name.buffer)) {
@@ -482,16 +524,26 @@
}
}
- /* If the must change flag is set, the last set time goes to zero.
- the must change and can change fields also do, but they are
- calculated from policy, not set from the wire */
-
- if (from->fields_present & ACCT_EXPIRED_FLAG) {
- DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
- if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
- pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
- } else {
- pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED);
+ DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
+ if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
+ pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
+ } else {
+ uint32 expire;
+ time_t new_time;
+ if (pdb_get_pass_must_change_time(to) == 0) {
+ if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
+ || expire == (uint32)-1) {
+ new_time = get_time_t_max();
+ } else {
+ time_t old_time = pdb_get_pass_last_set_time(to);
+ new_time = old_time + expire;
+ if ((new_time) < time(0)) {
+ new_time = time(0) + expire;
+ }
+ }
+ if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) {
+ DEBUG (0, ("pdb_set_pass_must_change_time failed!\n"));
+ }
}
}
@@ -535,6 +587,14 @@
pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
}
+ if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) {
+ unix_time=nt_time_to_unix(&from->pass_can_change_time);
+ stored_time = pdb_get_pass_can_change_time(to);
+ DEBUG(10,("INFO_25 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
+ if (stored_time != unix_time)
+ pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED);
+ }
+
if (from->fields_present & ACCT_LAST_PWD_CHANGE) {
unix_time=nt_time_to_unix(&from->pass_last_set_time);
stored_time = pdb_get_pass_last_set_time(to);
@@ -543,6 +603,14 @@
pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
}
+ if (from->fields_present & ACCT_FORCE_PWD_CHANGE) {
+ unix_time=nt_time_to_unix(&from->pass_must_change_time);
+ stored_time=pdb_get_pass_must_change_time(to);
+ DEBUG(10,("INFO_25 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
+ if (stored_time != unix_time)
+ pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED);
+ }
+
if ((from->fields_present & ACCT_USERNAME) &&
(from->hdr_user_name.buffer)) {
old_string = pdb_get_username(to);
Modified: branches/SAMBA_3_0_23/source/utils/net_sam.c
===================================================================
--- branches/SAMBA_3_0_23/source/utils/net_sam.c 2006-10-03 12:21:02 UTC (rev 19056)
+++ branches/SAMBA_3_0_23/source/utils/net_sam.c 2006-10-03 16:48:02 UTC (rev 19057)
@@ -206,20 +206,23 @@
}
/*
- * Set pass last change time, based on force pass change now
+ * Set a user's time field
*/
-static int net_sam_set_pwdmustchangenow(int argc, const char **argv)
+static int net_sam_set_time(int argc, const char **argv, const char *field,
+ BOOL (*fn)(struct samu *, time_t,
+ enum pdb_value_state))
{
struct samu *sam_acct = NULL;
DOM_SID sid;
enum SID_NAME_USE type;
const char *dom, *name;
NTSTATUS status;
+ time_t new_time;
- if ((argc != 2) || (!strequal(argv[1], "yes") &&
- !strequal(argv[1], "no"))) {
- d_fprintf(stderr, "usage: net sam set pwdmustchangenow <user> [yes|no]\n");
+ if (argc != 2) {
+ d_fprintf(stderr, "usage: net sam set %s <user> "
+ "[now|YYYY-MM-DD HH:MM]\n", field);
return -1;
}
@@ -235,6 +238,22 @@
return -1;
}
+ if (strequal(argv[1], "now")) {
+ new_time = time(NULL);
+ } else {
+ struct tm tm;
+ char *end;
+ ZERO_STRUCT(tm);
+ end = strptime(argv[1], "%Y-%m-%d %H:%M", &tm);
+ new_time = mktime(&tm);
+ if ((end == NULL) || (*end != '\0') || (new_time == -1)) {
+ d_fprintf(stderr, "Could not parse time string %s\n",
+ argv[1]);
+ return -1;
+ }
+ }
+
+
if ( !(sam_acct = samu_new( NULL )) ) {
d_fprintf(stderr, "Internal error\n");
return -1;
@@ -245,10 +264,9 @@
return -1;
}
- if (strequal(argv[1], "yes")) {
- pdb_set_pass_last_set_time(sam_acct, 0, PDB_CHANGED);
- } else {
- pdb_set_pass_last_set_time(sam_acct, time(NULL), PDB_CHANGED);
+ if (!fn(sam_acct, new_time, PDB_CHANGED)) {
+ d_fprintf(stderr, "Internal error\n");
+ return -1;
}
status = pdb_update_sam_account(sam_acct);
@@ -260,12 +278,22 @@
TALLOC_FREE(sam_acct);
- d_fprintf(stderr, "Updated 'user must change password at next logon' for %s\\%s to %s\n", dom,
- name, argv[1]);
+ d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]);
return 0;
}
+static int net_sam_set_pwdmustchange(int argc, const char **argv)
+{
+ return net_sam_set_time(argc, argv, "pwdmustchange",
+ pdb_set_pass_must_change_time);
+}
+static int net_sam_set_pwdcanchange(int argc, const char **argv)
+{
+ return net_sam_set_time(argc, argv, "pwdcanchange",
+ pdb_set_pass_can_change_time);
+}
+
/*
* Set a user's or a group's comment
*/
@@ -348,8 +376,10 @@
