NTSTATUS (*sequence_number)(struct winbindd_domain *domain, uint32 *seq);
/* return the lockout policy */
- NTSTATUS (*lockout_policy)(struct winbindd_domain *domain,
+ NTSTATUS (*lockout_policy)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *lockout_policy);
-
+ struct samr_DomInfo12 *lockout_policy);
+
/* return the lockout policy */
- NTSTATUS (*password_policy)(struct winbindd_domain *domain,
+ NTSTATUS (*password_policy)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *password_policy);
-
+ struct samr_DomInfo1 *password_policy);
+
/* enumerate trusted domains */
NTSTATUS (*trusted_domains)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
centry_free(centry);
}
-static void wcache_save_lockout_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_12 *lockout_policy)
+static void wcache_save_lockout_policy(struct winbindd_domain *domain,
+ NTSTATUS status,
+ struct samr_DomInfo12 *lockout_policy)
{
struct cache_entry *centry;
if (!centry)
return;
- centry_put_nttime(centry, lockout_policy->duration);
- centry_put_nttime(centry, lockout_policy->reset_count);
- centry_put_uint16(centry, lockout_policy->bad_attempt_lockout);
+ centry_put_nttime(centry, lockout_policy->lockout_duration);
+ centry_put_nttime(centry, lockout_policy->lockout_window);
+ centry_put_uint16(centry, lockout_policy->lockout_threshold);
centry_end(centry, "LOC_POL/%s", domain->name);
-
+
DEBUG(10,("wcache_save_lockout_policy: %s\n", domain->name));
centry_free(centry);
}
-static void wcache_save_password_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_1 *policy)
+static void wcache_save_password_policy(struct winbindd_domain *domain,
+ NTSTATUS status,
+ struct samr_DomInfo1 *policy)
{
struct cache_entry *centry;
if (!centry)
return;
- centry_put_uint16(centry, policy->min_length_password);
- centry_put_uint16(centry, policy->password_history);
+ centry_put_uint16(centry, policy->min_password_length);
+ centry_put_uint16(centry, policy->password_history_length);
centry_put_uint32(centry, policy->password_properties);
- centry_put_nttime(centry, policy->expire);
- centry_put_nttime(centry, policy->min_passwordage);
+ centry_put_nttime(centry, policy->max_password_age);
+ centry_put_nttime(centry, policy->min_password_age);
centry_end(centry, "PWD_POL/%s", domain->name);
-
+
DEBUG(10,("wcache_save_password_policy: %s\n", domain->name));
centry_free(centry);
/* get lockout policy */
static NTSTATUS lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *policy){
+ struct samr_DomInfo12 *policy)
+{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
NTSTATUS status;
-
+
if (!cache->tdb)
goto do_query;
-
+
centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
-
+
if (!centry)
goto do_query;
-
- policy->duration = centry_nttime(centry);
- policy->reset_count = centry_nttime(centry);
- policy->bad_attempt_lockout = centry_uint16(centry);
-
+
+ policy->lockout_duration = centry_nttime(centry);
+ policy->lockout_window = centry_nttime(centry);
+ policy->lockout_threshold = centry_uint16(centry);
+
status = centry->status;
-
+
DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
domain->name, nt_errstr(status) ));
-
+
centry_free(centry);
return status;
-
+
do_query:
ZERO_STRUCTP(policy);
-
+
/* Return status value returned by seq number check */
if (!NT_STATUS_IS_OK(domain->last_status))
return domain->last_status;
-
+
DEBUG(10,("lockout_policy: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
-
- status = domain->backend->lockout_policy(domain, mem_ctx, policy);
-
+
+ status = domain->backend->lockout_policy(domain, mem_ctx, policy);
+
/* and save it */
refresh_sequence_number(domain, false);
wcache_save_lockout_policy(domain, status, policy);
-
+
return status;
}
-
+
/* get password policy */
static NTSTATUS password_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *policy)
+ struct samr_DomInfo1 *policy)
{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
if (!cache->tdb)
goto do_query;
-
+
centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
-
+
if (!centry)
goto do_query;
- policy->min_length_password = centry_uint16(centry);
- policy->password_history = centry_uint16(centry);
+ policy->min_password_length = centry_uint16(centry);
+ policy->password_history_length = centry_uint16(centry);
policy->password_properties = centry_uint32(centry);
- policy->expire = centry_nttime(centry);
- policy->min_passwordage = centry_nttime(centry);
+ policy->max_password_age = centry_nttime(centry);
+ policy->min_password_age = centry_nttime(centry);
status = centry->status;
if (!NT_STATUS_IS_OK(domain->last_status))
return domain->last_status;
-
+
DEBUG(10,("password_policy: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
- status = domain->backend->password_policy(domain, mem_ctx, policy);
+ status = domain->backend->password_policy(domain, mem_ctx, policy);
/* and save it */
refresh_sequence_number(domain, false);
(struct winbindd_child *)private_data;
TALLOC_CTX *mem_ctx = NULL;
struct winbindd_methods *methods;
- SAM_UNK_INFO_12 lockout_policy;
+ struct samr_DomInfo12 lockout_policy;
NTSTATUS result;
DEBUG(10,("account_lockout_policy_handler called\n"));
{
struct winbindd_methods *methods;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- SAM_UNK_INFO_1 password_policy;
+ struct samr_DomInfo1 password_policy;
if ( !winbindd_can_contact_domain( domain ) ) {
DEBUG(5,("fillup_password_policy: No inbound trust to "
}
state->response.data.auth.policy.min_length_password =
- password_policy.min_length_password;
