diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2008-03-03 00:23:09 +0100 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2008-03-03 00:23:09 +0100 |
| commit | c7dc53b8514f83800184d2b20b1897e54843a614 (patch) | |
| tree | 4f09d783271dc5e38809ed02c8252d73f8b147e5 /source4/dsdb/common/util.c | |
| parent | 375df425c5014dc852995038e8e5668f98af8ba3 (diff) | |
| parent | 85d53f7b603f7c15b007f8c3fdde1989f07a6eb2 (diff) | |
| download | samba-c7dc53b8514f83800184d2b20b1897e54843a614.tar.gz samba-c7dc53b8514f83800184d2b20b1897e54843a614.tar.bz2 samba-c7dc53b8514f83800184d2b20b1897e54843a614.zip | |
Merge branch 'v4-0-test' into id10ts-registry
(This used to be commit f98b59021a5ea39c7970ebc5520d17775e500b8c)
Diffstat (limited to 'source4/dsdb/common/util.c')
| -rw-r--r-- | source4/dsdb/common/util.c | 35 |
1 files changed, 28 insertions, 7 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index bee1eac480..ace5e0edaf 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -469,8 +469,8 @@ NTTIME samdb_result_allow_password_change(struct ldb_context *sam_ldb, } /* - construct the force_password_change field from the PwdLastSet attribute and the - domain password settings + construct the force_password_change field from the PwdLastSet + attribute, the userAccountControl and the domain password settings */ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, @@ -478,10 +478,12 @@ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb, struct ldb_message *msg) { uint64_t attr_time = samdb_result_uint64(msg, "pwdLastSet", 0); - uint32_t user_flags = samdb_result_uint64(msg, "userAccountControl", 0); + uint32_t userAccountControl = samdb_result_uint64(msg, "userAccountControl", 0); int64_t maxPwdAge; - if (user_flags & UF_DONT_EXPIRE_PASSWD) { + /* Machine accounts don't expire, and there is a flag for 'no expiry' */ + if (!(userAccountControl & UF_NORMAL_ACCOUNT) + || (userAccountControl & UF_DONT_EXPIRE_PASSWD)) { return 0x7FFFFFFFFFFFFFFFULL; } @@ -596,11 +598,30 @@ struct samr_LogonHours samdb_result_logon_hours(TALLOC_CTX *mem_ctx, struct ldb_ /* pull a set of account_flags from a result set. + + This requires that the attributes: + pwdLastSet + userAccountControl + be included in 'msg' */ -uint16_t samdb_result_acct_flags(struct ldb_message *msg, const char *attr) +uint32_t samdb_result_acct_flags(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, + struct ldb_message *msg, struct ldb_dn *domain_dn) { - uint_t userAccountControl = ldb_msg_find_attr_as_uint(msg, attr, 0); - return samdb_uf2acb(userAccountControl); + uint32_t userAccountControl = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0); + uint32_t acct_flags = samdb_uf2acb(userAccountControl); + NTTIME must_change_time; + NTTIME now; + + must_change_time = samdb_result_force_password_change(sam_ctx, mem_ctx, + domain_dn, msg); + + /* Test account expire time */ + unix_to_nt_time(&now, time(NULL)); + /* check for expired password */ + if (must_change_time < now) { + acct_flags |= ACB_PW_EXPIRED; + } + return acct_flags; } |