r23616: Fix bugzilla #4719: must change password is not set from usrmgr.exe.

This was only affecting the newer versions of usrmgr.exe, because they
use a user_info_25 struct.  The password is getting set separately
inside that code, so the password last set time was getting set from the
password change logic.

We also were not parsing a number of fields (like logon hours) from the
user_info_25.  That should also be fixed.
(This used to be commit afabd68b6ae874aceba708dc36808ed007ad496c)

2 files changed, 52 insertions, 0 deletions

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index b392f289a8..e28fc59136 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -3357,11 +3357,17 @@ static BOOL set_user_info_pw(uint8 *pass, struct samu *pwd)
 	uint32 len;
 	pstring plaintext_buf;
 	uint32 acct_ctrl;
+	time_t last_set_time;
+	enum pdb_value_state last_set_state;
  
 	DEBUG(5, ("Attempting administrator password change for user %s\n",
 		  pdb_get_username(pwd)));
 
 	acct_ctrl = pdb_get_acct_ctrl(pwd);
+	/* we need to know if it's expired, because this is an admin change, not a
+	   user change, so it's still expired when we're done */
+	last_set_state = pdb_get_init_flags(pwd, PDB_PASSLASTSET);
+	last_set_time = pdb_get_pass_last_set_time(pwd);
 
 	ZERO_STRUCT(plaintext_buf);
  
@@ -3404,6 +3410,9 @@ static BOOL set_user_info_pw(uint8 *pass, struct samu *pwd)
  
 	ZERO_STRUCT(plaintext_buf);
  
+	/* restore last set time as this is an admin change, not a user pw change */
+	pdb_set_pass_last_set_time (pwd, last_set_time, last_set_state);
+ 
 	DEBUG(5,("set_user_info_pw: pdb_update_pwd()\n"));
  
 	/* update the SAMBA password */
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c
index 8acc1785ef..42ad462ee7 100644
--- a/source3/rpc_server/srv_samr_util.c
+++ b/source3/rpc_server/srv_samr_util.c
@@ -670,4 +670,47 @@ void copy_id25_to_sam_passwd(struct samu *to, SAM_USER_INFO_25 *from)
 			pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
 		}
 	}
+
+	if (from->fields_present & ACCT_LOGON_HOURS) {
+		DEBUG(15,("INFO_25 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
+		if (from->logon_divs != pdb_get_logon_divs(to)) {
+			pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
+		}
+
+		DEBUG(15,("INFO_25 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
+		if (from->logon_hrs.len != pdb_get_hours_len(to)) {
+			pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
+		}
+
+		DEBUG(15,("INFO_25 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
+		/* Fix me: only update if it changes --metze */
+		pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
+	}
+
+	if (from->fields_present & ACCT_BAD_PWD_COUNT) {
+		DEBUG(10,("INFO_25 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count));
+		if (from->bad_password_count != pdb_get_bad_password_count(to)) {
+			pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED);
+		}
+	}
+
+	if (from->fields_present & ACCT_NUM_LOGONS) {
+		DEBUG(10,("INFO_25 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count));
+		if (from->logon_count != pdb_get_logon_count(to)) {
+			pdb_set_logon_count(to, from->logon_count, PDB_CHANGED);
+		}
+	}
+
+	/* If the must change flag is set, the last set time goes to zero.
+	   the must change and can change fields also do, but they are 
+	   calculated from policy, not set from the wire */
+
+	if (from->fields_present & ACCT_EXPIRED_FLAG) {
+		DEBUG(10,("INFO_25 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
+		if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
+			pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);		
+		} else {
+			pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED);
+		}
+	}
 }