svn commit: samba r13910 - in branches/SAMBA_4_0/source: auth
dsdb/samdb kdc rpc_server/samr
abartlet at samba.org
abartlet at samba.org
Tue Mar 7 03:33:26 GMT 2006
Author: abartlet
Date: 2006-03-07 03:33:26 +0000 (Tue, 07 Mar 2006)
New Revision: 13910
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13910
Log:
Fix the 'your password has expired' on every login. We now consider
if the 'password does not expire' flag has been set, filling in the
PAC and netlogon reply correctly if so.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/auth_sam.c
branches/SAMBA_4_0/source/dsdb/samdb/samdb.c
branches/SAMBA_4_0/source/kdc/hdb-ldb.c
branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/auth_sam.c
===================================================================
--- branches/SAMBA_4_0/source/auth/auth_sam.c 2006-03-07 03:30:59 UTC (rev 13909)
+++ branches/SAMBA_4_0/source/auth/auth_sam.c 2006-03-07 03:33:26 UTC (rev 13910)
@@ -172,8 +172,7 @@
acct_expiry = samdb_result_nttime(msg, "accountExpires", 0);
must_change_time = samdb_result_force_password_change(sam_ctx, mem_ctx,
- domain_dn, msg,
- "pwdLastSet");
+ domain_dn, msg);
last_set_time = samdb_result_nttime(msg, "pwdLastSet", 0);
workstation_list = samdb_result_string(msg, "userWorkstations", NULL);
@@ -423,10 +422,10 @@
}
NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
- struct ldb_message *msg,
- struct ldb_message *msg_domain_ref,
- DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key,
- struct auth_serversupplied_info **_server_info)
+ struct ldb_message *msg,
+ struct ldb_message *msg_domain_ref,
+ DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key,
+ struct auth_serversupplied_info **_server_info)
{
struct auth_serversupplied_info *server_info;
struct ldb_message **group_msgs;
@@ -523,13 +522,17 @@
server_info->acct_expiry = samdb_result_nttime(msg, "accountExpires", 0);
server_info->last_password_change = samdb_result_nttime(msg, "pwdLastSet", 0);
- ncname = samdb_result_dn(mem_ctx, msg_domain_ref, "nCName", ldb_dn_new(mem_ctx));
-
- server_info->allow_password_change = samdb_result_allow_password_change(sam_ctx, mem_ctx,
- ncname, msg, "pwdLastSet");
- server_info->force_password_change = samdb_result_force_password_change(sam_ctx, mem_ctx,
- ncname, msg, "pwdLastSet");
-
+ ncname = samdb_result_dn(mem_ctx, msg_domain_ref, "nCName", NULL);
+ if (!ncname) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ server_info->allow_password_change
+ = samdb_result_allow_password_change(sam_ctx, mem_ctx,
+ ncname, msg, "pwdLastSet");
+ server_info->force_password_change
+ = samdb_result_force_password_change(sam_ctx, mem_ctx,
+ ncname, msg);
+
server_info->logon_count = samdb_result_uint(msg, "logonCount", 0);
server_info->bad_password_count = samdb_result_uint(msg, "badPwdCount", 0);
Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c 2006-03-07 03:30:59 UTC (rev 13909)
+++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c 2006-03-07 03:33:26 UTC (rev 13910)
@@ -29,6 +29,7 @@
#include "system/filesys.h"
#include "db_wrap.h"
#include "dsdb/samdb/samdb.h"
+#include "ads.h"
/*
connect to the SAM database
@@ -487,12 +488,16 @@
NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb,
TALLOC_CTX *mem_ctx,
const struct ldb_dn *domain_dn,
- struct ldb_message *msg,
- const char *attr)
+ struct ldb_message *msg)
{
- uint64_t attr_time = samdb_result_uint64(msg, attr, 0);
+ uint64_t attr_time = samdb_result_uint64(msg, "pwdLastSet", 0);
+ uint32_t user_flags = samdb_result_uint64(msg, "userAccountControl", 0);
int64_t maxPwdAge;
+ if (user_flags & UF_DONT_EXPIRE_PASSWD) {
+ return 0x7FFFFFFFFFFFFFFFULL;
+ }
+
if (attr_time == 0) {
return 0;
}
Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-03-07 03:30:59 UTC (rev 13909)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-03-07 03:33:26 UTC (rev 13910)
@@ -355,21 +355,19 @@
*entry_ex->entry.valid_end = nt_time_to_unix(acct_expiry);
}
- if (!(userAccountControl & UF_DONT_EXPIRE_PASSWD) &&
- (ent_type != HDB_LDB_ENT_TYPE_KRBTGT)) {
+ if (ent_type != HDB_LDB_ENT_TYPE_KRBTGT) {
NTTIME must_change_time
= samdb_result_force_password_change((struct ldb_context *)db->hdb_db, mem_ctx,
- domain_dn, msg,
- "pwdLastSet");
- if (must_change_time != 0) {
+ domain_dn, msg);
+ if (must_change_time == 0x7FFFFFFFFFFFFFFFULL) {
+ entry_ex->entry.pw_end = NULL;
+ } else {
entry_ex->entry.pw_end = malloc(sizeof(*entry_ex->entry.pw_end));
if (entry_ex->entry.pw_end == NULL) {
ret = ENOMEM;
goto out;
}
*entry_ex->entry.pw_end = nt_time_to_unix(must_change_time);
- } else {
- entry_ex->entry.pw_end = NULL;
}
} else {
entry_ex->entry.pw_end = NULL;
Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2006-03-07 03:30:59 UTC (rev 13909)
+++ branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2006-03-07 03:33:26 UTC (rev 13910)
@@ -1557,7 +1557,7 @@
a_state->domain_state->domain_dn, msg, attr);
#define QUERY_FPASSC(msg, field, attr) \
r->out.info->field = samdb_result_force_password_change(a_state->sam_ctx, mem_ctx, \
- a_state->domain_state->domain_dn, msg, attr);
+ a_state->domain_state->domain_dn, msg);
#define QUERY_LHOURS(msg, field, attr) \
r->out.info->field = samdb_result_logon_hours(mem_ctx, msg, attr);
#define QUERY_AFLAGS(msg, field, attr) \
More information about the samba-cvs
mailing list