pdb_ldap kickoffTime default
Stefan (metze) Metzmacher
metze at metzemix.de
Mon Mar 25 22:42:03 GMT 2002
I think it workes nice yet
apply it!
At 08:58 26.03.2002 +1100, Andrew Bartlett wrote:
>Andrew Bartlett wrote:
> >
> > metzemix at gmx.de wrote:
> > >
> > > I have tested samba-3.0-alpha17, I used the pdb_ldap SAM backend.
> > >
> > > When I tried to connect to a samba share. I got an error:
> > > in the log something like this
> > >
> > > account for user test has expired!
> > >
> > > kickoffTime has unix timestamp 1001!!
> > >
> > > But there no entries for
> > > logonTime,logoffTime,kickoffTime,pwdMustChange,pwdCanChange in my
> ldap entry for user test. when I add the attribute
> > > kickoffTime=0.
> > >
> > > Then I got :
> > > account for user test password must change or something like this.
> > >
> > > I add pwdMustChange=0.
> > >
> > > and I have no problems!!!:-)
> > > the value 1001 for kickoffTime is the value of the primaryGroupID
> attribute,
> > > I tested it for a view users...
> > >
> > > I wrote a patch to set the defaults timestamps when there are no
> attributes
> > > in the ldap entry.
> > >
> > > logonTime=0
> > > pwdCanChange=0
> > > pwdMustChange=get_time_t_max();
> > > logoffTime=get_time_t_max();
> > > kickoffTime=get_time_t_max();
> >
> > Nice catch! I'll apply this shortly.
>
>On further inspection: Its was a simple stuffup on my part - the test
>is around the wrong way! The values are already initialsed, so setting
>them to new defaults doesn't help - but only setting them when we
>actually have somthing useful in 'temp' would certainly help.
>
>See if the attached patch works for you. (If it does I'll commit it).
>
>Andrew,
>
>--
>Andrew Bartlett abartlet at pcug.org.au
>Manager, Authentication Subsystems, Samba Team abartlet at samba.org
>Student Network Administrator, Hawker College abartlet at hawkerc.net
>http://samba.org http://build.samba.org http://hawkerc.netIndex:
>passdb/pdb_ldap.c
>===================================================================
>RCS file: /data/cvs/samba/source/passdb/pdb_ldap.c,v
>retrieving revision 1.27
>diff -u -r1.27 pdb_ldap.c
>--- passdb/pdb_ldap.c 2002/03/23 08:32:20 1.27
>+++ passdb/pdb_ldap.c 2002/03/25 21:55:11
>@@ -562,30 +562,44 @@
> }
> }
>
>- get_single_attribute(ldap_struct, entry, "pwdLastSet", temp);
>- pass_last_set_time = (time_t) atol(temp);
>+ if (!get_single_attribute(ldap_struct, entry, "pwdLastSet", temp)) {
>+ /* leave as default */
>+ } else {
>+ pass_last_set_time = (time_t) atol(temp);
>+ pdb_set_pass_last_set_time(sampass, pass_last_set_time);
>+ }
>
> if (!get_single_attribute(ldap_struct, entry, "logonTime", temp)) {
>+ /* leave as default */
>+ } else {
> logon_time = (time_t) atol(temp);
> pdb_set_logon_time(sampass, logon_time, True);
> }
>
> if (!get_single_attribute(ldap_struct, entry, "logoffTime", temp)) {
>+ /* leave as default */
>+ } else {
> logoff_time = (time_t) atol(temp);
> pdb_set_logoff_time(sampass, logoff_time, True);
> }
>
> if (!get_single_attribute(ldap_struct, entry, "kickoffTime", temp)) {
>+ /* leave as default */
>+ } else {
> kickoff_time = (time_t) atol(temp);
> pdb_set_kickoff_time(sampass, kickoff_time, True);
> }
>
> if (!get_single_attribute(ldap_struct, entry, "pwdCanChange",
> temp)) {
>+ /* leave as default */
>+ } else {
> pass_can_change_time = (time_t) atol(temp);
> pdb_set_pass_can_change_time(sampass,
> pass_can_change_time, True);
> }
>
> if (!get_single_attribute(ldap_struct, entry, "pwdMustChange",
> temp)) {
>+ /* leave as default */
>+ } else {
> pass_must_change_time = (time_t) atol(temp);
> pdb_set_pass_must_change_time(sampass,
> pass_must_change_time, True);
> }
>@@ -597,69 +611,98 @@
> */
>
> if (!get_single_attribute(ldap_struct, entry, "cn", fullname)) {
>- get_single_attribute(ldap_struct, entry, "displayName",
>fullname);
>+ if (!get_single_attribute(ldap_struct, entry,
>"displayName", fullname)) {
>+ /* leave as default */
>+ } else {
>+ pdb_set_fullname(sampass, fullname);
>+ }
>+ } else {
>+ pdb_set_fullname(sampass, fullname);
> }
>
>-
> if (!get_single_attribute(ldap_struct, entry, "homeDrive",
> dir_drive)) {
