summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/samr/srv_samr_util.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/rpc_server/samr/srv_samr_util.c b/source3/rpc_server/samr/srv_samr_util.c
index 29123321f8..d052846b2e 100644
--- a/source3/rpc_server/samr/srv_samr_util.c
+++ b/source3/rpc_server/samr/srv_samr_util.c
@@ -612,7 +612,16 @@ void copy_id21_to_sam_passwd(const char *log_prefix,
DEBUG(10,("%s SAMR_FIELD_EXPIRED_FLAG: %02X\n", l,
from->password_expired));
if (from->password_expired != 0) {
- pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
+ /* Only allow the set_time to zero (which means
+ "User Must Change Password on Next Login"
+ if the user object allows password change. */
+ if (pdb_get_pass_can_change(to)) {
+ pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
+ } else {
+ DEBUG(10,("%s Disallowing set of 'User Must "
+ "Change Password on Next Login' as "
+ "user object disallows this.\n", l));
+ }
} else {
/* A subtlety here: some windows commands will
clear the expired flag even though it's not