dsdb: Fix the password expiry calculation

As per Section 3.1.1.4.5.26 [MS-ADTS.pdf], password is expired if pwdLastSet = null, or pwdLastSet = 0, or (maxPwdAge != 0x8000000000000000 and (ST - pwdLastSet) > maxPwdAge)
author: Amitay Isaacs <amitay@gmail.com> 2011-11-18 10:34:44 +1100
committer: Amitay Isaacs <amitay@gmail.com> 2011-11-18 14:38:28 +1100
commit: 9318e00a1fab1e6eda6495c44b69d95a980b1e5e (patch)
tree: 66a2ff3df982c33e284f30732659dd30ff0dd812 /source4/dsdb/common
parent: d0e9f22654be1c9972c5b5ba6b3ebe808f27c678 (diff)
download: samba-9318e00a1fab1e6eda6495c44b69d95a980b1e5e.tar.gz
samba-9318e00a1fab1e6eda6495c44b69d95a980b1e5e.tar.bz2
samba-9318e00a1fab1e6eda6495c44b69d95a980b1e5e.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index cae6bd45b3..826a1e4592 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -505,7 +505,7 @@ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb,
 
 	maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn,
 				       "maxPwdAge", NULL);
-	if (maxPwdAge == 0) {
+	if (maxPwdAge == 0 || maxPwdAge == -0x8000000000000000ULL) {
 		return 0x7FFFFFFFFFFFFFFFULL;
 	} else {
 		attr_time -= maxPwdAge;
author	Amitay Isaacs <amitay@gmail.com>	2011-11-18 10:34:44 +1100
committer	Amitay Isaacs <amitay@gmail.com>	2011-11-18 14:38:28 +1100
commit	9318e00a1fab1e6eda6495c44b69d95a980b1e5e (patch)
tree	66a2ff3df982c33e284f30732659dd30ff0dd812 /source4/dsdb/common
parent	d0e9f22654be1c9972c5b5ba6b3ebe808f27c678 (diff)
download	samba-9318e00a1fab1e6eda6495c44b69d95a980b1e5e.tar.gz samba-9318e00a1fab1e6eda6495c44b69d95a980b1e5e.tar.bz2 samba-9318e00a1fab1e6eda6495c44b69d95a980b1e5e.zip