BOOL account_policy_migrated(BOOL init) { pstring key; uint32 val; time_t now; slprintf(key, sizeof(key)-1, "AP_MIGRATED_TO_PASSDB"); if (!init_account_policy()) { return False; } if (init) { now = time(NULL); if (!tdb_store_uint32(tdb, key, (uint32)now)) { DEBUG(1, ("tdb_store_uint32 failed for %s\n", key)); return False; } return True; } if (!tdb_fetch_uint32(tdb, key, &val)) { return False; } return True; }
BOOL init_account_policy(void) { const char *vstring = "INFO/version"; uint32 version; int i; if (tdb) { return True; } tdb = tdb_open_log(lock_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb) { DEBUG(0,("Failed to open account policy database\n")); return False; } /* handle a Samba upgrade */ tdb_lock_bystring(tdb, vstring); if (!tdb_fetch_uint32(tdb, vstring, &version) || version != DATABASE_VERSION) { tdb_store_uint32(tdb, vstring, DATABASE_VERSION); for (i=0; account_policy_names[i].field; i++) { if (!account_policy_set_default_on_empty(account_policy_names[i].field)) { DEBUG(0,("failed to set default value in account policy tdb\n")); return False; } } } tdb_unlock_bystring(tdb, vstring); /* These exist by default on NT4 in [HKLM\SECURITY\Policy\Accounts] */ privilege_create_account( &global_sid_World ); privilege_create_account( &global_sid_Builtin_Account_Operators ); privilege_create_account( &global_sid_Builtin_Server_Operators ); privilege_create_account( &global_sid_Builtin_Print_Operators ); privilege_create_account( &global_sid_Builtin_Backup_Operators ); /* BUILTIN\Administrators get everything -- *always* */ if ( lp_enable_privileges() ) { if ( !grant_all_privileges( &global_sid_Builtin_Administrators ) ) { DEBUG(1,("init_account_policy: Failed to grant privileges " "to BUILTIN\\Administrators!\n")); } } return True; }
BOOL account_policy_set(int field, uint32 value) { fstring name; if(!init_account_policy())return False; fstrcpy(name, decode_account_policy_name(field)); if (!*name) { DEBUG(1, ("Field %d is not a valid account policy type! Cannot set.\n", field)); return False; } if (!tdb_store_uint32(tdb, name, value)) { DEBUG(1, ("tdb_store_uint32 failed for field %d (%s) on value %u", field, name, value)); return False; } DEBUG(10,("account_policy_set: %s:%d\n", name, value)); return True; }
static BOOL account_policy_cache_timestamp(uint32 *value, BOOL update, const char *ap_name) { pstring key; uint32 val = 0; time_t now; if (ap_name == NULL) return False; slprintf(key, sizeof(key)-1, "%s/%s", ap_name, AP_LASTSET); if (!init_account_policy()) { return False; } if (!tdb_fetch_uint32(tdb, key, &val) && !update) { DEBUG(10,("failed to get last set timestamp of cache\n")); return False; } *value = val; DEBUG(10, ("account policy cache lastset was: %s\n", http_timestring(val))); if (update) { now = time(NULL); if (!tdb_store_uint32(tdb, key, (uint32)now)) { DEBUG(1, ("tdb_store_uint32 failed for %s\n", key)); return False; } DEBUG(10, ("account policy cache lastset now: %s\n", http_timestring(now))); *value = now; } return True; }
bool tdb_change_uint32_atomic(struct tdb_context *tdb, const char *keystr, uint32_t *oldval, uint32_t change_val) { uint32_t val; bool ret = false; if (tdb_lock_bystring(tdb, keystr) == -1) return false; if (!tdb_fetch_uint32(tdb, keystr, &val)) { /* It failed */ if (tdb_error(tdb) != TDB_ERR_NOEXIST) { /* and not because it didn't exist */ goto err_out; } /* Start with 'old' value */ val = *oldval; } else { /* it worked, set return value (oldval) to tdb data */ *oldval = val; } /* get a new value to store */ val += change_val; if (!tdb_store_uint32(tdb, keystr, val)) goto err_out; ret = true; err_out: tdb_unlock_bystring(tdb, keystr); return ret; }
BOOL init_account_policy(void) { static pid_t local_pid; const char *vstring = "INFO/version"; uint32 version; if (tdb && local_pid == sys_getpid()) return True; tdb = tdb_open_log(lock_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb) { DEBUG(0,("Failed to open account policy database\n")); return False; } local_pid = sys_getpid(); /* handle a Samba upgrade */ tdb_lock_bystring(tdb, vstring,0); if (!tdb_fetch_uint32(tdb, vstring, &version) || version != DATABASE_VERSION) { tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); tdb_store_uint32(tdb, vstring, DATABASE_VERSION); account_policy_set(AP_MIN_PASSWORD_LEN, MINPASSWDLENGTH); /* 5 chars minimum */ account_policy_set(AP_PASSWORD_HISTORY, 0); /* don't keep any old password */ account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, 0); /* don't force user to logon */ account_policy_set(AP_MAX_PASSWORD_AGE, (uint32)-1); /* don't expire */ account_policy_set(AP_MIN_PASSWORD_AGE, 0); /* 0 days */ account_policy_set(AP_LOCK_ACCOUNT_DURATION, 30); /* lockout for 30 minutes */ account_policy_set(AP_RESET_COUNT_TIME, 30); /* reset after 30 minutes */ account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, 0); /* don't lockout */ account_policy_set(AP_TIME_TO_LOGOUT, -1); /* don't force logout */ } tdb_unlock_bystring(tdb, vstring); return True; }