"Disable/Enable a user's lockout flag" },
{ "pwnoexp", net_sam_set_pwnoexp,
"Disable/Enable whether a user's pw does not expire" },
- { "pwdmustchangenow", net_sam_set_pwdmustchangenow,
- "Force users password must change at next logon" },
+ { "pwdmustchange", net_sam_set_pwdmustchange,
+ "Set a users password must change time" },
+ { "pwdcanchange", net_sam_set_pwdcanchange,
+ "Set a users password can change time" },
{NULL, NULL}
};
Modified: branches/SAMBA_3_0_23/source/utils/pdbedit.c
===================================================================
--- branches/SAMBA_3_0_23/source/utils/pdbedit.c 2006-10-03 12:21:02 UTC (rev 19056)
+++ branches/SAMBA_3_0_23/source/utils/pdbedit.c 2006-10-03 16:48:02 UTC (rev 19057)
@@ -419,7 +419,8 @@
const char *drive, const char *script,
const char *profile, const char *account_control,
const char *user_sid, const char *user_domain,
- const BOOL badpw, const BOOL hours)
+ const BOOL badpw, const BOOL hours,
+ time_t pwd_can_change, time_t pwd_must_change)
{
BOOL updated_autolock = False, updated_badpw = False;
struct samu *sam_pwent=NULL;
@@ -446,6 +447,14 @@
pdb_set_hours(sam_pwent, hours_array, PDB_CHANGED);
}
+ if (pwd_can_change != -1) {
+ pdb_set_pass_can_change_time(sam_pwent, pwd_can_change, PDB_CHANGED);
+ }
+
+ if (pwd_must_change != -1) {
+ pdb_set_pass_must_change_time(sam_pwent, pwd_must_change, PDB_CHANGED);
+ }
+
if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) {
DEBUG(2,("pdb_update_autolock_flag failed.\n"));
}
@@ -769,6 +778,8 @@
BOOL account_policy_value_set = False;
static BOOL badpw_reset = False;
static BOOL hours_reset = False;
+ static char *pwd_can_change_time = NULL;
+ static char *pwd_must_change_time = NULL;
static char *pwd_time_format = NULL;
static BOOL pw_from_stdin = False;
struct pdb_methods *bin, *bout, *bdef;
@@ -803,6 +814,8 @@
{"force-initialized-passwords", 0, POPT_ARG_NONE, &force_initialised_password, 0, "Force initialization of corrupt password strings in a passdb backend", NULL},
{"bad-password-count-reset", 'z', POPT_ARG_NONE, &badpw_reset, 0, "reset bad password count", NULL},
{"logon-hours-reset", 'Z', POPT_ARG_NONE, &hours_reset, 0, "reset logon hours", NULL},
+ {"pwd-can-change-time", 0, POPT_ARG_STRING, &pwd_can_change_time, 0, "Set password can change time (unix time in seconds since 1970 if time format not provided)", NULL },
+ {"pwd-must-change-time", 0, POPT_ARG_STRING, &pwd_must_change_time, 0, "Set password must change time (unix time in seconds since 1970 if time format not provided)", NULL },
{"time-format", 0, POPT_ARG_STRING, &pwd_time_format, 0, "The time format for time parameters", NULL },
{"password-from-stdin", 't', POPT_ARG_NONE, &pw_from_stdin, 0, "get password from standard in", NULL},
POPT_COMMON_SAMBA
@@ -865,7 +878,9 @@
(backend_in ? BIT_IMPORT : 0) +
(backend_out ? BIT_EXPORT : 0) +
(badpw_reset ? BIT_BADPWRESET : 0) +
- (hours_reset ? BIT_LOGONHOURS : 0);
+ (hours_reset ? BIT_LOGONHOURS : 0) +
+ (pwd_can_change_time ? BIT_CAN_CHANGE: 0) +
+ (pwd_must_change_time ? BIT_MUST_CHANGE: 0);
if (setparms & BIT_BACKEND) {
if (!NT_STATUS_IS_OK(make_pdb_method_name( &bdef, backend ))) {
@@ -1037,9 +1052,67 @@
/* account modification operations */
if (!(checkparms & ~(BIT_MODIFY + BIT_USER))) {
+ time_t pwd_can_change = -1;
+ time_t pwd_must_change = -1;
+ const char *errstr;
+
+ if (pwd_can_change_time) {
+ errstr = "can";
+ if (pwd_time_format) {
+ struct tm tm;
+ char *ret;
+
+ memset(&tm, 0, sizeof(struct tm));
+ ret = strptime(pwd_can_change_time, pwd_time_format, &tm);
+ if (ret == NULL || *ret != '\0') {
+ goto error;
+ }
+
+ pwd_can_change = mktime(&tm);
+
+ if (pwd_can_change == -1) {
+ goto error;
+ }
+ } else { /* assume it is unix time */
+ errno = 0;
+ pwd_can_change = strtol(pwd_can_change_time, NULL, 10);
+ if (errno) {
+ goto error;
+ }
+ }
+ }
+ if (pwd_must_change_time) {
+ errstr = "must";
+ if (pwd_time_format) {
+ struct tm tm;
+ char *ret;
+
+ memset(&tm, 0, sizeof(struct tm));
+ ret = strptime(pwd_must_change_time, pwd_time_format, &tm);
+ if (ret == NULL || *ret != '\0') {
+ goto error;
+ }
+
+ pwd_must_change = mktime(&tm);
+
+ if (pwd_must_change == -1) {
+ goto error;
+ }
+ } else { /* assume it is unix time */
+ errno = 0;
+ pwd_must_change = strtol(pwd_must_change_time, NULL, 10);
+ if (errno) {
+ goto error;
+ }
+ }
+ }
return set_user_info (bdef, user_name, full_name, home_dir,
acct_desc, home_drive, logon_script, profile_path, account_control,
- user_sid, user_domain, badpw_reset, hours_reset);
+ user_sid, user_domain, badpw_reset, hours_reset, pwd_can_change,
+ pwd_must_change);
+error:
+ fprintf (stderr, "Error parsing the time in pwd-%s-change-time!\n", errstr);
+ return -1;
}
}
More information about the samba-cvs
mailing list