Fix bug #8561 - Password change settings not fully observed.

author Jeremy Allison <jra@samba.org>

Tue, 15 Nov 2011 21:30:22 +0000 (13:30 -0800)

committer Karolin Seeger <kseeger@samba.org>

Wed, 16 Nov 2011 19:24:11 +0000 (20:24 +0100)
author Jeremy Allison <jra@samba.org>
Tue, 15 Nov 2011 21:30:22 +0000 (13:30 -0800)
committer Karolin Seeger <kseeger@samba.org>
Wed, 16 Nov 2011 19:24:11 +0000 (20:24 +0100)
diff --git a/source3/include/proto.h b/source3/include/proto.h

index 2e04ca11b3c9037f73bd5d7ab23b9f32ef9497e5..579fc1b1f60b3acdf2c536ff36590732fae20f37 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4492,6 +4492,7 @@ bool pdb_set_group_sid_from_rid (struct samu *sampass, uint32 grid, enum pdb_val
  
  /* The following definitions come from passdb/pdb_get_set.c  */
  
+bool pdb_is_password_change_time_max(time_t test_time);
  uint32 pdb_get_acct_ctrl(const struct samu *sampass);
  time_t pdb_get_logon_time(const struct samu *sampass);
  time_t pdb_get_logoff_time(const struct samu *sampass);
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c

index 6126517900ea9af1cad1504d9c04b74520f40037..678dc613f2864ac042f7c55328d54d8fa7a88158 100644 (file)
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -36,6 +36,36 @@
  
  #define PDB_NOT_QUITE_NULL ""
  
+/*********************************************************************
+ Test if a change time is a max value. Copes with old and new values
+ of max.
+ ********************************************************************/
+
+bool pdb_is_password_change_time_max(time_t test_time)
+{
+       if (test_time == get_time_t_max()) {
+               return true;
+       }
+#if (defined(SIZEOF_TIME_T) && (SIZEOF_TIME_T == 8))
+       if (test_time == 0x7FFFFFFFFFFFFFFFLL) {
+               return true;
+       }
+#endif
+       if (test_time == 0x7FFFFFFF) {
+               return true;
+       }
+       return false;
+}
+
+/*********************************************************************
+ Return an unchanging version of max password change time - 0x7FFFFFFF.
+ ********************************************************************/
+
+time_t pdb_password_change_time_max(void)
+{
+       return 0x7FFFFFFF;
+}
+
  /*********************************************************************
   Collection of get...() functions for struct samu.
   ********************************************************************/
@@ -84,7 +114,7 @@ time_t pdb_get_pass_can_change_time(const struct samu *sampass)
            we're trying to update this real value from the sampass
            to indicate that the user cannot change their password.  jmcd
         */
-       if (sampass->pass_can_change_time == get_time_t_max() &&
+       if (pdb_is_password_change_time_max(sampass->pass_can_change_time) &&
             pdb_get_init_flags(sampass, PDB_CANCHANGETIME) == PDB_CHANGED)
                 return sampass->pass_can_change_time;
  
@@ -110,18 +140,18 @@ time_t pdb_get_pass_must_change_time(const struct samu *sampass)
                 return (time_t) 0;
  
         if (sampass->acct_ctrl & ACB_PWNOEXP)
-               return get_time_t_max();
+               return pdb_password_change_time_max();
  
         if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire)
             || expire == (uint32)-1 || expire == 0) 
-               return get_time_t_max();
+               return pdb_password_change_time_max();
  
         return sampass->pass_last_set_time + expire;
  }
  
  bool pdb_get_pass_can_change(const struct samu *sampass)
  {
-       if (sampass->pass_can_change_time == get_time_t_max() &&
+       if (pdb_is_password_change_time_max(sampass->pass_can_change_time) &&
             sampass->pass_last_set_time != 0)
                 return False;
         return True;
@@ -1001,7 +1031,7 @@ bool pdb_set_backend_private_data(struct samu *sampass, void *private_data,
  bool pdb_set_pass_can_change(struct samu *sampass, bool canchange)
  {
         return pdb_set_pass_can_change_time(sampass, 
-                                    canchange ? 0 : get_time_t_max(),
+                                    canchange ? 0 : pdb_password_change_time_max(),
                                      PDB_CHANGED);
  }
  
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c

index e98e4aa595a27e4e356d0e1d64e4d44e538fa5ac..487fb3d13939fb295aaa296245eac69e20de078e 100644 (file)
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2877,7 +2877,7 @@ static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx,
         unix_to_nt_time(&r->allow_password_change, pdb_get_pass_can_change_time(pw));
  
         must_change_time = pdb_get_pass_must_change_time(pw);
-       if (must_change_time == get_time_t_max()) {
+       if (pdb_is_password_change_time_max(must_change_time)) {
                 unix_to_nt_time_abs(&force_password_change, must_change_time);
         } else {
                 unix_to_nt_time(&force_password_change, must_change_time);
author	Jeremy Allison <jra@samba.org>
	Tue, 15 Nov 2011 21:30:22 +0000 (13:30 -0800)
committer	Karolin Seeger <kseeger@samba.org>
	Wed, 16 Nov 2011 19:24:11 +0000 (20:24 +0100)
source3/include/proto.h		patch \| blob \| blame \| history
source3/passdb/pdb_get_set.c		patch \| blob \| blame \| history
source3/rpc_server/srv_samr_nt.c		patch \| blob \| blame \| history