summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-05-17 13:41:01 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-05-18 13:20:22 +1000
commitb183a30b2b3983a7f827dc6fd44eb16ac64904ce (patch)
treee48bb1f357b795a0f318d562e86a459e02af4823
parent6324a0f59f78dff6501627518824e708aa3dc257 (diff)
downloadsamba-b183a30b2b3983a7f827dc6fd44eb16ac64904ce.tar.gz
samba-b183a30b2b3983a7f827dc6fd44eb16ac64904ce.tar.bz2
samba-b183a30b2b3983a7f827dc6fd44eb16ac64904ce.zip
s4:credentials Add in tracking of the password last set time
We perhaps need a more general API here, but for now extend the credentials API to return the password last changed time that the s3compat layer will need. Andrew Bartlett
-rw-r--r--source4/auth/credentials/credentials.c19
-rw-r--r--source4/auth/credentials/credentials.h4
-rw-r--r--source4/auth/credentials/credentials_files.c11
3 files changed, 33 insertions, 1 deletions
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index 6f7630a206..a129efe919 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -752,6 +752,25 @@ _PUBLIC_ void cli_credentials_set_secure_channel_type(struct cli_credentials *cr
* Return NETLOGON secure chanel type
*/
+_PUBLIC_ time_t cli_credentials_get_password_last_changed_time(struct cli_credentials *cred)
+{
+ return cred->password_last_changed_time;
+}
+
+/**
+ * Set NETLOGON secure channel type
+ */
+
+_PUBLIC_ void cli_credentials_set_password_last_changed_time(struct cli_credentials *cred,
+ time_t last_changed_time)
+{
+ cred->password_last_changed_time = last_changed_time;
+}
+
+/**
+ * Return NETLOGON secure chanel type
+ */
+
_PUBLIC_ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred)
{
return cred->secure_channel_type;
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index ab4ee2f217..c4c7d3f246 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -107,6 +107,7 @@ struct cli_credentials {
struct netlogon_creds_CredentialState *netlogon_creds;
enum netr_SchannelType secure_channel_type;
int kvno;
+ time_t password_last_changed_time;
struct smb_krb5_context *smb_krb5_context;
@@ -218,6 +219,8 @@ bool cli_credentials_set_realm(struct cli_credentials *cred,
enum credentials_obtained obtained);
void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
enum netr_SchannelType secure_channel_type);
+void cli_credentials_set_password_last_changed_time(struct cli_credentials *cred,
+ time_t last_change_time);
void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
struct netlogon_creds_CredentialState *netlogon_creds);
NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
@@ -239,6 +242,7 @@ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credential
bool cli_credentials_set_password_callback(struct cli_credentials *cred,
const char *(*password_cb) (struct cli_credentials *));
enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred);
+time_t cli_credentials_get_password_last_changed_time(struct cli_credentials *cred);
void cli_credentials_set_kvno(struct cli_credentials *cred,
int kvno);
bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index 6ddee9e3ef..2e88cf4c4e 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -210,7 +210,8 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
enum netr_SchannelType sct;
const char *salt_principal;
const char *keytab;
-
+ const struct ldb_val *whenChanged;
+
/* ok, we are going to get it now, don't recurse back here */
cred->machine_account_pending = false;
@@ -314,6 +315,14 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
cli_credentials_set_kvno(cred, ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0));
+ whenChanged = ldb_msg_find_ldb_val(msg, "whenChanged");
+ if (whenChanged) {
+ time_t lct;
+ if (ldb_val_to_time(whenChanged, &lct) == LDB_SUCCESS) {
+ cli_credentials_set_password_last_changed_time(cred, lct);
+ }
+ }
+
/* If there was an external keytab specified by reference in
* the LDB, then use this. Otherwise we will make one up
* (chewing CPU time) from the password */