summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source3/passdb/pdb_get_set.c24
-rw-r--r--source3/rpc_parse/parse_samr.c15
-rw-r--r--source3/rpc_server/srv_samr_util.c60
3 files changed, 52 insertions, 47 deletions
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 6d437867af..7aac8f5856 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -72,12 +72,32 @@ time_t pdb_get_pass_last_set_time(const struct samu *sampass)
time_t pdb_get_pass_can_change_time(const struct samu *sampass)
{
- return sampass->pass_can_change_time;
+ uint32 allow;
+
+ if (sampass->pass_last_set_time == 0)
+ return (time_t) 0;
+
+ if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow))
+ allow = 0;
+
+ return sampass->pass_last_set_time + allow;
}
time_t pdb_get_pass_must_change_time(const struct samu *sampass)
{
- return sampass->pass_must_change_time;
+ uint32 expire;
+
+ if (sampass->pass_last_set_time == 0)
+ return (time_t) 0;
+
+ if (sampass->acct_ctrl & ACB_PWNOEXP)
+ return get_time_t_max();
+
+ if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
+ || expire == (uint32)-1 || expire == 0)
+ return get_time_t_max();
+
+ return sampass->pass_last_set_time + expire;
}
uint16 pdb_get_logon_divs(const struct samu *sampass)
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index dd98d62810..4173b0169b 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -6270,6 +6270,7 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, struct samu *pw, DOM_SID *
pass_last_set_time, pass_can_change_time,
pass_must_change_time;
+ time_t must_change_time;
const char* user_name = pdb_get_username(pw);
const char* full_name = pdb_get_fullname(pw);
const char* home_dir = pdb_get_homedir(pw);
@@ -6294,12 +6295,16 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, struct samu *pw, DOM_SID *
}
/* Create NTTIME structs */
- unix_to_nt_time (&logon_time, pdb_get_logon_time(pw));
- unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw));
+ unix_to_nt_time (&logon_time, pdb_get_logon_time(pw));
+ unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw));
unix_to_nt_time (&kickoff_time, pdb_get_kickoff_time(pw));
- unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw));
- unix_to_nt_time (&pass_can_change_time, pdb_get_pass_can_change_time(pw));
- unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(pw));
+ unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw));
+ unix_to_nt_time (&pass_can_change_time,pdb_get_pass_can_change_time(pw));
+ must_change_time = pdb_get_pass_must_change_time(pw);
+ if (must_change_time == get_time_t_max())
+ unix_to_nt_time_abs(&pass_must_change_time, must_change_time);
+ else
+ unix_to_nt_time(&pass_must_change_time, must_change_time);
/* structure assignment */
usr->logon_time = logon_time;
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c
index 4fbd9d07d2..08a2fb92bb 100644
--- a/source3/rpc_server/srv_samr_util.c
+++ b/source3/rpc_server/srv_samr_util.c
@@ -283,26 +283,16 @@ void copy_id21_to_sam_passwd(struct samu *to, SAM_USER_INFO_21 *from)
}
}
- DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
- if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
- pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
- } else {
- uint32 expire;
- time_t new_time;
- if (pdb_get_pass_must_change_time(to) == 0) {
- if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
- || expire == (uint32)-1) {
- new_time = get_time_t_max();
- } else {
- time_t old_time = pdb_get_pass_last_set_time(to);
- new_time = old_time + expire;
- if ((new_time) < time(0)) {
- new_time = time(0) + expire;
- }
- }
- if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) {
- DEBUG (0, ("pdb_set_pass_must_change_time failed!\n"));
- }
+ /* If the must change flag is set, the last set time goes to zero.
+ the must change and can change fields also do, but they are
+ calculated from policy, not set from the wire */
+
+ if (from->fields_present & ACCT_EXPIRED_FLAG) {
+ DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
+ if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
+ pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
+ } else {
+ pdb_set_pass_last_set_time(to, time(0), PDB_CHANGED);
}
}
@@ -522,26 +512,16 @@ void copy_id23_to_sam_passwd(struct samu *to, SAM_USER_INFO_23 *from)
}
}
- DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
- if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
- pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
- } else {
- uint32 expire;
- time_t new_time;
- if (pdb_get_pass_must_change_time(to) == 0) {
- if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
- || expire == (uint32)-1) {
- new_time = get_time_t_max();
- } else {
- time_t old_time = pdb_get_pass_last_set_time(to);
- new_time = old_time + expire;
- if ((new_time) < time(0)) {
- new_time = time(0) + expire;
- }
- }
- if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) {
- DEBUG (0, ("pdb_set_pass_must_change_time failed!\n"));
- }
+ /* If the must change flag is set, the last set time goes to zero.
+ the must change and can change fields also do, but they are
+ calculated from policy, not set from the wire */
+
+ if (from->fields_present & ACCT_EXPIRED_FLAG) {
+ DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
+ if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
+ pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
+ } else {
+ pdb_set_pass_last_set_time(to, time(0), PDB_CHANGED);
}
}
generated by cgit (git 2.34.1) at 2024-11-29 23:07:08 +0000