summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/auth.h3
-rw-r--r--source4/auth/ntlm/auth_sam.c2
-rw-r--r--source4/auth/sam.c11
3 files changed, 9 insertions, 7 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index f6d739325d..6bad017862 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -232,7 +232,8 @@ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
const char *logon_workstation,
const char *name_for_logs,
- bool allow_domain_trust);
+ bool allow_domain_trust,
+ bool password_change);
struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
const char *netbios_name,
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index 0bb79e234c..253ddf2286 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -175,7 +175,7 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context,
msg,
user_info->workstation_name,
user_info->mapped.account_name,
- false);
+ false, false);
return nt_status;
}
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 68eaacf255..acbd50c3fa 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -147,7 +147,8 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
const char *logon_workstation,
const char *name_for_logs,
- bool allow_domain_trust)
+ bool allow_domain_trust,
+ bool password_change)
{
uint16_t acct_flags;
const char *workstation_list;
@@ -189,15 +190,15 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
return NT_STATUS_ACCOUNT_EXPIRED;
}
- /* check for immediate expiry "must change at next logon" */
- if (must_change_time == 0) {
+ /* check for immediate expiry "must change at next logon" (but not if this is a password change request) */
+ if ((must_change_time == 0) && !password_change) {
DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n",
name_for_logs));
return NT_STATUS_PASSWORD_MUST_CHANGE;
}
- /* check for expired password */
- if (must_change_time < now) {
+ /* check for expired password (but not if this is a password change request) */
+ if ((must_change_time < now) && !password_change) {
DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n",
name_for_logs));
DEBUG(1,("sam_account_ok: Password expired at '%s' unix time.\n",