diff options
-rw-r--r-- | source3/nsswitch/pam_winbind.c | 6 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_nss.h | 4 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 15 |
3 files changed, 8 insertions, 17 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 57e05dc4bb..0141c3fafa 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -419,7 +419,8 @@ static int winbind_auth_request(pam_handle_t * pamh, /* handle the case where the auth was ok, but the password must expire right now */ /* good catch from Ralf Haferkamp: an expiry of "never" is translated to -1 */ - if ((response.data.auth.policy.expire > 0) && + if ((response.data.auth.info3.user_rid != DOMAIN_USER_RID_ADMIN ) && + (response.data.auth.policy.expire > 0) && (response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire < time(NULL))) { ret = PAM_AUTHTOK_EXPIRED; @@ -435,7 +436,8 @@ static int winbind_auth_request(pam_handle_t * pamh, } /* warn a user if the password is about to expire soon */ - if ((response.data.auth.policy.expire) && + if ((response.data.auth.info3.user_rid != DOMAIN_USER_RID_ADMIN ) && + (response.data.auth.policy.expire) && (response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire > time(NULL) ) ) { int days = response.data.auth.policy.expire / SECONDS_PER_DAY; diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h index 033e51d794..b01053d63c 100644 --- a/source3/nsswitch/winbindd_nss.h +++ b/source3/nsswitch/winbindd_nss.h @@ -338,8 +338,8 @@ struct winbindd_response { time_t pass_must_change_time; uint16 logon_count; uint16 bad_pw_count; - fstring user_sid; - fstring group_sid; + uint32 user_rid; + uint32 group_rid; fstring dom_sid; uint32 num_groups; uint32 user_flgs; diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index ab20102f79..fc8d0885fc 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -32,7 +32,6 @@ static NTSTATUS append_info3_as_txt(TALLOC_CTX *mem_ctx, struct winbindd_cli_state *state, NET_USER_INFO_3 *info3) { - DOM_SID user_sid, group_sid; fstring str_sid; state->response.data.auth.info3.logon_time = @@ -51,18 +50,8 @@ static NTSTATUS append_info3_as_txt(TALLOC_CTX *mem_ctx, state->response.data.auth.info3.logon_count = info3->logon_count; state->response.data.auth.info3.bad_pw_count = info3->bad_pw_count; - sid_copy(&user_sid, &(info3->dom_sid.sid)); - sid_append_rid(&user_sid, info3->user_rid); - - sid_to_string(str_sid, &user_sid); - fstrcpy(state->response.data.auth.info3.user_sid, str_sid); - - sid_copy(&group_sid, &(info3->dom_sid.sid)); - sid_append_rid(&group_sid, info3->group_rid); - - sid_to_string(str_sid, &group_sid); - fstrcpy(state->response.data.auth.info3.group_sid, str_sid); - + state->response.data.auth.info3.user_rid = info3->user_rid; + state->response.data.auth.info3.group_rid = info3->group_rid; sid_to_string(str_sid, &(info3->dom_sid.sid)); fstrcpy(state->response.data.auth.info3.dom_sid, str_sid); |