From 9c8135785ad7b2bee4a0d37470dc37fed04a6516 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 5 Jul 2010 16:55:50 +0200 Subject: s4:dsdb - samdb_result_force_password_change - also when "pwdLastSet" is "-1" we shouldn't force a password change This value is set by the ADUC console. --- source4/dsdb/common/util.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/common') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 80736b1712..d24803809d 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -520,8 +520,10 @@ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb, struct ldb_dn *domain_dn, struct ldb_message *msg) { - uint64_t attr_time = samdb_result_uint64(msg, "pwdLastSet", 0); - uint32_t userAccountControl = samdb_result_uint64(msg, "userAccountControl", 0); + int64_t attr_time = samdb_result_int64(msg, "pwdLastSet", 0); + uint32_t userAccountControl = ldb_msg_find_attr_as_uint(msg, + "userAccountControl", + 0); int64_t maxPwdAge; /* Machine accounts don't expire, and there is a flag for 'no expiry' */ @@ -533,8 +535,12 @@ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb, if (attr_time == 0) { return 0; } + if (attr_time == -1) { + return 0x7FFFFFFFFFFFFFFFULL; + } - maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, "maxPwdAge", NULL); + maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, + "maxPwdAge", NULL); if (maxPwdAge == 0) { return 0x7FFFFFFFFFFFFFFFULL; } else { -- cgit