From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 31 May 2016 13:21:58 +0000 (+0200)
Subject: s4:dsdb/password_hash: only allow pwdLastSet as "0" or "-1"
X-Git-Tag: tdb-1.3.10~660
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1d808bb5d79a43085c880dbbc675bba31fe71139;p=thirdparty%2Fsamba.git

s4:dsdb/password_hash: only allow pwdLastSet as "0" or "-1"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 010c5e9d392..76c63a655b9 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1809,11 +1809,15 @@ static int setup_last_set_field(struct setup_password_fields_io *io)
 			break;
 		}
 		/* -1 means set it as now */
-		/* fall through */
-	default:
 		GetTimeOfDay(&tv);
 		io->g.last_set = timeval_to_nttime(&tv);
 		break;
+	default:
+		return dsdb_module_werror(io->ac->module,
+					  LDB_ERR_OTHER,
+					  WERR_INVALID_PARAM,
+					  "setup_last_set_field: "
+					  "pwdLastSet must be 0 or -1 only!");
 	}
 
 	if (io->ac->req->operation == LDB_ADD) {