sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-10 12:58:35 +03:00
Code

r13375: Match XP behaviour: Don't force 'Administrator' to change an expired

Browse Source 
password on logon. (this might be true for all domain admins as well).

Guenther
This commit is contained in:
Günther Deschner 2006-02-07 17:18:29 +00:00 committed by Gerald (Jerry) Carter
parent e9bcc24b13
commit 24c6b9fecb
3 changed files with 8 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source/nsswitch/pam_winbind.c
View File

@ -419,7 +419,8 @@ static int winbind_auth_request(pam_handle_t * pamh,
/* handle the case where the auth was ok, but the password must expire right now */
/* good catch from Ralf Haferkamp: an expiry of "never" is translated to -1 */
if ((response.data.auth.policy.expire > 0) &&
if ((response.data.auth.info3.user_rid != DOMAIN_USER_RID_ADMIN ) &&
(response.data.auth.policy.expire > 0) &&
(response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire < time(NULL))) {
ret = PAM_AUTHTOK_EXPIRED;
@ -435,7 +436,8 @@ static int winbind_auth_request(pam_handle_t * pamh,
}
/* warn a user if the password is about to expire soon */
if ((response.data.auth.policy.expire) &&
if ((response.data.auth.info3.user_rid != DOMAIN_USER_RID_ADMIN ) &&
(response.data.auth.policy.expire) &&
(response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire > time(NULL) ) ) {
int days = response.data.auth.policy.expire / SECONDS_PER_DAY;

4
source/nsswitch/winbindd_nss.h
View File

@ -338,8 +338,8 @@ struct winbindd_response {
time_t pass_must_change_time;
uint16 logon_count;
uint16 bad_pw_count;
fstring user_sid;
fstring group_sid;
uint32 user_rid;
uint32 group_rid;
fstring dom_sid;
uint32 num_groups;
uint32 user_flgs;

15
source/nsswitch/winbindd_pam.c
View File

@ -32,7 +32,6 @@ static NTSTATUS append_info3_as_txt(TALLOC_CTX *mem_ctx,
struct winbindd_cli_state *state,
NET_USER_INFO_3 *info3)
{
DOM_SID user_sid, group_sid;
fstring str_sid;
state->response.data.auth.info3.logon_time =
@ -51,18 +50,8 @@ static NTSTATUS append_info3_as_txt(TALLOC_CTX *mem_ctx,
state->response.data.auth.info3.logon_count = info3->logon_count;
state->response.data.auth.info3.bad_pw_count = info3->bad_pw_count;
sid_copy(&user_sid, &(info3->dom_sid.sid));
sid_append_rid(&user_sid, info3->user_rid);
sid_to_string(str_sid, &user_sid);
fstrcpy(state->response.data.auth.info3.user_sid, str_sid);
sid_copy(&group_sid, &(info3->dom_sid.sid));
sid_append_rid(&group_sid, info3->group_rid);
sid_to_string(str_sid, &group_sid);
fstrcpy(state->response.data.auth.info3.group_sid, str_sid);
state->response.data.auth.info3.user_rid = info3->user_rid;
state->response.data.auth.info3.group_rid = info3->group_rid;
sid_to_string(str_sid, &(info3->dom_sid.sid));
fstrcpy(state->response.data.auth.info3.dom_sid, str_sid);