diff options
author | Günther Deschner <gd@samba.org> | 2005-01-22 03:37:09 +0000 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2005-01-22 03:37:09 +0000 |
commit | 1f2e39014e1be1f45fba411bab5598446020c012 (patch) | |
tree | 96dbb77b3d4bbd22becc12132feb997517f21aef /source/utils | |
parent | a76937fa16a3472b0b539d1d87e7df940dd09955 (diff) | |
download | samba-1f2e39014e1be1f45fba411bab5598446020c012.tar.gz samba-1f2e39014e1be1f45fba411bab5598446020c012.tar.xz samba-1f2e39014e1be1f45fba411bab5598446020c012.zip |
r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.
Guenther
Diffstat (limited to 'source/utils')
-rw-r--r-- | source/utils/net_rpc_samsync.c | 18 | ||||
-rw-r--r-- | source/utils/pdbedit.c | 42 |
2 files changed, 44 insertions, 16 deletions
diff --git a/source/utils/net_rpc_samsync.c b/source/utils/net_rpc_samsync.c index 320341ec050..2db8ff054b0 100644 --- a/source/utils/net_rpc_samsync.c +++ b/source/utils/net_rpc_samsync.c @@ -1000,34 +1000,34 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) } - if (!account_policy_set(AP_PASSWORD_HISTORY, delta->pwd_history_len)) + if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, delta->pwd_history_len)) return nt_status; - if (!account_policy_set(AP_MIN_PASSWORD_LEN, delta->min_pwd_len)) + if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, delta->min_pwd_len)) return nt_status; - if (!account_policy_set(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) + if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) return nt_status; - if (!account_policy_set(AP_MIN_PASSWORD_AGE, (uint32)u_min_age)) + if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age)) return nt_status; - if (!account_policy_set(AP_TIME_TO_LOGOUT, (uint32)u_logout)) + if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout)) return nt_status; - if (!account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) + if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) return nt_status; - if (!account_policy_set(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) + if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) return nt_status; if (u_lockouttime != -1) u_lockouttime /= 60; - if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) + if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) return nt_status; - if (!account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) + if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) return nt_status; return NT_STATUS_OK; diff --git a/source/utils/pdbedit.c b/source/utils/pdbedit.c index 3584ef0367a..d29b6ea66cb 100644 --- a/source/utils/pdbedit.c +++ b/source/utils/pdbedit.c @@ -119,6 +119,27 @@ static int export_groups (struct pdb_context *in, struct pdb_context *out) { } /********************************************************* + Add all currently available account policy from tdb to one backend + ********************************************************/ + +static int export_account_policies (struct pdb_context *in, struct pdb_context *out) +{ + int i; + + for (i=1; decode_account_policy_name(i) != NULL; i++) { + uint32 policy_value; + if (NT_STATUS_IS_ERR(in->pdb_get_account_policy(in, i, &policy_value))) { + fprintf(stderr, "Can't get account policy from tdb\n"); + return -1; + } + out->pdb_set_account_policy(out, i, policy_value); + } + + return 0; +} + + +/********************************************************* Print info from sam structure **********************************************************/ @@ -648,6 +669,7 @@ int main (int argc, char **argv) static char *backend_in = NULL; static char *backend_out = NULL; static BOOL transfer_groups = False; + static BOOL transfer_account_policies = False; static BOOL force_initialised_password = False; static char *logon_script = NULL; static char *profile_path = NULL; @@ -688,6 +710,7 @@ int main (int argc, char **argv) {"import", 'i', POPT_ARG_STRING, &backend_in, 0, "import user accounts from this backend", NULL}, {"export", 'e', POPT_ARG_STRING, &backend_out, 0, "export user accounts to this backend", NULL}, {"group", 'g', POPT_ARG_NONE, &transfer_groups, 0, "use -i and -e for groups", NULL}, + {"policies", 'y', POPT_ARG_NONE, &transfer_account_policies, 0, "use -i and -e to move account policies between backends", NULL}, {"account-policy", 'P', POPT_ARG_STRING, &account_policy, 0,"value of an account policy (like maximum password age)",NULL}, {"value", 'C', POPT_ARG_LONG, &account_policy_value, 'C',"set the account policy to this value", NULL}, {"account-control", 'c', POPT_ARG_STRING, &account_control, 0, "Values of account control", NULL}, @@ -787,20 +810,22 @@ int main (int argc, char **argv) SAFE_FREE(apn); exit(1); } - if (!account_policy_get(field, &value)) { + if (!pdb_get_account_policy(field, &value)) { fprintf(stderr, "valid account policy, but unable to fetch value!\n"); - exit(1); + if (!account_policy_value_set) + exit(1); } + printf("account policy \"%s\" description: %s\n", account_policy, account_policy_get_comment(field)); if (account_policy_value_set) { - printf("account policy value for %s was %u\n", account_policy, value); - if (!account_policy_set(field, account_policy_value)) { + printf("account policy \"%s\" value was: %u\n", account_policy, value); + if (!pdb_set_account_policy(field, account_policy_value)) { fprintf(stderr, "valid account policy, but unable to set value!\n"); exit(1); } - printf("account policy value for %s is now %lu\n", account_policy, account_policy_value); + printf("account policy \"%s\" value is now: %lu\n", account_policy, account_policy_value); exit(0); } else { - printf("account policy value for %s is %u\n", account_policy, value); + printf("account policy \"%s\" value is: %u\n", account_policy, value); exit(0); } } @@ -824,7 +849,10 @@ int main (int argc, char **argv) } else { bout = bdef; } - if (transfer_groups) { + if (transfer_account_policies) { + if (!(checkparms & BIT_USER)) + return export_account_policies(bin, bout); + } else if (transfer_groups) { if (!(checkparms & BIT_USER)) return export_groups(bin, bout); } else { |