patch for account policy, min password age, on samba30a22
Jianliang Lu
j.lu at tiesse.com
Thu Mar 20 12:08:06 GMT 2003
Hi,
I'm working to complete the account policy that today worked only for min
password len. The first patch is for tne min passwod age, than others...
Now pdbedit is also patched to set/display the min/max password in number of
days, not seconds.
in attach is the patch.
Jianliang Lu
TieSse s.p.a.
j.lu at tiesse.com
luj at libero.it
-------------- next part --------------
--- samba-3.0alpha22/source/smbd/chgpasswd.c Thu Mar 20 12:29:04 2003
+++ samba-3.0alpha22/source/smbd/chgpasswd.c.fix Thu Mar 20 12:34:42 2003
@@ -944,6 +944,8 @@
{
BOOL ret;
uint32 min_len;
+ uint32 min_age;
+ time_t pwdLastSet;
if (time(NULL) < pdb_get_pass_can_change_time(hnd)) {
DEBUG(1, ("user %s cannot change password now, must wait until %s\n",
@@ -969,6 +971,15 @@
/* return NT_STATUS_PWD_TOO_SHORT; */
}
+ pwdLastSet = pdb_get_pass_last_set_time (hnd);
+ if (account_policy_get(AP_MIN_PASSWORD_AGE, &min_age) && ((time(NULL) - pwdLastSet) < min_age)) {
+ DEBUG(1, ("user %s cannot change password - password min age restriction \n",
+ pdb_get_username(hnd)));
+ DEBUGADD(1, (" account policy min password age = %d\n", min_age));
+ return NT_STATUS_PASSWORD_RESTRICTION;
+ }
+
+
/* TODO: Add cracklib support here */
/*
-------------- next part --------------
--- samba-3.0alpha22/source/utils/pdbedit.c Thu Mar 20 12:28:13 2003
+++ samba-3.0alpha22/source/utils/pdbedit.c.fix Thu Mar 20 12:42:50 2003
@@ -586,13 +586,21 @@
fprintf(stderr, "valid account policy, but unable to fetch value!\n");
exit(1);
}
+
+ if ((field == AP_MIN_PASSWORD_AGE) || (field == AP_MAX_PASSWORD_AGE)) {
+ value = (value) / 86400;
+ }
+
if (account_policy_value_set) {
+ if ((field == AP_MIN_PASSWORD_AGE) || (field == AP_MAX_PASSWORD_AGE)) {
+ account_policy_value = (account_policy_value) * 86400;
+ }
printf("account policy value for %s was %u\n", account_policy, value);
if (!account_policy_set(field, account_policy_value)) {
fprintf(stderr, "valid account policy, but unable to set value!\n");
exit(1);
}
- printf("account policy value for %s is now %lu\n", account_policy, account_policy_value);
+ printf("account policy value for %s is now %lu\n", account_policy, ((field == AP_MIN_PASSWORD_AGE) || (field == AP_MAX_PASSWORD_AGE)) ? account_policy_value/86400:account_policy_value);
exit(0);
} else {
printf("account policy value for %s is %u\n", account_policy, value);
More information about the samba-technical
mailing list