--Boundary-00=_nO2rBFISEJ/zV54
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hello,

I had to change my users "Must change password time" property in domains and I
noticed that pdbedit is not capable of doing it. So I created the attached
patch that add this feature (also the "Can change password time" property).
I introduced several new command line options (only long format, didn't know
what the policy is with the one character switches).
I used BIT_RESERV_2 BIT_RESERV_3 for my purposes.
Otherwise, the patch is quite self-explaining.

If you think it's worthy, please integrate it.

br

Szo

--Boundary-00=_nO2rBFISEJ/zV54
Content-Type: text/x-diff;
charset="us-ascii";
name="pdbedit.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="pdbedit.patch"

--- pdbedit.c.orig 2004-12-02 19:21:10.000000000 +0100
+++ pdbedit.c 2004-12-02 19:28:34.000000000 +0100
@@ -27,8 +27,8 @@
#define BIT_VERBOSE 0x00000008
#define BIT_SPSTYLE 0x00000010
#define BIT_RESERV_1 0x00000020
-#define BIT_RESERV_2 0x00000040
-#define BIT_RESERV_3 0x00000080
+#define BIT_CAN_CHANGE 0x00000040
+#define BIT_MUST_CHANGE 0x00000080
#define BIT_FULLNAME 0x00000100
#define BIT_HOMEDIR 0x00000200
#define BIT_HDIRDRIVE 0x00000400
@@ -52,7 +52,7 @@
#define BIT_LOGONHOURS 0x10000000

#define MASK_ALWAYS_GOOD 0x0000001F
-#define MASK_USER_GOOD 0x00401F00
+#define MASK_USER_GOOD 0x00401FC0

/************************************************** *******
Add all currently available users to another db
@@ -302,7 +302,8 @@
const char *drive, const char *script,
const char *profile, const char *account_control,
const char *user_sid, const char *group_sid,
- const BOOL badpw, const BOOL hours)
+ const BOOL badpw, const BOOL hours, time_t must_change_time_unix,
+ time_t can_change_time_unix)
{
BOOL updated_autolock = False, updated_badpw = False;
SAM_ACCOUNT *sam_pwent=NULL;
@@ -345,6 +346,10 @@
pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
if (profile)
pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
+ if (must_change_time_unix != -1)
+ pdb_set_pass_must_change_time(sam_pwent, must_change_time_unix, PDB_SET);
+ if (can_change_time_unix != -1)
+ pdb_set_pass_can_change_time(sam_pwent, can_change_time_unix, PDB_SET);

if (account_control) {
uint16 not_settable = ~(ACB_DISABLED|ACB_HOMDIRREQ|ACB_PWNOTREQ|
@@ -650,6 +655,11 @@
BOOL account_policy_value_set = False;
static BOOL badpw_reset = False;
static BOOL hours_reset = False;
+ static char *can_change_time = NULL;
+ static char *must_change_time = NULL;
+ static char *time_format = NULL;
+ static time_t can_change_time_unix = -1;
+ static time_t must_change_time_unix = -1;

struct pdb_context *bin;
struct pdb_context *bout;
@@ -682,6 +692,11 @@
{"force-initialized-passwords", 0, POPT_ARG_NONE, &force_initialised_password, 0, "Force initialization of corrupt password strings in a passdb backend", NULL},
{"bad-password-count-reset", 'z', POPT_ARG_NONE, &badpw_reset, 0, "reset bad password count", NULL},
{"logon-hours-reset", 'Z', POPT_ARG_NONE, &hours_reset, 0, "reset logon hours", NULL},
+ {"can-change-time", 0, POPT_ARG_STRING, &can_change_time, 0, "Set password can change time", NULL},
+ {"must-change-time", 0, POPT_ARG_STRING, &must_change_time, 0, "Set password must change time", NULL},
+ {"time-format", 0, POPT_ARG_STRING, &time_format, 0, "The time format of the parameter can-change-time and must_change_time", NULL},
+ {"can-change-time-unix", 0, POPT_ARG_LONG, &can_change_time_unix, 0, "Set password can change time in unix Epoch format", NULL},
+ {"must-change-time-unix", 0, POPT_ARG_LONG, &must_change_time_unix, 0, "Set password must change time in unix Epoch format", NULL},
POPT_COMMON_SAMBA
POPT_TABLEEND
};
@@ -736,7 +751,9 @@
(backend_in ? BIT_IMPORT : 0) +
(backend_out ? BIT_EXPORT : 0) +
(badpw_reset ? BIT_BADPWRESET : 0) +
- (hours_reset ? BIT_LOGONHOURS : 0);
+ (hours_reset ? BIT_LOGONHOURS : 0) +
+ (can_change_time || (can_change_time_unix != -1) ? BIT_CAN_CHANGE : 0) +
+ (must_change_time || (must_change_time_unix != -1) ? BIT_MUST_CHANGE : 0);

if (setparms & BIT_BACKEND) {
if (!NT_STATUS_IS_OK(make_pdb_context_string(&bdef, backend))) {
@@ -876,6 +893,68 @@
}
}

+ /* Password can change operation */
+ if(can_change_time && (can_change_time_unix != -1))
+ {
+ fprintf (stderr, "Use either --can-change-time or --can-change-time-unix, not both!\n");
+ return -1;
+ }
+
+ if(can_change_time)
+ {
+ struct tm tm;
+ memset(&tm, 0, sizeof(tm));
+ if(!time_format)
+ {
+ fprintf (stderr, "Time format required!\n (use the --time_format option)\n");
+ return -1;
+ }
+ if(NULL == strptime(can_change_time, time_format, &tm))
+ {
+ fprintf (stderr, "Error parsing the time in can-change-time!\n");
+ return -1;
+ }
+
+ can_change_time_unix = mktime(&tm);
+
+ if(-1 == can_change_time_unix)
+ {
+ fprintf (stderr, "Error parsing the time in can-change-time!\n");
+ return -1;
+ }
+ }
+
+ /* Password must change operation */
+ if(must_change_time && (must_change_time_unix != -1))
+ {
+ fprintf (stderr, "Use either --must-change-time or --must-change-time-unix, not both!\n");
+ return -1;
+ }
+
+ if(must_change_time)
+ {
+ struct tm tm;
+ memset(&tm, 0, sizeof(tm));
+ if(!time_format)
+ {
+ fprintf (stderr, "Time format required!\n (use the --time_format option)\n");
+ return -1;
+ }
+ if(NULL == strptime(must_change_time, time_format, &tm))
+ {
+ fprintf (stderr, "Error parsing the time in must-change-time!\n");
+ return -1;
+ }
+
+ must_change_time_unix = mktime(&tm);
+
+ if(-1 == must_change_time_unix)
+ {
+ fprintf (stderr, "Error parsing the time in must-change-time!\n");
+ return -1;
+ }
+ }
+
/* account deletion operations */
if (!(checkparms & ~(BIT_DELETE + BIT_USER + BIT_MACHINE))) {
if (checkparms & BIT_MACHINE) {
@@ -893,7 +972,8 @@
logon_script,
profile_path, account_control,
user_sid, group_sid,
- badpw_reset, hours_reset);
+ badpw_reset, hours_reset, must_change_time_unix,
+ can_change_time_unix);
}
}


--Boundary-00=_nO2rBFISEJ/zV54--