Author: idra Date: 2004-12-10 15:49:24 +0000 (Fri, 10 Dec 2004) New Revision: 4131
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4131 Log: keep trunk inline with 3.0 was missing logon hours handling facility Modified: trunk/source/utils/pdbedit.c Changeset: Modified: trunk/source/utils/pdbedit.c =================================================================== --- trunk/source/utils/pdbedit.c 2004-12-10 10:42:47 UTC (rev 4130) +++ trunk/source/utils/pdbedit.c 2004-12-10 15:49:24 UTC (rev 4131) @@ -36,35 +36,38 @@ #define BIT_LOGSCRIPT 0x00000800 #define BIT_PROFILE 0x00001000 #define BIT_MACHINE 0x00002000 -#define BIT_RESERV_4 0x00004000 -#define BIT_USER 0x00008000 -#define BIT_LIST 0x00010000 -#define BIT_MODIFY 0x00020000 -#define BIT_CREATE 0x00040000 -#define BIT_DELETE 0x00080000 -#define BIT_ACCPOLICY 0x00100000 -#define BIT_ACCPOLVAL 0x00200000 -#define BIT_ACCTCTRL 0x00400000 -#define BIT_RESERV_7 0x00800000 -#define BIT_IMPORT 0x01000000 -#define BIT_EXPORT 0x02000000 -#define BIT_FIX_INIT 0x04000000 -#define BIT_BADPWRESET 0x08000000 +#define BIT_USER 0x00004000 +#define BIT_LIST 0x00008000 +#define BIT_MODIFY 0x00010000 +#define BIT_CREATE 0x00020000 +#define BIT_DELETE 0x00040000 +#define BIT_ACCPOLICY 0x00080000 +#define BIT_ACCPOLVAL 0x00100000 +#define BIT_ACCTCTRL 0x00200000 +#define BIT_RESERV_7 0x00400000 +#define BIT_IMPORT 0x00800000 +#define BIT_EXPORT 0x01000000 +#define BIT_FIX_INIT 0x02000000 +#define BIT_BADPWRESET 0x04000000 +#define BIT_LOGONHOURS 0x08000000 #define BIT_TRUSTDOM 0x10000000 #define BIT_TRUSTPW 0x20000000 #define BIT_TRUSTSID 0x40000000 #define BIT_TRUSTFLAGS 0x80000000 #define MASK_ALWAYS_GOOD 0x0000001F -#define MASK_USER_GOOD 0x00401F00 +#define MASK_USER_GOOD 0x00201F00 /********************************************************* Add all currently available users to another db ********************************************************/ -static int export_database (struct pdb_context *in, struct pdb_context *out) { +static int export_database (struct pdb_context *in, struct pdb_context + *out, const char *username) { SAM_ACCOUNT *user = NULL; + DEBUG(3, ("called with username=\"%s\"\n", username)); + if (NT_STATUS_IS_ERR(in->pdb_setsampwent(in, 0))) { fprintf(stderr, "Can't sampwent!\n"); return 1; @@ -76,10 +79,17 @@ } while (NT_STATUS_IS_OK(in->pdb_getsampwent(in, user))) { - out->pdb_add_sam_account(out, user); - if (!NT_STATUS_IS_OK(pdb_reset_sam(user))){ - fprintf(stderr, "Can't reset SAM_ACCOUNT!\n"); - return 1; + DEBUG(4, ("Processing account %s\n", + user->private.username)); + if (!username || + (strcmp(username, user->private.username) + == 0)) { + out->pdb_add_sam_account(out, user); + if (!NT_STATUS_IS_OK(pdb_reset_sam(user))) { + fprintf(stderr, + "Can't reset SAM_ACCOUNT!