diff options
| author | Volker Lendecke <vl@samba.org> | 2008-03-20 21:58:39 +0100 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2008-04-11 09:10:03 +0200 |
| commit | 5e2bbdcb210dd2bb554539800e9da696f3306f54 (patch) | |
| tree | 44425d4eb6721ca3b5ef631c9aa451d3b10a21f7 /source/rpc_server | |
| parent | 03825a9c5e565d9a9e381d67754d02d75547fcc0 (diff) | |
| download | samba-5e2bbdcb210dd2bb554539800e9da696f3306f54.tar.gz samba-5e2bbdcb210dd2bb554539800e9da696f3306f54.tar.xz samba-5e2bbdcb210dd2bb554539800e9da696f3306f54.zip | |
A level 25 setuserinfo does change the pwdlastset
(cherry picked from commit f65cb5d4b51e2e7b9b16b73e47cd2a8d55d5d4b0)
Diffstat (limited to 'source/rpc_server')
| -rw-r--r-- | source/rpc_server/srv_samr_nt.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index f76cdcc76ba..62632d08c5c 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -3891,7 +3891,8 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, set_user_info_pw ********************************************************************/ -static bool set_user_info_pw(uint8 *pass, struct samu *pwd) +static bool set_user_info_pw(uint8 *pass, struct samu *pwd, + int level) { uint32 len = 0; char *plaintext_buf = NULL; @@ -3953,8 +3954,20 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd) memset(plaintext_buf, '\0', strlen(plaintext_buf)); - /* restore last set time as this is an admin change, not a user pw change */ - pdb_set_pass_last_set_time (pwd, last_set_time, last_set_state); + /* + * A level 25 change does reset the pwdlastset field, a level 24 + * change does not. I know this is probably not the full story, but + * it is needed to make XP join LDAP correctly, without it the later + * auth2 check can fail with PWD_MUST_CHANGE. + */ + if (level != 25) { + /* + * restore last set time as this is an admin change, not a + * user pw change + */ + pdb_set_pass_last_set_time (pwd, last_set_time, + last_set_state); + } DEBUG(5,("set_user_info_pw: pdb_update_pwd()\n")); @@ -4175,7 +4188,8 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name, dump_data(100, info->info24.password.data, 516); - if (!set_user_info_pw(info->info24.password.data, pwd)) { + if (!set_user_info_pw(info->info24.password.data, pwd, + switch_value)) { status = NT_STATUS_ACCESS_DENIED; } break; @@ -4194,7 +4208,8 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name, if (!NT_STATUS_IS_OK(status)) { goto done; } - if (!set_user_info_pw(info->info25.password.data, pwd)) { + if (!set_user_info_pw(info->info25.password.data, pwd, + switch_value)) { status = NT_STATUS_ACCESS_DENIED; } break; @@ -4208,7 +4223,8 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name, dump_data(100, info->info26.password.data, 516); - if (!set_user_info_pw(info->info26.password.data, pwd)) { + if (!set_user_info_pw(info->info26.password.data, pwd, + switch_value)) { status = NT_STATUS_ACCESS_DENIED; } break; |