diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2008-02-29 12:45:46 +0100 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2008-02-29 12:45:46 +0100 |
| commit | c8011b5d09390318ea6aa5639a142797128e5dab (patch) | |
| tree | fb14b7ecce720dbc4fbba831a8fab045b9ac5f5c /source4/auth | |
| parent | bc1a369a0ed254ede591b65756d75568c45549ea (diff) | |
| parent | de4a2214efb3fcc1aa04664371983dbc768eaf79 (diff) | |
| download | samba-c8011b5d09390318ea6aa5639a142797128e5dab.tar.gz samba-c8011b5d09390318ea6aa5639a142797128e5dab.tar.bz2 samba-c8011b5d09390318ea6aa5639a142797128e5dab.zip | |
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3
Conflicts:
source/scripting/python/config.mk
(This used to be commit 0ac0ea660ab63eca764149f1d2828d0238a57289)
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/auth_sam.c | 4 | ||||
| -rw-r--r-- | source4/auth/sam.c | 41 |
2 files changed, 25 insertions, 20 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index 9189640150..4cb8d2b304 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -226,7 +226,9 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context, { struct samr_Password *lm_pwd, *nt_pwd; NTSTATUS nt_status; - uint16_t acct_flags = samdb_result_acct_flags(msgs[0], "userAccountControl"); + struct ldb_dn *domain_dn = samdb_result_dn(sam_ctx, mem_ctx, msgs_domain_ref[0], "nCName", NULL); + + uint16_t acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx, msgs[0], domain_dn); /* Quit if the account was locked out. */ if (acct_flags & ACB_AUTOLOCK) { diff --git a/source4/auth/sam.c b/source4/auth/sam.c index fdd7de7c71..9a8045f62d 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -149,19 +149,20 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, const char *workstation_list; NTTIME acct_expiry; NTTIME must_change_time; - NTTIME last_set_time; struct ldb_dn *domain_dn = samdb_result_dn(sam_ctx, mem_ctx, msg_domain_ref, "nCName", ldb_dn_new(mem_ctx, sam_ctx, NULL)); NTTIME now; DEBUG(4,("authsam_account_ok: Checking SMB password for user %s\n", name_for_logs)); - acct_flags = samdb_result_acct_flags(msg, "userAccountControl"); + acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx, msg, domain_dn); acct_expiry = samdb_result_nttime(msg, "accountExpires", 0); + + /* Check for when we must change this password, taking the + * userAccountControl flags into account */ must_change_time = samdb_result_force_password_change(sam_ctx, mem_ctx, domain_dn, msg); - last_set_time = samdb_result_nttime(msg, "pwdLastSet", 0); workstation_list = samdb_result_string(msg, "userWorkstations", NULL); @@ -186,22 +187,20 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, return NT_STATUS_ACCOUNT_EXPIRED; } - if (!(acct_flags & ACB_PWNOEXP)) { - /* check for immediate expiry "must change at next logon" */ - if (must_change_time == 0 && last_set_time != 0) { - DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n", - name_for_logs)); - return NT_STATUS_PASSWORD_MUST_CHANGE; - } + /* check for immediate expiry "must change at next logon" */ + if (must_change_time == 0) { + DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n", + name_for_logs)); + return NT_STATUS_PASSWORD_MUST_CHANGE; + } - /* check for expired password */ - if ((must_change_time != 0) && (must_change_time < now)) { - DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n", - name_for_logs)); - DEBUG(1,("sam_account_ok: Password expired at '%s' unix time.\n", - nt_time_string(mem_ctx, must_change_time))); - return NT_STATUS_PASSWORD_EXPIRED; - } + /* check for expired password */ + if (must_change_time < now) { + DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n", + name_for_logs)); + DEBUG(1,("sam_account_ok: Password expired at '%s' unix time.\n", + nt_time_string(mem_ctx, must_change_time))); + return NT_STATUS_PASSWORD_EXPIRED; } /* Test workstation. Workstation list is comma separated. */ @@ -267,6 +266,7 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_conte struct dom_sid **groupSIDs = NULL; struct dom_sid *account_sid; struct dom_sid *primary_group_sid; + struct ldb_dn *domain_dn; const char *str; struct ldb_dn *ncname; int i; @@ -368,7 +368,10 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_conte server_info->logon_count = samdb_result_uint(msg, "logonCount", 0); server_info->bad_password_count = samdb_result_uint(msg, "badPwdCount", 0); - server_info->acct_flags = samdb_result_acct_flags(msg, "userAccountControl"); + domain_dn = samdb_result_dn(sam_ctx, mem_ctx, msg_domain_ref, "nCName", NULL); + + server_info->acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx, + msg, domain_dn); server_info->user_session_key = user_sess_key; server_info->lm_session_key = lm_sess_key; |