diff options
| -rw-r--r-- | source3/rpc_server/srv_samr_util.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c index 74daf46e84..ef588aed1a 100644 --- a/source3/rpc_server/srv_samr_util.c +++ b/source3/rpc_server/srv_samr_util.c @@ -339,7 +339,15 @@ void copy_id21_to_sam_passwd(const char *log_prefix, if (from->password_expired == PASS_MUST_CHANGE_AT_NEXT_LOGON) { pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); } else { - pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED); + /* A subtlety here: some windows commands will + clear the expired flag even though it's not + set, and we don't want to reset the time + in these caess. "net user /dom <user> /active:y" + for example, to clear an autolocked acct. + We must check to see if it's expired first. jmcd */ + stored_time = pdb_get_pass_last_set_time(to); + if (stored_time == 0) + pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED); } } } |