From 9318e00a1fab1e6eda6495c44b69d95a980b1e5e Mon Sep 17 00:00:00 2001 From: Amitay Isaacs Date: Fri, 18 Nov 2011 10:34:44 +1100 Subject: dsdb: Fix the password expiry calculation As per Section 3.1.1.4.5.26 [MS-ADTS.pdf], password is expired if pwdLastSet = null, or pwdLastSet = 0, or (maxPwdAge != 0x8000000000000000 and (ST - pwdLastSet) > maxPwdAge) --- source4/dsdb/common/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/dsdb') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index cae6bd45b3..826a1e4592 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -505,7 +505,7 @@ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb, maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn, "maxPwdAge", NULL); - if (maxPwdAge == 0) { + if (maxPwdAge == 0 || maxPwdAge == -0x8000000000000000ULL) { return 0x7FFFFFFFFFFFFFFFULL; } else { attr_time -= maxPwdAge; -- cgit