diff to add password expiry for PDC

Simon simon at explodingsheep.org
Fri Jun 1 16:34:45 GMT 2001


Hi all,

Here's a couple of small diffs against todays (1st June) cvs
which adds password aging to the PDC.

It adds a new smb.conf parameter ( user password timeout )
which specifies the number of days after setting a password
that will exlapse before it expires. if this value is set
to 0, then it sets an expiry date of 2037.

Works for me, ymmv.

-- 
Warning!: The contents of this email are a memetic virus.
You have been infected and should seek medical attention.
-------------- next part --------------
*** chgpasswd.c	Fri May 25 10:32:38 2001
--- /home/simon/source/samba/source/smbd/chgpasswd.c	Fri Jun  1 16:40:14 2001
***************
*** 865,879 ****
--- 865,893 ----
  BOOL change_oem_password(SAM_ACCOUNT *hnd, char *new_passwd,
  			 BOOL override)
  {
  	int ret;
+ 	struct	timeval	ctime;
  	uchar new_nt_p16[16];
  	uchar new_p16[16];
  
  	nt_lm_owf_gen(new_passwd, new_nt_p16, new_p16);
  
  	pdb_set_lanman_passwd (hnd, new_p16);
  	pdb_set_nt_passwd     (hnd, new_nt_p16);
+ 
+ 	GetTimeOfDay( &ctime );
+ 	pdb_set_pass_last_set_time(hnd, (time_t)ctime.tv_sec );
+ 
+ 	// set password to expire either today + timeout period
+ 	// or 1st of march 2037 about tea time
+ 
+ 	if( lp_user_password_timeout() > 0 )
+ 		ctime.tv_sec += lp_user_password_timeout() * 60*60*24;
+ 	else
+ 		ctime.tv_sec = 2119478400;
+ 
+ 	pdb_set_pass_must_change_time( hnd, (time_t) ctime.tv_sec );
  
  	/* Now write it into the file. */
  	become_root();
  	ret = pdb_update_sam_account (hnd, override);
-------------- next part --------------
*** samba.head.current/source/param/loadparm.c	Fri Jun  1 11:37:06 2001
--- samba/source/param/loadparm.c	Fri Jun  1 16:40:55 2001
***************
*** 225,232 ****
--- 224,232 ----
  	int lm_interval;
  	int client_code_page;
  	int announce_as;	/* This is initialised in init_globals */
  	int machine_password_timeout;
+ 	int user_password_timeout;
  	int change_notify_timeout;
  	int stat_cache_size;
  	int map_to_guest;
  	int min_passwd_length;
***************
*** 906,913 ****
--- 907,915 ----
  	{"groupname map", P_STRING, P_GLOBAL, &Globals.szGroupnameMap, NULL, NULL, 0},
  #endif /* USING_GROUPNAME_MAP */
  	
  	{"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0},
+ 	{"user password timeout", P_INTEGER, P_GLOBAL, &Globals.user_password_timeout, NULL, NULL, 0},
  
  	{"Logon Options", P_SEP, P_SEPARATOR},
  	
  	{"add user script", P_STRING, P_GLOBAL, &Globals.szAddUserScript, NULL, NULL, 0},
***************
*** 1274,1281 ****
--- 1276,1284 ----
  	Globals.max_ttl = 60 * 60 * 24 * 3;	/* 3 days default. */
  	Globals.max_wins_ttl = 60 * 60 * 24 * 6;	/* 6 days default. */
  	Globals.min_wins_ttl = 60 * 60 * 6;	/* 6 hours default. */
  	Globals.machine_password_timeout = 60 * 60 * 24 * 7;	/* 7 days default. */
+ 	Globals.user_password_timeout = 30; /* 30 days for user passwords */
  	Globals.change_notify_timeout = 60;	/* 1 minute default. */
  	Globals.ReadSize = 16 * 1024;
  	Globals.lm_announce = 2;	/* = Auto: send only if LM clients found */
  	Globals.lm_interval = 60;
***************
*** 1600,1607 ****
--- 1603,1611 ----
  static FN_GLOBAL_INTEGER(lp_announce_as, &Globals.announce_as)
  FN_GLOBAL_INTEGER(lp_lm_announce, &Globals.lm_announce)
  FN_GLOBAL_INTEGER(lp_lm_interval, &Globals.lm_interval)
  FN_GLOBAL_INTEGER(lp_machine_password_timeout, &Globals.machine_password_timeout)
+ FN_GLOBAL_INTEGER(lp_user_password_timeout, &Globals.user_password_timeout)
  FN_GLOBAL_INTEGER(lp_change_notify_timeout, &Globals.change_notify_timeout)
  FN_GLOBAL_INTEGER(lp_stat_cache_size, &Globals.stat_cache_size)
  FN_GLOBAL_INTEGER(lp_map_to_guest, &Globals.map_to_guest)
  FN_GLOBAL_INTEGER(lp_min_passwd_length, &Globals.min_passwd_length)
***************
*** 3276,3285 ****


More information about the samba-technical mailing list