The branch, v3-3-test has been updated
via 0f292d70f698b8ae885005b5704a96476e876571 (commit)
from 49f99fcf12523c4a8ef450b66eeb677dc0036939 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 0f292d70f698b8ae885005b5704a96476e876571
Author: Jim McDonough <[EMAIL PROTECTED]>
Date: Mon Jun 9 11:45:39 2008 -0400
Don't reset password last set time just because the expired flag
is set to 0. If the account wasn't expired but autolocked,
using "net user /dom <username> /active:y" would clear this,
incorrectly setting the current time as the new "password last set"
time.
-----------------------------------------------------------------------
Summary of changes:
source/rpc_server/srv_samr_util.c | 10 +++++++++-
1 files changed, 9 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/rpc_server/srv_samr_util.c
b/source/rpc_server/srv_samr_util.c
index 74daf46..ef588ae 100644
--- a/source/rpc_server/srv_samr_util.c
+++ b/source/rpc_server/srv_samr_util.c
@@ -339,7 +339,15 @@ void copy_id21_to_sam_passwd(const char *log_prefix,
if (from->password_expired == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
} else {
- pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED);
+ /* A subtlety here: some windows commands will
+ clear the expired flag even though it's not
+ set, and we don't want to reset the time
+ in these caess. "net user /dom <user> /active:y"
+ for example, to clear an autolocked acct.
+ We must check to see if it's expired first. jmcd */
+ stored_time = pdb_get_pass_last_set_time(to);
+ if (stored_time == 0)
+ pdb_set_pass_last_set_time(to,
time(NULL),PDB_CHANGED);
}
}
}
--
Samba Shared Repository
