Fix change password, samba-3.0.3pre2
Jianliang Lu
j.lu at tiesse.com
Thu Apr 15 10:37:25 GMT 2004
When a user's "can change password time" is not expired and he tries change
his password, the return NT_STATUS code should be
NT_STATUS_ACCOUNT_RESTRICTION (0xC0000000 | 0x006e), not
NT_STATUS_PASSWORD_RESTRICTION (0xC0000000 | 0x006c).
Also, if a user's "must change password" is set, he can anyway change his
password whatever was the "can change password time".
->patch:
--- smbd/chgpasswd.c.orig Fri Apr 9 08:58:33 2004
+++ smbd/chgpasswd.c Thu Apr 15 11:38:07 2004
@@ -956,10 +956,10 @@
BOOL ret;
uint32 min_len;
- if (time(NULL) < pdb_get_pass_can_change_time(hnd)) {
+ if ((time(NULL) < pdb_get_pass_can_change_time(hnd)) &&
(pdb_get_pass_must_change_
time(hnd) != 0)) {
DEBUG(1, ("user %s cannot change password now, must wait until %s\n",
pdb_get_username(hnd), http_timestring
(pdb_get_pass_can_change_time(hnd)
)));
- return NT_STATUS_PASSWORD_RESTRICTION;
+ return NT_STATUS_ACCOUNT_RESTRICTION;
}
if (account_policy_get(AP_MIN_PASSWORD_LEN, &min_len) && (strlen
(new_passwd) < min
_len)) {
Jianliang Lu
TieSse s.p.a. Ivrea (To) - Italy
j.lu at tiesse.com luj at libero.it
http://www.tiesse.com
More information about the samba-technical
mailing list