From b183a30b2b3983a7f827dc6fd44eb16ac64904ce Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 17 May 2010 13:41:01 +1000 Subject: s4:credentials Add in tracking of the password last set time We perhaps need a more general API here, but for now extend the credentials API to return the password last changed time that the s3compat layer will need. Andrew Bartlett --- source4/auth/credentials/credentials.c | 19 +++++++++++++++++++ source4/auth/credentials/credentials.h | 4 ++++ source4/auth/credentials/credentials_files.c | 11 ++++++++++- 3 files changed, 33 insertions(+), 1 deletion(-) (limited to 'source4/auth') diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c index 6f7630a206..a129efe919 100644 --- a/source4/auth/credentials/credentials.c +++ b/source4/auth/credentials/credentials.c @@ -748,6 +748,25 @@ _PUBLIC_ void cli_credentials_set_secure_channel_type(struct cli_credentials *cr cred->secure_channel_type = secure_channel_type; } +/** + * Return NETLOGON secure chanel type + */ + +_PUBLIC_ time_t cli_credentials_get_password_last_changed_time(struct cli_credentials *cred) +{ + return cred->password_last_changed_time; +} + +/** + * Set NETLOGON secure channel type + */ + +_PUBLIC_ void cli_credentials_set_password_last_changed_time(struct cli_credentials *cred, + time_t last_changed_time) +{ + cred->password_last_changed_time = last_changed_time; +} + /** * Return NETLOGON secure chanel type */ diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h index ab4ee2f217..c4c7d3f246 100644 --- a/source4/auth/credentials/credentials.h +++ b/source4/auth/credentials/credentials.h @@ -107,6 +107,7 @@ struct cli_credentials { struct netlogon_creds_CredentialState *netlogon_creds; enum netr_SchannelType secure_channel_type; int kvno; + time_t password_last_changed_time; struct smb_krb5_context *smb_krb5_context; @@ -218,6 +219,8 @@ bool cli_credentials_set_realm(struct cli_credentials *cred, enum credentials_obtained obtained); void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, enum netr_SchannelType secure_channel_type); +void cli_credentials_set_password_last_changed_time(struct cli_credentials *cred, + time_t last_change_time); void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, struct netlogon_creds_CredentialState *netlogon_creds); NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, @@ -239,6 +242,7 @@ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credential bool cli_credentials_set_password_callback(struct cli_credentials *cred, const char *(*password_cb) (struct cli_credentials *)); enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred); +time_t cli_credentials_get_password_last_changed_time(struct cli_credentials *cred); void cli_credentials_set_kvno(struct cli_credentials *cred, int kvno); bool cli_credentials_set_nt_hash(struct cli_credentials *cred, diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index 6ddee9e3ef..2e88cf4c4e 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -210,7 +210,8 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, enum netr_SchannelType sct; const char *salt_principal; const char *keytab; - + const struct ldb_val *whenChanged; + /* ok, we are going to get it now, don't recurse back here */ cred->machine_account_pending = false; @@ -314,6 +315,14 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, cli_credentials_set_kvno(cred, ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0)); + whenChanged = ldb_msg_find_ldb_val(msg, "whenChanged"); + if (whenChanged) { + time_t lct; + if (ldb_val_to_time(whenChanged, &lct) == LDB_SUCCESS) { + cli_credentials_set_password_last_changed_time(cred, lct); + } + } + /* If there was an external keytab specified by reference in * the LDB, then use this. Otherwise we will make one up * (chewing CPU time) from the password */ -- cgit