\n"); + return 1; + } } } @@ -125,6 +135,9 @@ if (!sam_pwent) return -1; if (verbosity) { + pstring temp; + const uint8 *hours; + printf ("Unix username: %s\n", pdb_get_username(sam_pwent)); printf ("NT username: %s\n", pdb_get_nt_username(sam_pwent)); printf ("Account Flags: %s\n", pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent), NEW_PW_FORMAT_SPACE_PADDED_LEN)); @@ -164,6 +177,10 @@ printf ("Last bad password : %s\n", tmp ? http_timestring(tmp) : "0"); printf ("Bad password count : %d\n", pdb_get_bad_password_count(sam_pwent)); + + hours = pdb_get_hours(sam_pwent); + pdb_sethexhours(temp, (const char *)hours); + printf ("Logon hours : %s\n", temp); } else if (smbpwdstyle) { char lm_passwd[33]; @@ -459,7 +476,7 @@ const char *drive, const char *script, const char *profile, const char *account_control, const char *user_sid, const char *group_sid, - const BOOL badpw) + const BOOL badpw, const BOOL hours) { BOOL updated_autolock = False, updated_badpw = False; SAM_ACCOUNT *sam_pwent=NULL; @@ -473,7 +490,17 @@ pdb_free_sam(&sam_pwent); return -1; } - + + if (hours) { + uint8 hours_array[MAX_HOURS_LEN]; + uint32 hours_len; + + hours_len = pdb_get_hours_len(sam_pwent); + memset(hours_array, 0xff, hours_len); + + pdb_set_hours(sam_pwent, hours_array, PDB_CHANGED); + } + if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) { DEBUG(2,("pdb_update_autolock_flag failed.\n")); } @@ -1036,6 +1063,7 @@ static long int account_policy_value = 0; BOOL account_policy_value_set = False; static BOOL badpw_reset = False; + static BOOL hours_reset = False; /* trust password parameters */ static char *trustpw = NULL; static char *trustsid = NULL; @@ -1075,6 +1103,7 @@ {"account-control", 'c', POPT_ARG_STRING, &account_control, 0, "Values of account control", NULL}, {"force-initialized-passwords", 0, POPT_ARG_NONE, &force_initialised_password, 0, "Force initialization of corrupt password strings in a passdb backend", NULL}, {"bad-password-count-reset", 'z', POPT_ARG_NONE, &badpw_reset, 0, "reset bad password count", NULL}, + {"logon-hours-reset", 'Z', POPT_ARG_NONE, &hours_reset, 0, "reset logon hours", NULL}, POPT_COMMON_SAMBA POPT_TABLEEND }; @@ -1132,7 +1161,8 @@ (account_policy_value_set ? BIT_ACCPOLVAL : 0) + (backend_in ? BIT_IMPORT : 0) + (backend_out ? BIT_EXPORT : 0) + - (badpw_reset ? BIT_BADPWRESET : 0); + (badpw_reset ? BIT_BADPWRESET : 0) + + (hours_reset ? BIT_LOGONHOURS : 0); if (setparms & BIT_BACKEND) { if (!NT_STATUS_IS_OK(make_pdb_context_string(&bdef, backend))) { @@ -1186,7 +1216,7 @@ /* import and export operations */ if (((checkparms & BIT_IMPORT) || (checkparms & BIT_EXPORT)) - && !(checkparms & ~(BIT_IMPORT +BIT_EXPORT))) { + && !(checkparms & ~(BIT_IMPORT +BIT_EXPORT +BIT_USER))) { if (backend_in) { if (!NT_STATUS_IS_OK(make_pdb_context_string(&bin, backend_in))) { fprintf(stderr, "Can't initialize passdb backend.\n"); @@ -1204,9 +1234,13 @@ bout = bdef; } if (transfer_groups) { - return export_groups(bin, bout); + if (!(checkparms & BIT_USER)) + return export_groups(bin, bout); } else { - return export_database(bin, bout); + if (checkparms & BIT_USER) + return export_database(bin, bout, user_name); + else + return export_database(bin, bout, NULL); } } @@ -1244,7 +1278,13 @@ checkparms |= BIT_MODIFY; checkparms &= ~BIT_BADPWRESET; } - + + /* if logon hours is reset, must modify */ + if (checkparms & BIT_LOGONHOURS) { + checkparms |= BIT_MODIFY; + checkparms &= ~BIT_LOGONHOURS; + } + /* account operation */ if ((checkparms & BIT_CREATE) || (checkparms & BIT_MODIFY) || (checkparms & BIT_DELETE)) { /* check use of -u option */ @@ -1287,7 +1327,7 @@ logon_script, profile_path, account_control, user_sid, group_sid, - badpw_reset); + badpw_reset, hours_reset); } }