From b183a30b2b3983a7f827dc6fd44eb16ac64904ce Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 May 2010 13:41:01 +1000
Subject: s4:credentials Add in tracking of the password last set time

We perhaps need a more general API here, but for now extend the
credentials API to return the password last changed time that the
s3compat layer will need.

Andrew Bartlett
---
 source4/auth/credentials/credentials_files.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'source4/auth/credentials/credentials_files.c')

diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index 6ddee9e3ef..2e88cf4c4e 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -210,7 +210,8 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
 	enum netr_SchannelType sct;
 	const char *salt_principal;
 	const char *keytab;
-	
+	const struct ldb_val *whenChanged;
+
 	/* ok, we are going to get it now, don't recurse back here */
 	cred->machine_account_pending = false;
 
@@ -314,6 +315,14 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
 
 	cli_credentials_set_kvno(cred, ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0));
 
+	whenChanged = ldb_msg_find_ldb_val(msg, "whenChanged");
+	if (whenChanged) {
+		time_t lct;
+		if (ldb_val_to_time(whenChanged, &lct) == LDB_SUCCESS) {
+			cli_credentials_set_password_last_changed_time(cred, lct);
+		}
+	}
+	
 	/* If there was an external keytab specified by reference in
 	 * the LDB, then use this.  Otherwise we will make one up
 	 * (chewing CPU time) from the password */
-- 
cgit