diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-05-17 13:41:01 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-05-18 13:20:22 +1000 |
commit | b183a30b2b3983a7f827dc6fd44eb16ac64904ce (patch) | |
tree | e48bb1f357b795a0f318d562e86a459e02af4823 | |
parent | 6324a0f59f78dff6501627518824e708aa3dc257 (diff) | |
download | samba-b183a30b2b3983a7f827dc6fd44eb16ac64904ce.tar.gz samba-b183a30b2b3983a7f827dc6fd44eb16ac64904ce.tar.bz2 samba-b183a30b2b3983a7f827dc6fd44eb16ac64904ce.zip |
s4:credentials Add in tracking of the password last set time
We perhaps need a more general API here, but for now extend the
credentials API to return the password last changed time that the
s3compat layer will need.
Andrew Bartlett
-rw-r--r-- | source4/auth/credentials/credentials.c | 19 | ||||
-rw-r--r-- | source4/auth/credentials/credentials.h | 4 | ||||
-rw-r--r-- | source4/auth/credentials/credentials_files.c | 11 |
3 files changed, 33 insertions, 1 deletions
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c index 6f7630a206..a129efe919 100644 --- a/source4/auth/credentials/credentials.c +++ b/source4/auth/credentials/credentials.c @@ -752,6 +752,25 @@ _PUBLIC_ void cli_credentials_set_secure_channel_type(struct cli_credentials *cr * Return NETLOGON secure chanel type */ +_PUBLIC_ time_t cli_credentials_get_password_last_changed_time(struct cli_credentials *cred) +{ + return cred->password_last_changed_time; +} + +/** + * Set NETLOGON secure channel type + */ + +_PUBLIC_ void cli_credentials_set_password_last_changed_time(struct cli_credentials *cred, + time_t last_changed_time) +{ + cred->password_last_changed_time = last_changed_time; +} + +/** + * Return NETLOGON secure chanel type + */ + _PUBLIC_ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred) { return cred->secure_channel_type; diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h index ab4ee2f217..c4c7d3f246 100644 --- a/source4/auth/credentials/credentials.h +++ b/source4/auth/credentials/credentials.h @@ -107,6 +107,7 @@ struct cli_credentials { struct netlogon_creds_CredentialState *netlogon_creds; enum netr_SchannelType secure_channel_type; int kvno; + time_t password_last_changed_time; struct smb_krb5_context *smb_krb5_context; @@ -218,6 +219,8 @@ bool cli_credentials_set_realm(struct cli_credentials *cred, enum credentials_obtained obtained); void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, enum netr_SchannelType secure_channel_type); +void cli_credentials_set_password_last_changed_time(struct cli_credentials *cred, + time_t last_change_time); void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, struct netlogon_creds_CredentialState *netlogon_creds); NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, @@ -239,6 +242,7 @@ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credential bool cli_credentials_set_password_callback(struct cli_credentials *cred, const char *(*password_cb) (struct cli_credentials *)); enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred); +time_t cli_credentials_get_password_last_changed_time(struct cli_credentials *cred); void cli_credentials_set_kvno(struct cli_credentials *cred, int kvno); bool cli_credentials_set_nt_hash(struct cli_credentials *cred, diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index 6ddee9e3ef..2e88cf4c4e 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -210,7 +210,8 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, enum netr_SchannelType sct; const char *salt_principal; const char *keytab; - + const struct ldb_val *whenChanged; + /* ok, we are going to get it now, don't recurse back here */ cred->machine_account_pending = false; @@ -314,6 +315,14 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, cli_credentials_set_kvno(cred, ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0)); + whenChanged = ldb_msg_find_ldb_val(msg, "whenChanged"); + if (whenChanged) { + time_t lct; + if (ldb_val_to_time(whenChanged, &lct) == LDB_SUCCESS) { + cli_credentials_set_password_last_changed_time(cred, lct); + } + } + /* If there was an external keytab specified by reference in * the LDB, then use this. Otherwise we will make one up * (chewing CPU time) from the password */ |