From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 3 Jun 2016 22:48:56 +0000 (+0200)
Subject: s4:kdc: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_passw... 
X-Git-Tag: tdb-1.3.10~630
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a5efb21a53b8c890490c98229842a333a1158d2e;p=thirdparty%2Fsamba.git

s4:kdc: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()

The logic in samdb_result_force_password_change() is incomplete
and the correct logic is already available via the constructed
"msDS-UserPasswordExpiryTimeComputed" attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index af9fa268b32..963c64102d1 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -880,8 +880,9 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
 
 	} else {
 		NTTIME must_change_time
-			= samdb_result_force_password_change(kdc_db_ctx->samdb, mem_ctx,
-							     realm_dn, msg);
+			= samdb_result_nttime(msg,
+					"msDS-UserPasswordExpiryTimeComputed",
+					0);
 		if (must_change_time == 0x7FFFFFFFFFFFFFFFULL) {
 			entry_ex->entry.pw_end = NULL;
 		} else {