svn commit: samba r13291 - branches/SAMBA_3_0/source/smbd
trunk/source/smbd
vlendec at samba.org
vlendec at samba.org
Thu Feb 2 16:38:39 GMT 2006
Author: vlendec
Date: 2006-02-02 16:38:37 +0000 (Thu, 02 Feb 2006)
New Revision: 13291
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13291
Log:
NT checks the minimum password age dynamically. That means we have to ignore
the sambapwdmustchange field if we can access the corresponding account
policy and calculate it dynamically based on the pwdlastset field.
Volker
Modified:
branches/SAMBA_3_0/source/smbd/chgpasswd.c
trunk/source/smbd/chgpasswd.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/chgpasswd.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/chgpasswd.c 2006-02-02 16:25:58 UTC (rev 13290)
+++ branches/SAMBA_3_0/source/smbd/chgpasswd.c 2006-02-02 16:38:37 UTC (rev 13291)
@@ -1010,15 +1010,31 @@
NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passwd, BOOL as_root)
{
BOOL ret;
- uint32 min_len;
+ uint32 min_len, min_age;
struct passwd *pass = NULL;
const char *username = pdb_get_username(hnd);
+ time_t last_change_time = pdb_get_pass_last_set_time(hnd);
time_t can_change_time = pdb_get_pass_can_change_time(hnd);
- if ((can_change_time != 0) && (time(NULL) < can_change_time)) {
- DEBUG(1, ("user %s cannot change password now, must wait until %s\n",
- username, http_timestring(can_change_time)));
- return NT_STATUS_ACCOUNT_RESTRICTION;
+ if (pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age)) {
+ /*
+ * Windows calculates the minimum password age check
+ * dynamically, it basically ignores the pwdcanchange
+ * timestamp. Do likewise.
+ */
+ if (last_change_time + min_age > time(NULL)) {
+ DEBUG(1, ("user %s cannot change password now, must "
+ "wait until %s\n", username,
+ http_timestring(last_change_time+min_age)));
+ return NT_STATUS_ACCOUNT_RESTRICTION;
+ }
+ } else {
+ if ((can_change_time != 0) && (time(NULL) < can_change_time)) {
+ DEBUG(1, ("user %s cannot change password now, must "
+ "wait until %s\n", username,
+ http_timestring(can_change_time)));
+ return NT_STATUS_ACCOUNT_RESTRICTION;
+ }
}
if (pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) {
Modified: trunk/source/smbd/chgpasswd.c
===================================================================
--- trunk/source/smbd/chgpasswd.c 2006-02-02 16:25:58 UTC (rev 13290)
+++ trunk/source/smbd/chgpasswd.c 2006-02-02 16:38:37 UTC (rev 13291)
@@ -1009,15 +1009,31 @@
NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passwd, BOOL as_root)
{
- uint32 min_len;
+ uint32 min_len, min_age;
struct passwd *pass = NULL;
const char *username = pdb_get_username(hnd);
+ time_t last_change_time = pdb_get_pass_last_set_time(hnd);
time_t can_change_time = pdb_get_pass_can_change_time(hnd);
- if ((can_change_time != 0) && (time(NULL) < can_change_time)) {
- DEBUG(1, ("user %s cannot change password now, must wait until %s\n",
- username, http_timestring(can_change_time)));
- return NT_STATUS_ACCOUNT_RESTRICTION;
+ if (pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age)) {
+ /*
+ * Windows calculates the minimum password age check
+ * dynamically, it basically ignores the pwdcanchange
+ * timestamp. Do likewise.
+ */
+ if (last_change_time + min_age > time(NULL)) {
+ DEBUG(1, ("user %s cannot change password now, must "
+ "wait until %s\n", username,
+ http_timestring(last_change_time+min_age)));
+ return NT_STATUS_ACCOUNT_RESTRICTION;
+ }
+ } else {
+ if ((can_change_time != 0) && (time(NULL) < can_change_time)) {
+ DEBUG(1, ("user %s cannot change password now, must "
+ "wait until %s\n", username,
+ http_timestring(can_change_time)));
+ return NT_STATUS_ACCOUNT_RESTRICTION;
+ }
}
if (pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) {
More information about the samba-cvs
mailing list