diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2008-02-29 01:00:15 +0100 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2008-02-29 01:00:15 +0100 |
| commit | 9faf49b7f13c237aaf204ef962231ea2d58ecda0 (patch) | |
| tree | 35c18d275795fa480b079ad97d4cfc6340e75589 /source4/dsdb/common | |
| parent | 73138c1198c34404fae98273cea0d7fc12757b01 (diff) | |
| parent | f6b2a57c9517202c554fa5a60bbe7ffd49b431f5 (diff) | |
| download | samba-9faf49b7f13c237aaf204ef962231ea2d58ecda0.tar.gz samba-9faf49b7f13c237aaf204ef962231ea2d58ecda0.tar.xz samba-9faf49b7f13c237aaf204ef962231ea2d58ecda0.zip | |
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
(This used to be commit 227de596865ee910bfc1e0730316e26a0a9caf51)
Diffstat (limited to 'source4/dsdb/common')
| -rw-r--r-- | source4/dsdb/common/util.c | 39 |
1 files changed, 17 insertions, 22 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index c9c0285604..ba8841ceb0 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -469,8 +469,8 @@ NTTIME samdb_result_allow_password_change(struct ldb_context *sam_ldb, } /* - construct the force_password_change field from the PwdLastSet attribute and the - domain password settings + construct the force_password_change field from the PwdLastSet + attribute, the userAccountControl and the domain password settings */ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, @@ -478,10 +478,12 @@ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb, struct ldb_message *msg) { uint64_t attr_time = samdb_result_uint64(msg, "pwdLastSet", 0); - uint32_t user_flags = samdb_result_uint64(msg, "userAccountControl", 0); + uint32_t userAccountcontrol = samdb_result_uint64(msg, "userAccountControl", 0); int64_t maxPwdAge; - if (user_flags & UF_DONT_EXPIRE_PASSWD) { + /* Machine accounts don't expire, and there is a flag for 'no expiry' */ + if (!(userAccountControl & UF_NORMAL_ACCOUNT) + || (userAccountControl & UF_DONT_EXPIRE_PASSWD)) { return 0x7FFFFFFFFFFFFFFFULL; } @@ -607,24 +609,17 @@ uint32_t samdb_result_acct_flags(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ct { uint32_t userAccountControl = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0); uint32_t acct_flags = samdb_uf2acb(userAccountControl); - if ((userAccountControl & UF_NORMAL_ACCOUNT) && !(userAccountControl & UF_DONT_EXPIRE_PASSWD)) { - NTTIME must_change_time; - NTTIME pwdLastSet = samdb_result_nttime(msg, "pwdLastSet", 0); - if (pwdLastSet == 0) { - acct_flags |= ACB_PW_EXPIRED; - } else { - NTTIME now; - - must_change_time = samdb_result_force_password_change(sam_ctx, mem_ctx, - domain_dn, msg); - - /* Test account expire time */ - unix_to_nt_time(&now, time(NULL)); - /* check for expired password */ - if ((must_change_time != 0) && (must_change_time < now)) { - acct_flags |= ACB_PW_EXPIRED; - } - } + NTTIME must_change_time; + NTTIME now; + + must_change_time = samdb_result_force_password_change(sam_ctx, mem_ctx, + domain_dn, msg); + + /* Test account expire time */ + unix_to_nt_time(&now, time(NULL)); + /* check for expired password */ + if (must_change_time < now) { + acct_flags |= ACB_PW_EXPIRED; } return acct_flags; } |