sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

r18722: Fix up password change times. The can change and must change times are

Browse Source 
calculated based on the last change time, policies, and acb flags.

Next step will be to not bother storing them.  Right now I'm just trying to
get them reported correctly.
(This used to be commit fd5761c9e5)
This commit is contained in:
Jim McDonough 2006-09-20 17:25:46 +00:00 committed by Gerald (Jerry) Carter
parent eb6e31afed
commit e04dda6a2a
3 changed files with 52 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
source3/passdb/pdb_get_set.c
View File

@ -72,12 +72,32 @@ time_t pdb_get_pass_last_set_time(const struct samu *sampass)
time_t pdb_get_pass_can_change_time(const struct samu *sampass) time_t pdb_get_pass_can_change_time(const struct samu *sampass)
{ {
return sampass->pass_can_change_time; uint32 allow;
if (sampass->pass_last_set_time == 0)
return (time_t) 0;
if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow))
allow = 0;
return sampass->pass_last_set_time + allow;
} }
time_t pdb_get_pass_must_change_time(const struct samu *sampass) time_t pdb_get_pass_must_change_time(const struct samu *sampass)
{ {
return sampass->pass_must_change_time; uint32 expire;
if (sampass->pass_last_set_time == 0)
return (time_t) 0;
if (sampass->acct_ctrl & ACB_PWNOEXP)
return get_time_t_max();
if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
|| expire == (uint32)-1 || expire == 0)
return get_time_t_max();
return sampass->pass_last_set_time + expire;
} }
uint16 pdb_get_logon_divs(const struct samu *sampass) uint16 pdb_get_logon_divs(const struct samu *sampass)

15
source3/rpc_parse/parse_samr.c
View File

@ -6270,6 +6270,7 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, struct samu *pw, DOM_SID *
pass_last_set_time, pass_can_change_time, pass_last_set_time, pass_can_change_time,
pass_must_change_time; pass_must_change_time;
time_t must_change_time;
const char* user_name = pdb_get_username(pw); const char* user_name = pdb_get_username(pw);
const char* full_name = pdb_get_fullname(pw); const char* full_name = pdb_get_fullname(pw);
const char* home_dir = pdb_get_homedir(pw); const char* home_dir = pdb_get_homedir(pw);
@ -6294,12 +6295,16 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, struct samu *pw, DOM_SID *
} }
/* Create NTTIME structs */ /* Create NTTIME structs */
unix_to_nt_time (&logon_time, pdb_get_logon_time(pw)); unix_to_nt_time (&logon_time, pdb_get_logon_time(pw));
unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw)); unix_to_nt_time (&logoff_time, pdb_get_logoff_time(pw));
unix_to_nt_time (&kickoff_time, pdb_get_kickoff_time(pw)); unix_to_nt_time (&kickoff_time, pdb_get_kickoff_time(pw));
unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw)); unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw));
unix_to_nt_time (&pass_can_change_time, pdb_get_pass_can_change_time(pw)); unix_to_nt_time (&pass_can_change_time,pdb_get_pass_can_change_time(pw));
unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(pw)); must_change_time = pdb_get_pass_must_change_time(pw);
if (must_change_time == get_time_t_max())
unix_to_nt_time_abs(&pass_must_change_time, must_change_time);
else
unix_to_nt_time(&pass_must_change_time, must_change_time);
/* structure assignment */ /* structure assignment */
usr->logon_time = logon_time; usr->logon_time = logon_time;

60
source3/rpc_server/srv_samr_util.c
View File

@ -283,26 +283,16 @@ void copy_id21_to_sam_passwd(struct samu *to, SAM_USER_INFO_21 *from)
} }
} }
DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); /* If the must change flag is set, the last set time goes to zero.
if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { the must change and can change fields also do, but they are
pdb_set_pass_must_change_time(to,0, PDB_CHANGED); calculated from policy, not set from the wire */
} else {
uint32 expire; if (from->fields_present & ACCT_EXPIRED_FLAG) {
time_t new_time; DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
if (pdb_get_pass_must_change_time(to) == 0) { if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
|| expire == (uint32)-1) { } else {
new_time = get_time_t_max(); pdb_set_pass_last_set_time(to, time(0), PDB_CHANGED);
} else {
time_t old_time = pdb_get_pass_last_set_time(to);
new_time = old_time + expire;
if ((new_time) < time(0)) {
new_time = time(0) + expire;
}
}
if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) {
DEBUG (0, ("pdb_set_pass_must_change_time failed!\n"));
}
} }
} }
@ -522,26 +512,16 @@ void copy_id23_to_sam_passwd(struct samu *to, SAM_USER_INFO_23 *from)
} }
} }
DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); /* If the must change flag is set, the last set time goes to zero.
if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { the must change and can change fields also do, but they are
pdb_set_pass_must_change_time(to,0, PDB_CHANGED); calculated from policy, not set from the wire */
} else {
uint32 expire; if (from->fields_present & ACCT_EXPIRED_FLAG) {
time_t new_time; DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
if (pdb_get_pass_must_change_time(to) == 0) { if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
|| expire == (uint32)-1) { } else {
new_time = get_time_t_max(); pdb_set_pass_last_set_time(to, time(0), PDB_CHANGED);
} else {
time_t old_time = pdb_get_pass_last_set_time(to);
new_time = old_time + expire;
if ((new_time) < time(0)) {
new_time = time(0) + expire;
}
}
if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) {
DEBUG (0, ("pdb_set_pass_must_change_time failed!\n"));
}
} }
} }