diff options
author | Jeremy Allison <jra@samba.org> | 2011-05-23 17:14:47 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2011-05-24 20:14:35 +0200 |
commit | 309a8fd7c62e7008b1a4c4c77c3a9ea35ed4bb07 (patch) | |
tree | 293872e001f357c69e8453e7e19caa9336e5b392 /source3/rpc_server | |
parent | 53829fd4951fc1189d64ecef1c1f58d21f0fb38b (diff) | |
download | samba-309a8fd7c62e7008b1a4c4c77c3a9ea35ed4bb07.tar.gz samba-309a8fd7c62e7008b1a4c4c77c3a9ea35ed4bb07.tar.bz2 samba-309a8fd7c62e7008b1a4c4c77c3a9ea35ed4bb07.zip |
Fix bug #7054 - X account flag does not work when pwdlastset is 0.
Don't allow pass_last_set_time to be set to zero (which means
"user must change password on next logon") if user object doesn't
allow password change.
Don't automatically allow user object password change if
"user must change password on next logon" is set.
Jim please check.
Jeremy.
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/samr/srv_samr_util.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/rpc_server/samr/srv_samr_util.c b/source3/rpc_server/samr/srv_samr_util.c index 29123321f8..d052846b2e 100644 --- a/source3/rpc_server/samr/srv_samr_util.c +++ b/source3/rpc_server/samr/srv_samr_util.c @@ -612,7 +612,16 @@ void copy_id21_to_sam_passwd(const char *log_prefix, DEBUG(10,("%s SAMR_FIELD_EXPIRED_FLAG: %02X\n", l, from->password_expired)); if (from->password_expired != 0) { - pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); + /* Only allow the set_time to zero (which means + "User Must Change Password on Next Login" + if the user object allows password change. */ + if (pdb_get_pass_can_change(to)) { + pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); + } else { + DEBUG(10,("%s Disallowing set of 'User Must " + "Change Password on Next Login' as " + "user object disallows this.\n", l)); + } } else { /* A subtlety here: some windows commands will clear the expired flag even though it's not |