diff options
author | Volker Lendecke <vl@samba.org> | 2008-03-20 21:58:39 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2008-03-20 23:19:33 +0100 |
commit | dd80c452a2fd794823f1ccb6a391bb78681213f4 (patch) | |
tree | bc3f04bec1f9af077b510e9dbca3068008bba890 | |
parent | be2fab1fefa5cc2f0b6d0f880215e09405e0bb29 (diff) | |
download | samba-dd80c452a2fd794823f1ccb6a391bb78681213f4.tar.gz samba-dd80c452a2fd794823f1ccb6a391bb78681213f4.tar.bz2 samba-dd80c452a2fd794823f1ccb6a391bb78681213f4.zip |
A level 25 setuserinfo does change the pwdlastset
(This used to be commit f65cb5d4b51e2e7b9b16b73e47cd2a8d55d5d4b0)
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index f38a8fcfc0..eeb3e400dd 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3863,7 +3863,8 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, set_user_info_pw ********************************************************************/ -static bool set_user_info_pw(uint8 *pass, struct samu *pwd) +static bool set_user_info_pw(uint8 *pass, struct samu *pwd, + int level) { uint32 len = 0; char *plaintext_buf = NULL; @@ -3925,8 +3926,20 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd) memset(plaintext_buf, '\0', strlen(plaintext_buf)); - /* restore last set time as this is an admin change, not a user pw change */ - pdb_set_pass_last_set_time (pwd, last_set_time, last_set_state); + /* + * A level 25 change does reset the pwdlastset field, a level 24 + * change does not. I know this is probably not the full story, but + * it is needed to make XP join LDAP correctly, without it the later + * auth2 check can fail with PWD_MUST_CHANGE. + */ + if (level != 25) { + /* + * restore last set time as this is an admin change, not a + * user pw change + */ + pdb_set_pass_last_set_time (pwd, last_set_time, + last_set_state); + } DEBUG(5,("set_user_info_pw: pdb_update_pwd()\n")); @@ -4147,7 +4160,8 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name, dump_data(100, info->info24.password.data, 516); - if (!set_user_info_pw(info->info24.password.data, pwd)) { + if (!set_user_info_pw(info->info24.password.data, pwd, + switch_value)) { status = NT_STATUS_ACCESS_DENIED; } break; @@ -4166,7 +4180,8 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name, if (!NT_STATUS_IS_OK(status)) { goto done; } - if (!set_user_info_pw(info->info25.password.data, pwd)) { + if (!set_user_info_pw(info->info25.password.data, pwd, + switch_value)) { status = NT_STATUS_ACCESS_DENIED; } break; @@ -4180,7 +4195,8 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name, dump_data(100, info->info26.password.data, 516); - if (!set_user_info_pw(info->info26.password.data, pwd)) { + if (!set_user_info_pw(info->info26.password.data, pwd, + switch_value)) { status = NT_STATUS_ACCESS_DENIED; } break; |