diff options
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/auth.h | 3 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_sam.c | 2 | ||||
| -rw-r--r-- | source4/auth/sam.c | 11 |
3 files changed, 9 insertions, 7 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h index f6d739325d..6bad017862 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -232,7 +232,8 @@ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, struct ldb_message *msg, const char *logon_workstation, const char *name_for_logs, - bool allow_domain_trust); + bool allow_domain_trust, + bool password_change); struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, const char *netbios_name, diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index 0bb79e234c..253ddf2286 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -175,7 +175,7 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context, msg, user_info->workstation_name, user_info->mapped.account_name, - false); + false, false); return nt_status; } diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 68eaacf255..acbd50c3fa 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -147,7 +147,8 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, struct ldb_message *msg, const char *logon_workstation, const char *name_for_logs, - bool allow_domain_trust) + bool allow_domain_trust, + bool password_change) { uint16_t acct_flags; const char *workstation_list; @@ -189,15 +190,15 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, return NT_STATUS_ACCOUNT_EXPIRED; } - /* check for immediate expiry "must change at next logon" */ - if (must_change_time == 0) { + /* check for immediate expiry "must change at next logon" (but not if this is a password change request) */ + if ((must_change_time == 0) && !password_change) { DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n", name_for_logs)); return NT_STATUS_PASSWORD_MUST_CHANGE; } - /* check for expired password */ - if (must_change_time < now) { + /* check for expired password (but not if this is a password change request) */ + if ((must_change_time < now) && !password_change) { DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n", name_for_logs)); DEBUG(1,("sam_account_ok: Password expired at '%s' unix time.\n", |