diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2013-10-29 15:44:15 +1300 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2014-04-02 17:12:46 +0200 |
| commit | 77e4beb0e027bb49454716b86c782c98c2ed823b (patch) | |
| tree | f8e319dba081e6cea43e17522de07573cb2bcd81 /source4 | |
| parent | 1d266b493894ad55c6c30e73a4cf9bc6aa28f559 (diff) | |
| download | samba-77e4beb0e027bb49454716b86c782c98c2ed823b.tar.gz samba-77e4beb0e027bb49454716b86c782c98c2ed823b.tar.xz samba-77e4beb0e027bb49454716b86c782c98c2ed823b.zip | |
dsdb-operational: Implement msDS-UserPasswordExpiryTimeComputed
This assists in testing this aspect of
msDS-User-Account-Control-Computed, and is exposed in AD for clients
to query.
Andrew Bartlett
Change-Id: I10fd214b0585a16f8addb00c252f656419a03f4a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/operational.c | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c index 5f15932f3f..ad9863eae4 100644 --- a/source4/dsdb/samdb/ldb_modules/operational.c +++ b/source4/dsdb/samdb/ldb_modules/operational.c @@ -760,6 +760,43 @@ static int construct_msds_user_account_control_computed(struct ldb_module *modul msDS_User_Account_Control_Computed); } +/* + construct msDS-UserPasswordExpiryTimeComputed +*/ +static int construct_msds_user_password_expiry_time_computed(struct ldb_module *module, + struct ldb_message *msg, enum ldb_scope scope, + struct ldb_request *parent) +{ + struct ldb_context *ldb = ldb_module_get_ctx(module); + struct ldb_dn *nc_root; + int64_t password_expiry_time; + int ret; + + ret = dsdb_find_nc_root(ldb, msg, msg->dn, &nc_root); + if (ret != 0) { + ldb_asprintf_errstring(ldb, + "Failed to find NC root of DN: %s: %s", + ldb_dn_get_linearized(msg->dn), + ldb_errstring(ldb)); + return ret; + } + + if (ldb_dn_compare(nc_root, ldb_get_default_basedn(ldb)) != 0) { + /* Only calculate this on our default NC */ + return 0; + } + + password_expiry_time + = get_msds_user_password_expiry_time_computed(module, msg, + nc_root); + + return samdb_msg_add_int64(ldb, + msg->elements, msg, + "msDS-UserPasswordExpiryTimeComputed", + password_expiry_time); +} + + struct op_controls_flags { bool sd; bool bypassoperational; @@ -815,6 +852,13 @@ static const char *user_account_control_computed_attrs[] = }; +static const char *user_password_expiry_time_computed_attrs[] = +{ + "pwdLastSet", + NULL +}; + + /* a list of attribute names that are hidden, but can be searched for using another (non-hidden) name to produce the correct result @@ -831,7 +875,9 @@ static const struct op_attributes_replace search_sub[] = { { "msDS-isRODC", "objectClass", objectCategory_attr, construct_msds_isrodc }, { "msDS-KeyVersionNumber", "replPropertyMetaData", NULL, construct_msds_keyversionnumber }, { "msDS-User-Account-Control-Computed", "userAccountControl", user_account_control_computed_attrs, - construct_msds_user_account_control_computed } + construct_msds_user_account_control_computed }, + { "msDS-UserPasswordExpiryTimeComputed", "userAccountControl", user_password_expiry_time_computed_attrs, + construct_msds_user_password_expiry_time_computed } }; |