Author: jmcd Date: 2006-10-03 16:48:02 +0000 (Tue, 03 Oct 2006) New Revision: 19057
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19057 Log: backout 18726, 18748, 18754, 18758 from 3.0.23 until further testing in SAMBA_3_0. password times go back to previous functionality, for now. Modified: branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c branches/SAMBA_3_0_23/source/utils/net_sam.c branches/SAMBA_3_0_23/source/utils/pdbedit.c Changeset: Modified: branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c =================================================================== --- branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c 2006-10-03 12:21:02 UTC (rev 19056) +++ branches/SAMBA_3_0_23/source/passdb/pdb_get_set.c 2006-10-03 16:48:02 UTC (rev 19057) @@ -72,32 +72,12 @@ time_t pdb_get_pass_can_change_time(const struct samu *sampass) { - uint32 allow; - - if (sampass->pass_last_set_time == 0) - return (time_t) 0; - - if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow)) - allow = 0; - - return sampass->pass_last_set_time + allow; + return sampass->pass_can_change_time; } time_t pdb_get_pass_must_change_time(const struct samu *sampass) { - uint32 expire; - - if (sampass->pass_last_set_time == 0) - return (time_t) 0; - - if (sampass->acct_ctrl & ACB_PWNOEXP) - return get_time_t_max(); - - if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) - || expire == (uint32)-1 || expire == 0) - return get_time_t_max(); - - return sampass->pass_last_set_time + expire; + return sampass->pass_must_change_time; } uint16 pdb_get_logon_divs(const struct samu *sampass) Modified: branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c =================================================================== --- branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c 2006-10-03 12:21:02 UTC (rev 19056) +++ branches/SAMBA_3_0_23/source/rpc_parse/parse_samr.c 2006-10-03 16:48:02 UTC (rev 19057) @@ -6208,7 +6208,6 @@ pass_last_set_time, pass_can_change_time, pass_must_change_time; - time_t must_change_time; const char* user_name = pdb_get_username(pw); const char* full_name = pdb_get_fullname(pw); const char* home_dir = pdb_get_homedir(pw); @@ -6233,16 +6232,12 @@ } /* Create NTTIME structs */ - unix_to_nt_time (&logon_time, pdb_get_logon_time(pw)); - unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw)); + unix_to_nt_time (&logon_time, pdb_get_logon_time(pw)); + unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw)); unix_to_nt_time (&kickoff_time, pdb_get_kickoff_time(pw)); - unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw)); - unix_to_nt_time (&pass_can_change_time,pdb_get_pass_can_change_time(pw)); - must_change_time = pdb_get_pass_must_change_time(pw); - if (must_change_time == get_time_t_max()) - unix_to_nt_time_abs(&pass_must_change_time, must_change_time); - else - unix_to_nt_time(&pass_must_change_time, must_change_time); + unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw)); + unix_to_nt_time (&pass_can_change_time, pdb_get_pass_can_change_time(pw)); + unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(pw)); /* structure assignment */ usr->logon_time = logon_time; Modified: branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c =================================================================== --- branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c 2006-10-03 12:21:02 UTC (rev 19056) +++ branches/SAMBA_3_0_23/source/rpc_server/srv_samr_util.c 2006-10-03 16:48:02 UTC (rev 19057) @@ -99,6 +99,14 @@ pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); } + if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) { + unix_time=nt_time_to_unix(&from->pass_can_change_time); + stored_time = pdb_get_pass_can_change_time(to); + DEBUG(10,("INFO_21 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED); + } + if (from->fields_present & ACCT_LAST_PWD_CHANGE) { unix_time=nt_time_to_unix(&from->pass_last_set_time); stored_time = pdb_get_pass_last_set_time(to); @@ -107,6 +115,14 @@ pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); } + if (from->fields_present & ACCT_FORCE_PWD_CHANGE) { + unix_time=nt_time_to_unix(&from->pass_must_change_time); + stored_time=pdb_get_pass_must_change_time(to); + DEBUG(10,("INFO_21 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED); + } + if ((from->fields_present & ACCT_USERNAME) && (from->hdr_user_name.buffer)) { old_string = pdb_get_username(to); @@ -268,16 +284,26 @@ } } - /* If the must change flag is set, the last set time goes to zero. - the must change and can change fields also do, but they are - calculated from policy, not set from the wire */ - - if (from->fields_present & ACCT_EXPIRED_FLAG) { - DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); - if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) { - pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); - } else { - pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED); + DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); + if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { + pdb_set_pass_must_change_time(to,0, PDB_CHANGED); + } else { + uint32 expire; + time_t new_time; + if (pdb_get_pass_must_change_time(to) == 0) { + if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) + || expire == (uint32)-1) { + new_time = get_time_t_max(); + } else { + time_t old_time = pdb_get_pass_last_set_time(to); + new_time = old_time + expire; + if ((new_time) < time(0)) { + new_time = time(0) + expire; + } + } + if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) { + DEBUG (0, ("pdb_set_pass_must_change_time failed!\n")); + } } } @@ -322,6 +348,14 @@ pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); } + if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) { + unix_time=nt_time_to_unix(&from->pass_can_change_time); + stored_time = pdb_get_pass_can_change_time(to); + DEBUG(10,("INFO_23 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED); + } + if (from->fields_present & ACCT_LAST_PWD_CHANGE) { unix_time=nt_time_to_unix(&from->pass_last_set_time); stored_time = pdb_get_pass_last_set_time(to); @@ -330,6 +364,14 @@ pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); } + if (from->fields_present & ACCT_FORCE_PWD_CHANGE) { + unix_time=nt_time_to_unix(&from->pass_must_change_time); + stored_time=pdb_get_pass_must_change_time(to); + DEBUG(10,("INFO_23 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED); + } + /* Backend should check this for sanity */ if ((from->fields_present & ACCT_USERNAME) && (from->hdr_user_name.buffer)) { @@ -482,16 +524,26 @@ } } - /* If the must change flag is set, the last set time goes to zero. - the must change and can change fields also do, but they are - calculated from policy, not set from the wire */ - - if (from->fields_present & ACCT_EXPIRED_FLAG) { - DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); - if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) { - pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); - } else { - pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED); + DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); + if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { + pdb_set_pass_must_change_time(to,0, PDB_CHANGED); + } else { + uint32 expire; + time_t new_time; + if (pdb_get_pass_must_change_time(to) == 0) { + if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) + || expire == (uint32)-1) { + new_time = get_time_t_max(); + } else { + time_t old_time = pdb_get_pass_last_set_time(to); + new_time = old_time + expire; + if ((new_time) < time(0)) { + new_time = time(0) + expire; + } + } + if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) { + DEBUG (0, ("pdb_set_pass_must_change_time failed!