svn commit: samba r18722 - in branches/SAMBA_3_0/source: passdb rpc_parse rpc_server

[jmcd at samba.org]

Author: jmcd
Date: 2006-09-20 17:25:46 +0000 (Wed, 20 Sep 2006)
New Revision: 18722

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18722

Log:
Fix up password change times.  The can change and must change times are
calculated based on the last change time, policies, and acb flags.

Next step will be to not bother storing them.  Right now I'm just trying to 
get them reported correctly. 

Modified:
   branches/SAMBA_3_0/source/passdb/pdb_get_set.c
   branches/SAMBA_3_0/source/rpc_parse/parse_samr.c
   branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c


Changeset:
Modified: branches/SAMBA_3_0/source/passdb/pdb_get_set.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/pdb_get_set.c	2006-09-20 17:19:05 UTC (rev 18721)
+++ branches/SAMBA_3_0/source/passdb/pdb_get_set.c	2006-09-20 17:25:46 UTC (rev 18722)
@@ -72,12 +72,32 @@
 
 time_t pdb_get_pass_can_change_time(const struct samu *sampass)
 {
-	return sampass->pass_can_change_time;
+	uint32 allow;
+
+	if (sampass->pass_last_set_time == 0)
+		return (time_t) 0;
+	
+	if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow))
+		allow = 0;
+
+	return sampass->pass_last_set_time + allow;
 }
 
 time_t pdb_get_pass_must_change_time(const struct samu *sampass)
 {
-	return sampass->pass_must_change_time;
+	uint32 expire;
+
+	if (sampass->pass_last_set_time == 0)
+		return (time_t) 0;
+
+	if (sampass->acct_ctrl & ACB_PWNOEXP)
+		return get_time_t_max();
+
+	if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
+	    || expire == (uint32)-1 || expire == 0) 
+		return get_time_t_max();
+
+	return sampass->pass_last_set_time + expire;
 }
 
 uint16 pdb_get_logon_divs(const struct samu *sampass)

Modified: branches/SAMBA_3_0/source/rpc_parse/parse_samr.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_parse/parse_samr.c	2006-09-20 17:19:05 UTC (rev 18721)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_samr.c	2006-09-20 17:25:46 UTC (rev 18722)
@@ -6270,6 +6270,7 @@
 			pass_last_set_time, pass_can_change_time,
 			pass_must_change_time;
 			
+	time_t must_change_time;
 	const char*		user_name = pdb_get_username(pw);
 	const char*		full_name = pdb_get_fullname(pw);
 	const char*		home_dir  = pdb_get_homedir(pw);
@@ -6294,12 +6295,16 @@
 	}
 
 	/* Create NTTIME structs */
-	unix_to_nt_time (&logon_time, 		pdb_get_logon_time(pw));
-	unix_to_nt_time (&logoff_time, 		pdb_get_logoff_time(pw));
+	unix_to_nt_time (&logon_time,	        pdb_get_logon_time(pw));
+	unix_to_nt_time (&logoff_time,	pdb_get_logoff_time(pw));
 	unix_to_nt_time (&kickoff_time, 	pdb_get_kickoff_time(pw));
-	unix_to_nt_time (&pass_last_set_time, 	pdb_get_pass_last_set_time(pw));
-	unix_to_nt_time (&pass_can_change_time,	pdb_get_pass_can_change_time(pw));
-	unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(pw));
+	unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw));
+	unix_to_nt_time (&pass_can_change_time,pdb_get_pass_can_change_time(pw));
+	must_change_time = pdb_get_pass_must_change_time(pw);
+	if (must_change_time == get_time_t_max())
+		unix_to_nt_time_abs(&pass_must_change_time, must_change_time);
+	else
+		unix_to_nt_time(&pass_must_change_time, must_change_time);
 	
 	/* structure assignment */
 	usr->logon_time            = logon_time;

Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c	2006-09-20 17:19:05 UTC (rev 18721)
+++ branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c	2006-09-20 17:25:46 UTC (rev 18722)
@@ -283,26 +283,16 @@
 		}
 	}
 
-	DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
-	if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
-		pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
-	} else {
-		uint32 expire;
-		time_t new_time;
-		if (pdb_get_pass_must_change_time(to) == 0) {
-			if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
-			    || expire == (uint32)-1) {
-				new_time = get_time_t_max();
-			} else {
-				time_t old_time = pdb_get_pass_last_set_time(to);
-				new_time = old_time + expire;
-				if ((new_time) < time(0)) {
-					new_time = time(0) + expire;
-				}
-			}
-			if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) {
-				DEBUG (0, ("pdb_set_pass_must_change_time failed!\n"));
-			}
+	/* If the must change flag is set, the last set time goes to zero.
+	   the must change and can change fields also do, but they are 
+	   calculated from policy, not set from the wire */
+
+	if (from->fields_present & ACCT_EXPIRED_FLAG) {
+		DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
+		if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
+			pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);		
+		} else {
+			pdb_set_pass_last_set_time(to, time(0), PDB_CHANGED);
 		}
 	}
 
@@ -522,26 +512,16 @@
 		}
 	}
 
-	DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
-	if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
-		pdb_set_pass_must_change_time(to,0, PDB_CHANGED);		
-	} else {
-		uint32 expire;
-		time_t new_time;
-		if (pdb_get_pass_must_change_time(to) == 0) {
-			if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
-			    || expire == (uint32)-1) {
-				new_time = get_time_t_max();
-			} else {
-				time_t old_time = pdb_get_pass_last_set_time(to);
-				new_time = old_time + expire;
-				if ((new_time) < time(0)) {
-					new_time = time(0) + expire;
-				}
-			}
-			if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) {
-				DEBUG (0, ("pdb_set_pass_must_change_time failed!\n"));
-			}
+	/* If the must change flag is set, the last set time goes to zero.
+	   the must change and can change fields also do, but they are 
+	   calculated from policy, not set from the wire */
+
+	if (from->fields_present & ACCT_EXPIRED_FLAG) {
+		DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
+		if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
+			pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);		
+		} else {
+			pdb_set_pass_last_set_time(to, time(0), PDB_CHANGED);
 		}
 	}