diff options
author | Jeremy Allison <jra@samba.org> | 2011-11-15 13:27:14 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2011-11-16 00:22:41 +0100 |
commit | 3ede4ffe969f806ba2363b62c09673c32a4ec296 (patch) | |
tree | 42c38a87a34962c8b908e3a194cb99d62886571a | |
parent | 65566dfa8629136eaf0dc1491502dc651d1a4858 (diff) | |
download | samba-3ede4ffe969f806ba2363b62c09673c32a4ec296.tar.gz samba-3ede4ffe969f806ba2363b62c09673c32a4ec296.tar.bz2 samba-3ede4ffe969f806ba2363b62c09673c32a4ec296.zip |
Fix bug #8561 - Password change settings not fully observed.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 16 00:22:41 CET 2011 on sn-devel-104
-rw-r--r-- | source3/include/passdb.h | 1 | ||||
-rw-r--r-- | source3/passdb/pdb_get_set.c | 38 | ||||
-rw-r--r-- | source3/rpc_server/samr/srv_samr_nt.c | 2 |
3 files changed, 36 insertions, 5 deletions
diff --git a/source3/include/passdb.h b/source3/include/passdb.h index 37d35cfee3..598036438c 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -708,6 +708,7 @@ bool pdb_set_group_sid_from_rid (struct samu *sampass, uint32_t grid, enum pdb_v /* The following definitions come from passdb/pdb_get_set.c */ +bool pdb_is_password_change_time_max(time_t test_time); uint32_t pdb_get_acct_ctrl(const struct samu *sampass); time_t pdb_get_logon_time(const struct samu *sampass); time_t pdb_get_logoff_time(const struct samu *sampass); diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index cf79a7f83a..540435fa70 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -40,6 +40,36 @@ #define PDB_NOT_QUITE_NULL "" /********************************************************************* + Test if a change time is a max value. Copes with old and new values + of max. + ********************************************************************/ + +bool pdb_is_password_change_time_max(time_t test_time) +{ + if (test_time == get_time_t_max()) { + return true; + } +#if (defined(SIZEOF_TIME_T) && (SIZEOF_TIME_T == 8)) + if (test_time == 0x7FFFFFFFFFFFFFFFLL) { + return true; + } +#endif + if (test_time == 0x7FFFFFFF) { + return true; + } + return false; +} + +/********************************************************************* + Return an unchanging version of max password change time - 0x7FFFFFFF. + ********************************************************************/ + +time_t pdb_password_change_time_max(void) +{ + return 0x7FFFFFFF; +} + +/********************************************************************* Collection of get...() functions for struct samu. ********************************************************************/ @@ -87,7 +117,7 @@ time_t pdb_get_pass_can_change_time(const struct samu *sampass) we're trying to update this real value from the sampass to indicate that the user cannot change their password. jmcd */ - if (sampass->pass_can_change_time == get_time_t_max() && + if (pdb_is_password_change_time_max(sampass->pass_can_change_time) && IS_SAM_CHANGED(sampass, PDB_CANCHANGETIME)) return sampass->pass_can_change_time; @@ -113,7 +143,7 @@ time_t pdb_get_pass_must_change_time(const struct samu *sampass) return (time_t) 0; if (sampass->acct_ctrl & ACB_PWNOEXP) - return get_time_t_max(); + return pdb_password_change_time_max(); if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire) || expire == (uint32_t)-1 || expire == 0) @@ -124,7 +154,7 @@ time_t pdb_get_pass_must_change_time(const struct samu *sampass) bool pdb_get_pass_can_change(const struct samu *sampass) { - if (sampass->pass_can_change_time == get_time_t_max()) + if (pdb_is_password_change_time_max(sampass->pass_can_change_time)) return False; return True; } @@ -959,7 +989,7 @@ bool pdb_set_backend_private_data(struct samu *sampass, void *private_data, bool pdb_set_pass_can_change(struct samu *sampass, bool canchange) { return pdb_set_pass_can_change_time(sampass, - canchange ? 0 : get_time_t_max(), + canchange ? 0 : pdb_password_change_time_max(), PDB_CHANGED); } diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c index 58892b7443..ebe6e451d4 100644 --- a/source3/rpc_server/samr/srv_samr_nt.c +++ b/source3/rpc_server/samr/srv_samr_nt.c @@ -2855,7 +2855,7 @@ static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, unix_to_nt_time(&r->allow_password_change, pdb_get_pass_can_change_time(pw)); must_change_time = pdb_get_pass_must_change_time(pw); - if (must_change_time == get_time_t_max()) { + if (pdb_is_password_change_time_max(must_change_time)) { unix_to_nt_time_abs(&force_password_change, must_change_time); } else { unix_to_nt_time(&force_password_change, must_change_time); |