svn commit: samba r11572 - in branches/SAMBA_4_0/source/kdc: .
abartlet at samba.org
abartlet at samba.org
Tue Nov 8 02:30:45 GMT 2005
Author: abartlet
Date: 2005-11-08 02:30:42 +0000 (Tue, 08 Nov 2005)
New Revision: 11572
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11572
Log:
Add support for accountExpires and password expiry (should cause the
ticket to be reduced in validity).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/kdc/hdb-ldb.c
Changeset:
Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2005-11-08 02:27:54 UTC (rev 11571)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2005-11-08 02:30:42 UTC (rev 11572)
@@ -219,9 +219,11 @@
krb5_error_code ret = 0;
const char *dnsdomain = ldb_msg_find_string(realm_ref_msg, "dnsRoot", NULL);
char *realm = strupper_talloc(mem_ctx, dnsdomain);
+ struct ldb_dn *domain_dn = samdb_result_dn(mem_ctx, realm_ref_msg, "nCName", ldb_dn_new(mem_ctx));
struct hdb_ldb_private *private;
hdb_entry *ent = &entry_ex->entry;
+ NTTIME acct_expiry;
memset(ent, 0, sizeof(*ent));
@@ -308,9 +310,37 @@
ent->valid_start = NULL;
- ent->valid_end = NULL;
- ent->pw_end = NULL;
+ acct_expiry = samdb_result_nttime(msg, "accountExpires", -1LL);
+ if (acct_expiry != -1LL && acct_expiry != 0x7FFFFFFFFFFFFFFFLL) {
+ ent->valid_end = malloc(sizeof(*ent->valid_end));
+ if (ent->valid_end == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ *ent->valid_end = nt_time_to_unix(acct_expiry);
+ } else {
+ ent->valid_end = NULL;
+ }
+ if ((ent_type != HDB_LDB_ENT_TYPE_KRBTGT) && (!(userAccountControl & UF_DONT_EXPIRE_PASSWD))) {
+ NTTIME must_change_time
+ = samdb_result_force_password_change((struct ldb_context *)db->hdb_db, mem_ctx,
+ domain_dn, msg,
+ "pwdLastSet");
+ if (must_change_time != 0) {
+ ent->pw_end = malloc(sizeof(*ent->pw_end));
+ if (ent->pw_end == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ *ent->pw_end = nt_time_to_unix(must_change_time);
+ } else {
+ ent->pw_end = NULL;
+ }
+ } else {
+ ent->pw_end = NULL;
+ }
+
ent->max_life = NULL;
ent->max_renew = NULL;
More information about the samba-cvs
mailing list