summaryrefslogtreecommitdiff
path: root/source4/dsdb/common
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb/common')
-rw-r--r--source4/dsdb/common/util.c26
1 files changed, 25 insertions, 1 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index ace5e0edaf..88c8afd6cc 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -434,6 +434,30 @@ NTTIME samdb_result_nttime(struct ldb_message *msg, const char *attr, NTTIME def
}
/*
+ * Windows uses both 0 and 9223372036854775807 (0x7FFFFFFFFFFFFFFFULL) to
+ * indicate an account doesn't expire.
+ *
+ * When Windows initially creates an account, it sets
+ * accountExpires = 9223372036854775807 (0x7FFFFFFFFFFFFFFF). However,
+ * when changing from an account having a specific expiration date to
+ * that account never expiring, it sets accountExpires = 0.
+ *
+ * Consolidate that logic here to allow clearer logic for account expiry in
+ * the rest of the code.
+ */
+NTTIME samdb_result_account_expires(struct ldb_message *msg,
+ NTTIME default_value)
+{
+ NTTIME ret = ldb_msg_find_attr_as_uint64(msg, "accountExpires",
+ default_value);
+
+ if (ret == (NTTIME)0)
+ ret = 0x7FFFFFFFFFFFFFFFULL;
+
+ return ret;
+}
+
+/*
pull a uint64_t from a result set.
*/
uint64_t samdb_result_uint64(struct ldb_message *msg, const char *attr, uint64_t default_value)
@@ -493,7 +517,7 @@ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb,
maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, "maxPwdAge", NULL);
if (maxPwdAge == 0) {
- return 0;
+ return 0x7FFFFFFFFFFFFFFFULL;
} else {
attr_time -= maxPwdAge;
}