From 896fd8e1cddacc5cbc319490b110042db787f7ee Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 3 Aug 2005 04:41:10 +0000
Subject: r8980: Make Samba4 honour account control flags (we were asking for a
 non-existant field).

Also change time(NULL) into an NTTIME for comparison, rather than
experience rounding bugs (size of time_t) when converting an NTTIME
into a time_t.

Andrew Bartlett
(This used to be commit 181155f9e059a2eb74a7dd7c34a358724ec88bb8)
---
 source4/auth/auth_sam.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'source4/auth')

diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index f697164cd4..555b2a25ac 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -117,6 +117,7 @@ static NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
 				   const char *workstation_list,
 				   const struct auth_usersupplied_info *user_info)
 {
+	NTTIME now;
 	DEBUG(4,("authsam_account_ok: Checking SMB password for user %s\n", user_info->mapped.account_name));
 
 	/* Quit if the account was disabled. */
@@ -132,7 +133,8 @@ static NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
 	}
 
 	/* Test account expire time */
-	if ((acct_expiry) != -1 && time(NULL) > nt_time_to_unix(acct_expiry)) {
+	unix_to_nt_time(&now, time(NULL));
+	if (now > acct_expiry) {
 		DEBUG(1,("authsam_account_ok: Account for user '%s' has expired.\n", user_info->mapped.account_name));
 		DEBUG(3,("authsam_account_ok: Account expired at '%s'.\n", 
 			 nt_time_string(mem_ctx, acct_expiry)));
@@ -148,7 +150,7 @@ static NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
 		}
 
 		/* check for expired password */
-		if ((must_change_time) != 0 && nt_time_to_unix(must_change_time) < time(NULL)) {
+		if ((must_change_time != 0) && (must_change_time < now)) {
 			DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n", 
 				 user_info->mapped.account_name));
 			DEBUG(1,("sam_account_ok: Password expired at '%s' unix time.\n", 
@@ -356,7 +358,7 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context,
 	NTSTATUS nt_status;
 	const char *domain_dn = samdb_result_string(msgs_domain[0], "nCName", "");
 
-	acct_flags = samdb_result_acct_flags(msgs[0], "sAMAcctFlags");
+	acct_flags = samdb_result_acct_flags(msgs[0], "userAccountControl");
 	
 	/* Quit if the account was locked out. */
 	if (acct_flags & ACB_AUTOLOCK) {
-- 
cgit