\n")); + } } } @@ -535,6 +587,14 @@ pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); } + if (from->fields_present & ACCT_ALLOW_PWD_CHANGE) { + unix_time=nt_time_to_unix(&from->pass_can_change_time); + stored_time = pdb_get_pass_can_change_time(to); + DEBUG(10,("INFO_25 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED); + } + if (from->fields_present & ACCT_LAST_PWD_CHANGE) { unix_time=nt_time_to_unix(&from->pass_last_set_time); stored_time = pdb_get_pass_last_set_time(to); @@ -543,6 +603,14 @@ pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); } + if (from->fields_present & ACCT_FORCE_PWD_CHANGE) { + unix_time=nt_time_to_unix(&from->pass_must_change_time); + stored_time=pdb_get_pass_must_change_time(to); + DEBUG(10,("INFO_25 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED); + } + if ((from->fields_present & ACCT_USERNAME) && (from->hdr_user_name.buffer)) { old_string = pdb_get_username(to); Modified: branches/SAMBA_3_0_23/source/utils/net_sam.c =================================================================== --- branches/SAMBA_3_0_23/source/utils/net_sam.c 2006-10-03 12:21:02 UTC (rev 19056) +++ branches/SAMBA_3_0_23/source/utils/net_sam.c 2006-10-03 16:48:02 UTC (rev 19057) @@ -206,20 +206,23 @@ } /* - * Set pass last change time, based on force pass change now + * Set a user's time field */ -static int net_sam_set_pwdmustchangenow(int argc, const char **argv) +static int net_sam_set_time(int argc, const char **argv, const char *field, + BOOL (*fn)(struct samu *, time_t, + enum pdb_value_state)) { struct samu *sam_acct = NULL; DOM_SID sid; enum SID_NAME_USE type; const char *dom, *name; NTSTATUS status; + time_t new_time; - if ((argc != 2) || (!strequal(argv[1], "yes") && - !strequal(argv[1], "no"))) { - d_fprintf(stderr, "usage: net sam set pwdmustchangenow <user> [yes|no]\n"); + if (argc != 2) { + d_fprintf(stderr, "usage: net sam set %s <user> " + "[now|YYYY-MM-DD HH:MM]\n", field); return -1; } @@ -235,6 +238,22 @@ return -1; } + if (strequal(argv[1], "now")) { + new_time = time(NULL); + } else { + struct tm tm; + char *end; + ZERO_STRUCT(tm); + end = strptime(argv[1], "%Y-%m-%d %H:%M", &tm); + new_time = mktime(&tm); + if ((end == NULL) || (*end != '\0') || (new_time == -1)) { + d_fprintf(stderr, "Could not parse time string %s\n", + argv[1]); + return -1; + } + } + + if ( !(sam_acct = samu_new( NULL )) ) { d_fprintf(stderr, "Internal error\n"); return -1; @@ -245,10 +264,9 @@ return -1; } - if (strequal(argv[1], "yes")) { - pdb_set_pass_last_set_time(sam_acct, 0, PDB_CHANGED); - } else { - pdb_set_pass_last_set_time(sam_acct, time(NULL), PDB_CHANGED); + if (!fn(sam_acct, new_time, PDB_CHANGED)) { + d_fprintf(stderr, "Internal error\n"); + return -1; } status = pdb_update_sam_account(sam_acct); @@ -260,12 +278,22 @@ TALLOC_FREE(sam_acct); - d_fprintf(stderr, "Updated 'user must change password at next logon' for %s\\%s to %s\n", dom, - name, argv[1]); + d_printf("Updated %s for %s\\%s to %s\n", field, dom, name, argv[1]); return 0; } +static int net_sam_set_pwdmustchange(int argc, const char **argv) +{ + return net_sam_set_time(argc, argv, "pwdmustchange", + pdb_set_pass_must_change_time); +} +static int net_sam_set_pwdcanchange(int argc, const char **argv) +{ + return net_sam_set_time(argc, argv, "pwdcanchange", + pdb_set_pass_can_change_time); +} + /* * Set a user's or a group's comment */ @@ -348,8 +376,10 @@ "Disable/Enable a user's lockout flag" }, { "pwnoexp", net_sam_set_pwnoexp, "Disable/Enable whether a user's pw does not expire" }, - { "pwdmustchangenow", net_sam_set_pwdmustchangenow, - "Force users password must change at next logon" }, + { "pwdmustchange", net_sam_set_pwdmustchange, + "Set a users password must change time" }, + { "pwdcanchange", net_sam_set_pwdcanchange, + "Set a users password can change time" }, {NULL, NULL} }; Modified: branches/SAMBA_3_0_23/source/utils/pdbedit.c =================================================================== --- branches/SAMBA_3_0_23/source/utils/pdbedit.c 2006-10-03 12:21:02 UTC (rev 19056) +++ branches/SAMBA_3_0_23/source/utils/pdbedit.c 2006-10-03 16:48:02 UTC (rev 19057) @@ -419,7 +419,8 @@ const char *drive, const char *script, const char *profile, const char *account_control, const char *user_sid, const char *user_domain, - const BOOL badpw, const BOOL hours) + const BOOL badpw, const BOOL hours, + time_t pwd_can_change, time_t pwd_must_change) { BOOL updated_autolock = False, updated_badpw = False; struct samu *sam_pwent=NULL; @@ -446,6 +447,14 @@ pdb_set_hours(sam_pwent, hours_array, PDB_CHANGED); } + if (pwd_can_change != -1) { + pdb_set_pass_can_change_time(sam_pwent, pwd_can_change, PDB_CHANGED); + } + + if (pwd_must_change != -1) { + pdb_set_pass_must_change_time(sam_pwent, pwd_must_change, PDB_CHANGED); + } + if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) { DEBUG(2,("pdb_update_autolock_flag failed.\n")); } @@ -769,6 +778,8 @@ BOOL account_policy_value_set = False; static BOOL badpw_reset = False; static BOOL hours_reset = False; + static char *pwd_can_change_time = NULL; + static char *pwd_must_change_time = NULL; static char *pwd_time_format = NULL; static BOOL pw_from_stdin = False; struct pdb_methods *bin, *bout, *bdef; @@ -803,6 +814,8 @@ {"force-initialized-passwords", 0, POPT_ARG_NONE, &force_initialised_password, 0, "Force initialization of corrupt password strings in a passdb backend", NULL}, {"bad-password-count-reset", 'z', POPT_ARG_NONE, &badpw_reset, 0, "reset bad password count", NULL}, {"logon-hours-reset", 'Z', POPT_ARG_NONE, &hours_reset, 0, "reset logon hours", NULL}, + {"pwd-can-change-time", 0, POPT_ARG_STRING, &pwd_can_change_time, 0, "Set password can change time (unix time in seconds since 1970 if time format not provided)", NULL }, + {"pwd-must-change-time", 0, POPT_ARG_STRING, &pwd_must_change_time, 0, "Set password must change time (unix time in seconds since 1970 if time format not provided)", NULL }, {"time-format", 0, POPT_ARG_STRING, &pwd_time_format, 0, "The time format for time parameters", NULL }, {"password-from-stdin", 't', POPT_ARG_NONE, &pw_from_stdin, 0, "get password from standard in", NULL}, POPT_COMMON_SAMBA @@ -865,7 +878,9 @@ (backend_in ? BIT_IMPORT : 0) + (backend_out ? BIT_EXPORT : 0) + (badpw_reset ? BIT_BADPWRESET : 0) + - (hours_reset ? BIT_LOGONHOURS : 0); + (hours_reset ? BIT_LOGONHOURS : 0) + + (pwd_can_change_time ? BIT_CAN_CHANGE: 0) + + (pwd_must_change_time ? BIT_MUST_CHANGE: 0); if (setparms & BIT_BACKEND) { if (!NT_STATUS_IS_OK(make_pdb_method_name( &bdef, backend ))) { @@ -1037,9 +1052,67 @@ /* account modification operations */ if (!(checkparms & ~(BIT_MODIFY + BIT_USER))) { + time_t pwd_can_change = -1; + time_t pwd_must_change = -1; + const char *errstr; + + if (pwd_can_change_time) { + errstr = "can"; + if (pwd_time_format) { + struct tm tm; + char *ret; + + memset(&tm, 0, sizeof(struct tm)); + ret = strptime(pwd_can_change_time, pwd_time_format, &tm); + if (ret == NULL || *ret != '\0') { + goto error; + } + + pwd_can_change = mktime(&tm); + + if (pwd_can_change == -1) { + goto error; + } + } else { /* assume it is unix time */ + errno = 0; + pwd_can_change = strtol(pwd_can_change_time, NULL, 10); + if (errno) { + goto error; + } + } + } + if (pwd_must_change_time) { + errstr = "must"; + if (pwd_time_format) { + struct tm tm; + char *ret; + + memset(&tm, 0, sizeof(struct tm)); + ret = strptime(pwd_must_change_time, pwd_time_format, &tm); + if (ret == NULL || *ret != '\0') { + goto error; + } + + pwd_must_change = mktime(&tm); + + if (pwd_must_change == -1) { + goto error; + } + } else { /* assume it is unix time */ + errno = 0; + pwd_must_change = strtol(pwd_must_change_time, NULL, 10); + if (errno) { + goto error; + } + } + } return set_user_info (bdef, user_name, full_name, home_dir, acct_desc, home_drive, logon_script, profile_path, account_control, - user_sid, user_domain, badpw_reset, hours_reset); + user_sid, user_domain, badpw_reset, hours_reset, pwd_can_change, + pwd_must_change); +error: + fprintf (stderr, "Error parsing the time in pwd-%s-change-time!\n", errstr); + return -1; } }