[patch] migration of additional user attributes

Lars MÜLLER lmuelle at SuSE.de
Sat Oct 30 09:31:43 GMT 2004 

On Sat, Oct 30, 2004 at 10:01:40AM +1000, Andrew Bartlett wrote:
> On Fri, 2004-10-29 at 03:53, Lars MÜLLER wrote:
> > 
> > the attached patch tries to migrate several informations available in
> > SAM_ACCOUNT_INFO which are not yet propageted to SAM_ACCOUNT.
> > 
> > bad_pwd_count is stored as bad_password_count
> > logon_count as logon_count
> > 
> > acct_expiry_time is new to SAM_ACCOUNT.
> 
> How does it differ from the kickoff time?

I'm not sure.  But an expired account might be never used.  While a user
kicked off by kickoff time might be only kicked off once.  And as we
know that there are account expiry time and kickoff time in the struct,
I would prefer to use a new variable to store the account expiry time.

> > sam_account_ok() returns with NT_STATUS_ACCOUNT_EXPIRED if the account
> > is expired.
> > 
> > If delta->pwd_expired is set I manipulate must_change_time and
> > last_set_time to trigger a NT_STATUS_PASSWORD_MUST_CHANGE from a call to
> > sam_account_ok() for this user.
> > 
> > Unfortunately I can't test this as I currently happily only have Linux
> > boxes available.  But it compiles and links without additional warnings.
> 
> Well, you will need to find that friendly DC :-)

And also someone who fixes the backends.  There was already a moment
when I thought:  This was to simple. ;)  I'll do this next.

> > I'm not sure if this is the right approach or if I'm completely wrong.
> > But if this is the right direction I'll try to add logon_hours next.
> 
> It looks pretty much how it should be, except that I suspect the
> nt_time_is_zero stuff might really be dependent on separate flags, and
> the zeros are just initialisation.  (that's how it is in SAMR)

So you'll fix it in Samba 4 and then we port it back to 3. ;)

For now I'll remove the nt_time_is_zero check for the acct_expiry_time
and add a note that a zero might even have a meaning.

Lars
-- 
Lars MÜLLER [ˈlaː(r)z ˈmʏlɐ]
SuSE Linux AG, Maxfeldstraße 5, 90409 Nürnberg, Germany
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20041030/7e0c28ea/attachment.bin

More information about the samba-technical mailing list