From 13b2f59383c117033605df77935a67c7cc1c8da1 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Mon, 9 Jun 2008 11:45:39 -0400 Subject: Don't reset password last set time just because the expired flag is set to 0. If the account wasn't expired but autolocked, using "net user /dom /active:y" would clear this, incorrectly setting the current time as the new "password last set" time. (This used to be commit 0f292d70f698b8ae885005b5704a96476e876571) --- source3/rpc_server/srv_samr_util.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c index 74daf46e84..ef588aed1a 100644 --- a/source3/rpc_server/srv_samr_util.c +++ b/source3/rpc_server/srv_samr_util.c @@ -339,7 +339,15 @@ void copy_id21_to_sam_passwd(const char *log_prefix, if (from->password_expired == PASS_MUST_CHANGE_AT_NEXT_LOGON) { pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); } else { - pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED); + /* A subtlety here: some windows commands will + clear the expired flag even though it's not + set, and we don't want to reset the time + in these caess. "net user /dom /active:y" + for example, to clear an autolocked acct. + We must check to see if it's expired first. jmcd */ + stored_time = pdb_get_pass_last_set_time(to); + if (stored_time == 0) + pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED); } } } -- cgit