diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/passdb/pdb_get_set.c | 3 | ||||
-rw-r--r-- | source3/rpc_server/samr/srv_samr_util.c | 11 |
2 files changed, 11 insertions, 3 deletions
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 6c1a2ab23d..782c08fc1c 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -123,8 +123,7 @@ time_t pdb_get_pass_must_change_time(const struct samu *sampass) bool pdb_get_pass_can_change(const struct samu *sampass) { - if (sampass->pass_can_change_time == get_time_t_max() && - sampass->pass_last_set_time != 0) + if (sampass->pass_can_change_time == get_time_t_max()) return False; return True; } diff --git a/source3/rpc_server/samr/srv_samr_util.c b/source3/rpc_server/samr/srv_samr_util.c index 29123321f8..d052846b2e 100644 --- a/source3/rpc_server/samr/srv_samr_util.c +++ b/source3/rpc_server/samr/srv_samr_util.c @@ -612,7 +612,16 @@ void copy_id21_to_sam_passwd(const char *log_prefix, DEBUG(10,("%s SAMR_FIELD_EXPIRED_FLAG: %02X\n", l, from->password_expired)); if (from->password_expired != 0) { - pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); + /* Only allow the set_time to zero (which means + "User Must Change Password on Next Login" + if the user object allows password change. */ + if (pdb_get_pass_can_change(to)) { + pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); + } else { + DEBUG(10,("%s Disallowing set of 'User Must " + "Change Password on Next Login' as " + "user object disallows this.\n", l)); + } } else { /* A subtlety here: some windows commands will clear the expired flag even though it's not |