summaryrefslogtreecommitdiff
path: root/source3/nsswitch/pam_winbind.c
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2006-02-07 17:18:29 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:09:56 -0500
commit9cdab6ddc0ab8c9be7f257f971e14e7f2958bb95 (patch)
tree88df827b7c3e7eb31dae860d6d32419bdd5e7024 /source3/nsswitch/pam_winbind.c
parent0b09d4b2f650e23f79e93433de4c1795c9382795 (diff)
downloadsamba-9cdab6ddc0ab8c9be7f257f971e14e7f2958bb95.tar.gz
samba-9cdab6ddc0ab8c9be7f257f971e14e7f2958bb95.tar.bz2
samba-9cdab6ddc0ab8c9be7f257f971e14e7f2958bb95.zip
r13375: Match XP behaviour: Don't force 'Administrator' to change an expired
password on logon. (this might be true for all domain admins as well). Guenther (This used to be commit 24c6b9fecb521380008cb44e6d987a6f495027dc)
Diffstat (limited to 'source3/nsswitch/pam_winbind.c')
-rw-r--r--source3/nsswitch/pam_winbind.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 57e05dc4bb..0141c3fafa 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -419,7 +419,8 @@ static int winbind_auth_request(pam_handle_t * pamh,
/* handle the case where the auth was ok, but the password must expire right now */
/* good catch from Ralf Haferkamp: an expiry of "never" is translated to -1 */
- if ((response.data.auth.policy.expire > 0) &&
+ if ((response.data.auth.info3.user_rid != DOMAIN_USER_RID_ADMIN ) &&
+ (response.data.auth.policy.expire > 0) &&
(response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire < time(NULL))) {
ret = PAM_AUTHTOK_EXPIRED;
@@ -435,7 +436,8 @@ static int winbind_auth_request(pam_handle_t * pamh,
}
/* warn a user if the password is about to expire soon */
- if ((response.data.auth.policy.expire) &&
+ if ((response.data.auth.info3.user_rid != DOMAIN_USER_RID_ADMIN ) &&
+ (response.data.auth.policy.expire) &&
(response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire > time(NULL) ) ) {
int days = response.data.auth.policy.expire / SECONDS_PER_DAY;