summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2012-12-11 13:04:22 +0100
committerStefan Metzmacher <metze@samba.org>2012-12-11 13:59:59 +0100
commitda066ec1d7b1284461ad907a35a94f30819ecbdc (patch)
tree5e9aabdd6a9376729723d7ede7c400b2b64238c0
parent7c6b10fbb05eaa6075f01a4b4f8fb60f42d2dfa7 (diff)
downloadsamba-da066ec1d7b1284461ad907a35a94f30819ecbdc.tar.gz
samba-da066ec1d7b1284461ad907a35a94f30819ecbdc.tar.bz2
samba-da066ec1d7b1284461ad907a35a94f30819ecbdc.zip
s4:dsdb/password_hash: do the min password age checks first
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c24
1 files changed, 13 insertions, 11 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 4644628b9f..9bf596c3bc 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1954,6 +1954,19 @@ static int check_password_restrictions(struct setup_password_fields_io *io)
return LDB_SUCCESS;
}
+ /* Password minimum age: yes, this is a minus. The ages are in negative 100nsec units! */
+ if ((io->u.pwdLastSet - io->ac->status->domain_data.minPwdAge > io->g.last_set) &&
+ !io->ac->pwd_reset)
+ {
+ ret = LDB_ERR_CONSTRAINT_VIOLATION;
+ ldb_asprintf_errstring(ldb,
+ "%08X: %s - check_password_restrictions: "
+ "password is too young to change!",
+ W_ERROR_V(WERR_PASSWORD_RESTRICTION),
+ ldb_strerror(ret));
+ return ret;
+ }
+
/*
* Fundamental password checks done by the call
* "samdb_check_password".
@@ -2064,17 +2077,6 @@ static int check_password_restrictions(struct setup_password_fields_io *io)
return ret;
}
- /* Password minimum age: yes, this is a minus. The ages are in negative 100nsec units! */
- if (io->u.pwdLastSet - io->ac->status->domain_data.minPwdAge > io->g.last_set) {
- ret = LDB_ERR_CONSTRAINT_VIOLATION;
- ldb_asprintf_errstring(ldb,
- "%08X: %s - check_password_restrictions: "
- "password is too young to change!",
- W_ERROR_V(WERR_PASSWORD_RESTRICTION),
- ldb_strerror(ret));
- return ret;
- }
-
return LDB_SUCCESS;
}