> pstrcpy(dir_drive, lp_logon_drive());
> standard_sub_advanced(-1, username, "", gid, username,
> dir_drive);
> DEBUG(5,("homeDrive fell back to %s\n",dir_drive));
> pdb_set_dir_drive(sampass, dir_drive, False);
>- }
>- else
>+ } else {
> pdb_set_dir_drive(sampass, dir_drive, True);
>+ }
>
> if (!get_single_attribute(ldap_struct, entry, "smbHome", homedir)) {
> pstrcpy(homedir, lp_logon_home());
> standard_sub_advanced(-1, username, "", gid, username,
> homedir);
> DEBUG(5,("smbHome fell back to %s\n",homedir));
> pdb_set_homedir(sampass, homedir, False);
>- }
>- else
>+ } else {
> pdb_set_homedir(sampass, homedir, True);
>+ }
>
> if (!get_single_attribute(ldap_struct, entry, "scriptPath",
> logon_script)) {
> pstrcpy(logon_script, lp_logon_script());
> standard_sub_advanced(-1, username, "", gid, username,
> logon_script);
> DEBUG(5,("scriptPath fell back to %s\n",logon_script));
> pdb_set_logon_script(sampass, logon_script, False);
>- }
>- else
>+ } else {
> pdb_set_logon_script(sampass, logon_script, True);
>+ }
>
> if (!get_single_attribute(ldap_struct, entry, "profilePath",
> profile_path)) {
> pstrcpy(profile_path, lp_logon_path());
> standard_sub_advanced(-1, username, "", gid, username,
> profile_path);
> DEBUG(5,("profilePath fell back to %s\n",profile_path));
> pdb_set_profile_path(sampass, profile_path, False);
>- }
>- else
>+ } else {
> pdb_set_profile_path(sampass, profile_path, True);
>-
>- get_single_attribute(ldap_struct, entry, "description", acct_desc);
>- get_single_attribute(ldap_struct, entry, "userWorkstations",
>workstations);
>+ }
>+
>+ if (!get_single_attribute(ldap_struct, entry, "description",
>acct_desc)) {
>+ /* leave as default */
>+ } else {
>+ pdb_set_acct_desc(sampass, acct_desc);
>+ }
>+
>+ if (!get_single_attribute(ldap_struct, entry, "userWorkstations",
>workstations)) {
>+ /* leave as default */;
>+ } else {
>+ pdb_set_workstations(sampass, workstations);
>+ }
>+
> /* FIXME: hours stuff should be cleaner */
>
> logon_divs = 168;
> hours_len = 21;
> memset(hours, 0xff, hours_len);
>
>- get_single_attribute (ldap_struct, entry, "lmPassword", temp);
>- pdb_gethexpwd(temp, smblmpwd);
>- memset((char *)temp, '\0', sizeof(temp));
>- get_single_attribute (ldap_struct, entry, "ntPassword", temp);
>- pdb_gethexpwd(temp, smbntpwd);
>- memset((char *)temp, '\0', sizeof(temp));
>- get_single_attribute (ldap_struct, entry, "acctFlags", temp);
>- acct_ctrl = pdb_decode_acct_ctrl(temp);
>+ if (!get_single_attribute (ldap_struct, entry, "lmPassword", temp)) {
>+ /* leave as default */
>+ } else {
>+ pdb_gethexpwd(temp, smblmpwd);
>+ memset((char *)temp, '\0', sizeof(temp));
>+ if (!pdb_set_lanman_passwd(sampass, smblmpwd))
>+ return False;
>+ }
>
>- if (acct_ctrl == 0)
>+ if (!get_single_attribute (ldap_struct, entry, "ntPassword", temp)) {
>+ /* leave as default */
>+ } else {
>+ pdb_gethexpwd(temp, smbntpwd);
>+ memset((char *)temp, '\0', sizeof(temp));
>+ if (!pdb_set_nt_passwd(sampass, smbntpwd))
>+ return False;
>+ }
>+
>+ if (!get_single_attribute (ldap_struct, entry, "acctFlags", temp)) {
> acct_ctrl |= ACB_NORMAL;
>-
>- pdb_set_acct_ctrl(sampass, acct_ctrl);
>- pdb_set_pass_last_set_time(sampass, pass_last_set_time);
>+ } else {
>+ acct_ctrl = pdb_decode_acct_ctrl(temp);
>+
>+ if (acct_ctrl == 0)
>+ acct_ctrl |= ACB_NORMAL;
>
>+ pdb_set_acct_ctrl(sampass, acct_ctrl);
>+ }
>+
> pdb_set_hours_len(sampass, hours_len);
> pdb_set_logon_divs(sampass, logon_divs);
>
>@@ -671,17 +714,8 @@
> pdb_set_domain(sampass, domain);
> pdb_set_nt_username(sampass, nt_username);
>
>- pdb_set_fullname(sampass, fullname);
>-
>- pdb_set_acct_desc(sampass, acct_desc);
>- pdb_set_workstations(sampass, workstations);
> pdb_set_munged_dial(sampass, munged_dial);
>
>- if (!pdb_set_nt_passwd(sampass, smbntpwd))
>- return False;
>- if (!pdb_set_lanman_passwd(sampass, smblmpwd))
>- return False;
>-
> /* pdb_set_unknown_3(sampass, unknown3); */
> /* pdb_set_unknown_5(sampass, unknown5); */
> /* pdb_set_unknown_6(sampass, unknown6); */
metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <metze at metzemix.de>
More information about the samba-technical
mailing list