diff to add password expiry for PDC
Simon
simon at explodingsheep.org
Fri Jun 1 16:34:45 GMT 2001
Hi all,
Here's a couple of small diffs against todays (1st June) cvs
which adds password aging to the PDC.
It adds a new smb.conf parameter ( user password timeout )
which specifies the number of days after setting a password
that will exlapse before it expires. if this value is set
to 0, then it sets an expiry date of 2037.
Works for me, ymmv.
--
Warning!: The contents of this email are a memetic virus.
You have been infected and should seek medical attention.
-------------- next part --------------
*** chgpasswd.c Fri May 25 10:32:38 2001
--- /home/simon/source/samba/source/smbd/chgpasswd.c Fri Jun 1 16:40:14 2001
***************
*** 865,879 ****
--- 865,893 ----
BOOL change_oem_password(SAM_ACCOUNT *hnd, char *new_passwd,
BOOL override)
{
int ret;
+ struct timeval ctime;
uchar new_nt_p16[16];
uchar new_p16[16];
nt_lm_owf_gen(new_passwd, new_nt_p16, new_p16);
pdb_set_lanman_passwd (hnd, new_p16);
pdb_set_nt_passwd (hnd, new_nt_p16);
+
+ GetTimeOfDay( &ctime );
+ pdb_set_pass_last_set_time(hnd, (time_t)ctime.tv_sec );
+
+ // set password to expire either today + timeout period
+ // or 1st of march 2037 about tea time
+
+ if( lp_user_password_timeout() > 0 )
+ ctime.tv_sec += lp_user_password_timeout() * 60*60*24;
+ else
+ ctime.tv_sec = 2119478400;
+
+ pdb_set_pass_must_change_time( hnd, (time_t) ctime.tv_sec );
/* Now write it into the file. */
become_root();
ret = pdb_update_sam_account (hnd, override);
-------------- next part --------------
*** samba.head.current/source/param/loadparm.c Fri Jun 1 11:37:06 2001
--- samba/source/param/loadparm.c Fri Jun 1 16:40:55 2001
***************
*** 225,232 ****
--- 224,232 ----
int lm_interval;
int client_code_page;
int announce_as; /* This is initialised in init_globals */
int machine_password_timeout;
+ int user_password_timeout;
int change_notify_timeout;
int stat_cache_size;
int map_to_guest;
int min_passwd_length;
***************
*** 906,913 ****
--- 907,915 ----
{"groupname map", P_STRING, P_GLOBAL, &Globals.szGroupnameMap, NULL, NULL, 0},
#endif /* USING_GROUPNAME_MAP */
{"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0},
+ {"user password timeout", P_INTEGER, P_GLOBAL, &Globals.user_password_timeout, NULL, NULL, 0},
{"Logon Options", P_SEP, P_SEPARATOR},
{"add user script", P_STRING, P_GLOBAL, &Globals.szAddUserScript, NULL, NULL, 0},
***************
*** 1274,1281 ****
--- 1276,1284 ----
Globals.max_ttl = 60 * 60 * 24 * 3; /* 3 days default. */
Globals.max_wins_ttl = 60 * 60 * 24 * 6; /* 6 days default. */
Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
Globals.machine_password_timeout = 60 * 60 * 24 * 7; /* 7 days default. */
+ Globals.user_password_timeout = 30; /* 30 days for user passwords */
Globals.change_notify_timeout = 60; /* 1 minute default. */
Globals.ReadSize = 16 * 1024;
Globals.lm_announce = 2; /* = Auto: send only if LM clients found */
Globals.lm_interval = 60;
***************
*** 1600,1607 ****
--- 1603,1611 ----
static FN_GLOBAL_INTEGER(lp_announce_as, &Globals.announce_as)
FN_GLOBAL_INTEGER(lp_lm_announce, &Globals.lm_announce)
FN_GLOBAL_INTEGER(lp_lm_interval, &Globals.lm_interval)
FN_GLOBAL_INTEGER(lp_machine_password_timeout, &Globals.machine_password_timeout)
+ FN_GLOBAL_INTEGER(lp_user_password_timeout, &Globals.user_password_timeout)
FN_GLOBAL_INTEGER(lp_change_notify_timeout, &Globals.change_notify_timeout)
FN_GLOBAL_INTEGER(lp_stat_cache_size, &Globals.stat_cache_size)
FN_GLOBAL_INTEGER(lp_map_to_guest, &Globals.map_to_guest)
FN_GLOBAL_INTEGER(lp_min_passwd_length, &Globals.min_passwd_length)
***************
*** 3276,3285 ****
More information about the samba-technical
mailing list