+ password_policy.min_password_length;
state->response.data.auth.policy.password_history =
- password_policy.password_history;
+ password_policy.password_history_length;
state->response.data.auth.policy.password_properties =
password_policy.password_properties;
state->response.data.auth.policy.expire =
- nt_time_to_unix_abs(&(password_policy.expire));
- state->response.data.auth.policy.min_passwordage =
- nt_time_to_unix_abs(&(password_policy.min_passwordage));
+ nt_time_to_unix_abs((NTTIME *)&(password_policy.max_password_age));
+ state->response.data.auth.policy.min_passwordage =
+ nt_time_to_unix_abs((NTTIME *)&(password_policy.min_password_age));
return NT_STATUS_OK;
}
static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint16 *max_allowed_bad_attempts)
+ uint16 *lockout_threshold)
{
struct winbindd_methods *methods;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- SAM_UNK_INFO_12 lockout_policy;
+ struct samr_DomInfo12 lockout_policy;
- *max_allowed_bad_attempts = 0;
+ *lockout_threshold = 0;
methods = domain->methods;
return status;
}
- *max_allowed_bad_attempts = lockout_policy.bad_attempt_lockout;
+ *lockout_threshold = lockout_policy.lockout_threshold;
return NT_STATUS_OK;
}
{
struct winbindd_methods *methods;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- SAM_UNK_INFO_1 password_policy;
+ struct samr_DomInfo1 password_policy;
*password_properties = 0;
static NTSTATUS lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *policy)
+ struct samr_DomInfo12 *policy)
{
/* actually we have that */
return NT_STATUS_NOT_IMPLEMENTED;
static NTSTATUS password_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *policy)
+ struct samr_DomInfo1 *policy)
{
uint32 min_pass_len,pass_hist,password_properties;
time_t u_expire, u_min_age;
NTTIME nt_expire, nt_min_age;
uint32 account_policy_temp;
- if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) {
+ if ((policy = TALLOC_ZERO_P(mem_ctx, struct samr_DomInfo1)) == NULL) {
return NT_STATUS_NO_MEMORY;
}
unix_to_nt_time_abs(&nt_expire, u_expire);
unix_to_nt_time_abs(&nt_min_age, u_min_age);
- init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist,
- password_properties, nt_expire, nt_min_age);
+ init_samr_DomInfo1(policy,
+ (uint16)min_pass_len,
+ (uint16)pass_hist,
+ password_properties,
+ nt_expire,
+ nt_min_age);
return NT_STATUS_OK;
}
/* find the lockout policy of a domain */
static NTSTATUS lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *policy)
+ struct samr_DomInfo12 *policy)
{
NTSTATUS result;
/* find the password policy of a domain */
static NTSTATUS password_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *policy)
+ struct samr_DomInfo1 *policy)
{
NTSTATUS result;
static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
{
TALLOC_CTX *mem_ctx;
- SAM_UNK_CTR ctr;
+ union samr_DomainInfo *info = NULL;
NTSTATUS result;
POLICY_HND dom_pol;
bool got_seq_num = False;
/* Query domain info */
- result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 8, &ctr);
+ result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+ &dom_pol,
+ 8,
+ &info);
if (NT_STATUS_IS_OK(result)) {
- *seq = ctr.info.inf8.seq_num;
+ *seq = info->info8.sequence_num;
got_seq_num = True;
goto seq_num;
}
/* retry with info-level 2 in case the dc does not support info-level 8
- * (like all older samba2 and samba3 dc's - Guenther */
+ * (like all older samba2 and samba3 dc's) - Guenther */
+
+ result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+ &dom_pol,
+ 2,
+ &info);
- result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 2, &ctr);
-
if (NT_STATUS_IS_OK(result)) {
- *seq = ctr.info.inf2.seq_num;
+ *seq = info->info2.sequence_num;
got_seq_num = True;
}
}
/* find the lockout policy for a domain */
-NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
+NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *lockout_policy)
+ struct samr_DomInfo12 *lockout_policy)
{
NTSTATUS result;
struct rpc_pipe_client *cli;
POLICY_HND dom_pol;
- SAM_UNK_CTR ctr;
+ union samr_DomainInfo *info = NULL;
DEBUG(10,("rpc: fetch lockout policy for %s\n", domain->name));
goto done;
}
- result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 12, &ctr);
+ result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+ &dom_pol,
+ 12,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- *lockout_policy = ctr.info.inf12;
+ *lockout_policy = info->info12;
- DEBUG(10,("msrpc_lockout_policy: bad_attempt_lockout %d\n",
- ctr.info.inf12.bad_attempt_lockout));
+ DEBUG(10,("msrpc_lockout_policy: lockout_threshold %d\n",
+ info->info12.lockout_threshold));
done:
}
/* find the password policy for a domain */
-NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
+NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *password_policy)
+ struct samr_DomInfo1 *password_policy)
{
NTSTATUS result;
struct rpc_pipe_client *cli;
POLICY_HND dom_pol;
- SAM_UNK_CTR ctr;
+ union samr_DomainInfo *info = NULL;
DEBUG(10,("rpc: fetch password policy for %s\n", domain->name));
goto done;
}
- result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 1, &ctr);
+ result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+ &dom_pol,
+ 1,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- *password_policy = ctr.info.inf1;
+ *password_policy = info->info1;
- DEBUG(10,("msrpc_password_policy: min_length_password %d\n",
- ctr.info.inf1.min_length_password));
+ DEBUG(10,("msrpc_password_policy: min_length_password %d\n",
+ info->info1.min_password_length));
done: