]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fdcdf34)
s4:auth/sam: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_...
authorStefan Metzmacher <metze@samba.org>
Fri, 3 Jun 2016 22:48:56 +0000 (00:48 +0200)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 30 Jun 2016 01:30:23 +0000 (03:30 +0200)
The logic in samdb_result_force_password_change() is incomplete
and the correct logic is already available via the constructed
"msDS-UserPasswordExpiryTimeComputed" attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/auth/sam.c patch | blob | blame | history

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index cdfe8dd2fda4f997c740473b89b40ea4b8664e7d..23c53682e143f064ad8c1558959538477a46d46c 100644 (file)
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -52,6 +52,7 @@
        "objectSid",                            \
                                                \
        "pwdLastSet",                           \
+       "msDS-UserPasswordExpiryTimeComputed",  \
        "accountExpires"
 
 const char *krbtgt_attrs[] = {
@@ -187,8 +188,8 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
 
        /* Check for when we must change this password, taking the
         * userAccountControl flags into account */
-       must_change_time = samdb_result_force_password_change(sam_ctx, mem_ctx, 
-                                                             domain_dn, msg);
+       must_change_time = samdb_result_nttime(msg,
+                       "msDS-UserPasswordExpiryTimeComputed", 0);
 
        workstation_list = ldb_msg_find_attr_as_string(msg, "userWorkstations", NULL);
 
@@ -455,9 +456,8 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx,
        info->allow_password_change
                = samdb_result_allow_password_change(sam_ctx, mem_ctx, 
                        domain_dn, msg, "pwdLastSet");
-       info->force_password_change
-               = samdb_result_force_password_change(sam_ctx, mem_ctx,
-                       domain_dn, msg);
+       info->force_password_change = samdb_result_nttime(msg,
+               "msDS-UserPasswordExpiryTimeComputed", 0);
        info->logon_count = ldb_msg_find_attr_as_uint(msg, "logonCount", 0);
        info->bad_password_count = ldb_msg_find_attr_as_uint(msg, "badPwdCount",
                0);
Mirror of https://github.com/samba-team/samba.git