From 86b9bf95916b307bd081af4c61ef00d461e60bdc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 4 Jun 2016 00:48:56 +0200 Subject: [PATCH] s4:rpc_server/samr: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change() The logic in samdb_result_force_password_change() is incomplete and the correct logic is already available via the constructed "msDS-UserPasswordExpiryTimeComputed" attribute. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source4/rpc_server/samr/dcesrv_samr.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index d1a5922afd6..44487cd7db6 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -62,9 +62,6 @@ static NTSTATUS dcesrv_interface_samr_bind(struct dcesrv_call_state *dce_call, #define QUERY_APASSC(msg, field, attr) \ info->field = samdb_result_allow_password_change(sam_ctx, mem_ctx, \ a_state->domain_state->domain_dn, msg, attr); -#define QUERY_FPASSC(msg, field, attr) \ - info->field = samdb_result_force_password_change(sam_ctx, mem_ctx, \ - a_state->domain_state->domain_dn, msg); #define QUERY_BPWDCT(msg, field, attr) \ info->field = samdb_result_effective_badPwdCount(sam_ctx, mem_ctx, \ a_state->domain_state->domain_dn, msg); @@ -2742,6 +2739,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA "lastLogon", "lastLogoff", "pwdLastSet", + "msDS-UserPasswordExpiryTimeComputed", "logonHours", "badPwdCount", "badPasswordTime", @@ -2778,6 +2776,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA "badPasswordTime", "logonCount", "pwdLastSet", + "msDS-UserPasswordExpiryTimeComputed", "accountExpires", "userAccountControl", "msDS-User-Account-Control-Computed", @@ -2855,6 +2854,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA static const char * const attrs2[] = {"userAccountControl", "msDS-User-Account-Control-Computed", "pwdLastSet", + "msDS-UserPasswordExpiryTimeComputed", NULL}; attrs = attrs2; break; @@ -2882,6 +2882,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA static const char * const attrs2[] = {"lastLogon", "lastLogoff", "pwdLastSet", + "msDS-UserPasswordExpiryTimeComputed", "accountExpires", "sAMAccountName", "displayName", @@ -2967,7 +2968,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA QUERY_UINT64(msg, info3.last_logoff, "lastLogoff"); QUERY_UINT64(msg, info3.last_password_change, "pwdLastSet"); QUERY_APASSC(msg, info3.allow_password_change, "pwdLastSet"); - QUERY_FPASSC(msg, info3.force_password_change, "pwdLastSet"); + QUERY_UINT64(msg, info3.force_password_change, "msDS-UserPasswordExpiryTimeComputed"); QUERY_LHOURS(msg, info3.logon_hours, "logonHours"); /* level 3 gives the raw badPwdCount value */ QUERY_UINT (msg, info3.bad_password_count, "badPwdCount"); @@ -3060,7 +3061,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA QUERY_UINT64(msg, info21.last_password_change, "pwdLastSet"); QUERY_UINT64(msg, info21.acct_expiry, "accountExpires"); QUERY_APASSC(msg, info21.allow_password_change,"pwdLastSet"); - QUERY_FPASSC(msg, info21.force_password_change,"pwdLastSet"); + QUERY_UINT64(msg, info21.force_password_change, "msDS-UserPasswordExpiryTimeComputed"); QUERY_STRING(msg, info21.account_name, "sAMAccountName"); QUERY_STRING(msg, info21.full_name, "displayName"); QUERY_STRING(msg, info21.home_directory, "homeDirectory"); -- 2.47.3