summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-11-15 13:27:14 -0800
committerJeremy Allison <jra@samba.org>2011-11-16 00:22:41 +0100
commit3ede4ffe969f806ba2363b62c09673c32a4ec296 (patch)
tree42c38a87a34962c8b908e3a194cb99d62886571a
parent65566dfa8629136eaf0dc1491502dc651d1a4858 (diff)
downloadsamba-3ede4ffe969f806ba2363b62c09673c32a4ec296.tar.gz
samba-3ede4ffe969f806ba2363b62c09673c32a4ec296.tar.bz2
samba-3ede4ffe969f806ba2363b62c09673c32a4ec296.zip
Fix bug #8561 - Password change settings not fully observed.
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Nov 16 00:22:41 CET 2011 on sn-devel-104
-rw-r--r--source3/include/passdb.h1
-rw-r--r--source3/passdb/pdb_get_set.c38
-rw-r--r--source3/rpc_server/samr/srv_samr_nt.c2
3 files changed, 36 insertions, 5 deletions
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 37d35cfee3..598036438c 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -708,6 +708,7 @@ bool pdb_set_group_sid_from_rid (struct samu *sampass, uint32_t grid, enum pdb_v
/* The following definitions come from passdb/pdb_get_set.c */
+bool pdb_is_password_change_time_max(time_t test_time);
uint32_t pdb_get_acct_ctrl(const struct samu *sampass);
time_t pdb_get_logon_time(const struct samu *sampass);
time_t pdb_get_logoff_time(const struct samu *sampass);
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index cf79a7f83a..540435fa70 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -40,6 +40,36 @@
#define PDB_NOT_QUITE_NULL ""
/*********************************************************************
+ Test if a change time is a max value. Copes with old and new values
+ of max.
+ ********************************************************************/
+
+bool pdb_is_password_change_time_max(time_t test_time)
+{
+ if (test_time == get_time_t_max()) {
+ return true;
+ }
+#if (defined(SIZEOF_TIME_T) && (SIZEOF_TIME_T == 8))
+ if (test_time == 0x7FFFFFFFFFFFFFFFLL) {
+ return true;
+ }
+#endif
+ if (test_time == 0x7FFFFFFF) {
+ return true;
+ }
+ return false;
+}
+
+/*********************************************************************
+ Return an unchanging version of max password change time - 0x7FFFFFFF.
+ ********************************************************************/
+
+time_t pdb_password_change_time_max(void)
+{
+ return 0x7FFFFFFF;
+}
+
+/*********************************************************************
Collection of get...() functions for struct samu.
********************************************************************/
@@ -87,7 +117,7 @@ time_t pdb_get_pass_can_change_time(const struct samu *sampass)
we're trying to update this real value from the sampass
to indicate that the user cannot change their password. jmcd
*/
- if (sampass->pass_can_change_time == get_time_t_max() &&
+ if (pdb_is_password_change_time_max(sampass->pass_can_change_time) &&
IS_SAM_CHANGED(sampass, PDB_CANCHANGETIME))
return sampass->pass_can_change_time;
@@ -113,7 +143,7 @@ time_t pdb_get_pass_must_change_time(const struct samu *sampass)
return (time_t) 0;
if (sampass->acct_ctrl & ACB_PWNOEXP)
- return get_time_t_max();
+ return pdb_password_change_time_max();
if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire)
|| expire == (uint32_t)-1 || expire == 0)
@@ -124,7 +154,7 @@ time_t pdb_get_pass_must_change_time(const struct samu *sampass)
bool pdb_get_pass_can_change(const struct samu *sampass)
{
- if (sampass->pass_can_change_time == get_time_t_max())
+ if (pdb_is_password_change_time_max(sampass->pass_can_change_time))
return False;
return True;
}
@@ -959,7 +989,7 @@ bool pdb_set_backend_private_data(struct samu *sampass, void *private_data,
bool pdb_set_pass_can_change(struct samu *sampass, bool canchange)
{
return pdb_set_pass_can_change_time(sampass,
- canchange ? 0 : get_time_t_max(),
+ canchange ? 0 : pdb_password_change_time_max(),
PDB_CHANGED);
}
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index 58892b7443..ebe6e451d4 100644
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -2855,7 +2855,7 @@ static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx,
unix_to_nt_time(&r->allow_password_change, pdb_get_pass_can_change_time(pw));
must_change_time = pdb_get_pass_must_change_time(pw);
- if (must_change_time == get_time_t_max()) {
+ if (pdb_is_password_change_time_max(must_change_time)) {
unix_to_nt_time_abs(&force_password_change, must_change_time);
} else {
unix_to_nt_time(&force_password_change, must_change_time);