diff options
| author | Jim McDonough <jmcd@samba.org> | 2006-10-03 17:14:18 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:15:06 -0500 |
| commit | dc1f0804dd8177d3c3a0b2db993855d5679e9565 (patch) | |
| tree | 9893078628f8963ca854411001cd3c7fdcff998d /source3/passdb/pdb_interface.c | |
| parent | b96aae779bdbd96677aef58d205282605046a8a6 (diff) | |
| download | samba-dc1f0804dd8177d3c3a0b2db993855d5679e9565.tar.gz samba-dc1f0804dd8177d3c3a0b2db993855d5679e9565.tar.bz2 samba-dc1f0804dd8177d3c3a0b2db993855d5679e9565.zip | |
r19058: Implement "user cannot change password", and complete "user must change
password at next logon" code. The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it. The "can change" and "must change" times are now calculated
based on the "last set" time and policies.
We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero). Based on this, we set the password-can-change bit in the
faked secdesc.
(This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
Diffstat (limited to 'source3/passdb/pdb_interface.c')
| -rw-r--r-- | source3/passdb/pdb_interface.c | 41 |
1 files changed, 1 insertions, 40 deletions
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 7252ea4c8c..73f538214d 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -48,43 +48,6 @@ static BOOL lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, const char **name, enum lsa_SidType *psid_name_use, union unid_t *unix_id); -/******************************************************************* - Clean up uninitialised passwords. The only way to tell - that these values are not 'real' is that they do not - have a valid last set time. Instead, the value is fixed at 0. - Therefore we use that as the key for 'is this a valid password'. - However, it is perfectly valid to have a 'default' last change - time, such LDAP with a missing attribute would produce. -********************************************************************/ - -static void pdb_force_pw_initialization(struct samu *pass) -{ - const uint8 *lm_pwd, *nt_pwd; - - /* only reset a password if the last set time has been - explicitly been set to zero. A default last set time - is ignored */ - - if ( (pdb_get_init_flags(pass, PDB_PASSLASTSET) != PDB_DEFAULT) - && (pdb_get_pass_last_set_time(pass) == 0) ) - { - - if (pdb_get_init_flags(pass, PDB_LMPASSWD) != PDB_DEFAULT) - { - lm_pwd = pdb_get_lanman_passwd(pass); - if (lm_pwd) - pdb_set_lanman_passwd(pass, NULL, PDB_CHANGED); - } - if (pdb_get_init_flags(pass, PDB_NTPASSWD) != PDB_DEFAULT) - { - nt_pwd = pdb_get_nt_passwd(pass); - if (nt_pwd) - pdb_set_nt_passwd(pass, NULL, PDB_CHANGED); - } - } - - return; -} NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init) { @@ -250,7 +213,7 @@ BOOL pdb_getsampwent(struct samu *user) if ( !NT_STATUS_IS_OK(pdb->getsampwent(pdb, user) ) ) { return False; } - pdb_force_pw_initialization( user ); + return True; } @@ -266,8 +229,6 @@ BOOL pdb_getsampwnam(struct samu *sam_acct, const char *username) TALLOC_FREE(csamuser); } - pdb_force_pw_initialization( sam_acct ); - csamuser = samu_new( NULL ); if (!csamuser) { return False; |