The branch, v3-3-test has been updated via 0f292d70f698b8ae885005b5704a96476e876571 (commit) from 49f99fcf12523c4a8ef450b66eeb677dc0036939 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log ----------------------------------------------------------------- commit 0f292d70f698b8ae885005b5704a96476e876571 Author: Jim McDonough <[EMAIL PROTECTED]> Date: Mon Jun 9 11:45:39 2008 -0400 Don't reset password last set time just because the expired flag is set to 0. If the account wasn't expired but autolocked, using "net user /dom <username> /active:y" would clear this, incorrectly setting the current time as the new "password last set" time. ----------------------------------------------------------------------- Summary of changes: source/rpc_server/srv_samr_util.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/rpc_server/srv_samr_util.c b/source/rpc_server/srv_samr_util.c index 74daf46..ef588ae 100644 --- a/source/rpc_server/srv_samr_util.c +++ b/source/rpc_server/srv_samr_util.c @@ -339,7 +339,15 @@ void copy_id21_to_sam_passwd(const char *log_prefix, if (from->password_expired == PASS_MUST_CHANGE_AT_NEXT_LOGON) { pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); } else { - pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED); + /* A subtlety here: some windows commands will + clear the expired flag even though it's not + set, and we don't want to reset the time + in these caess. "net user /dom <user> /active:y" + for example, to clear an autolocked acct. + We must check to see if it's expired first. jmcd */ + stored_time = pdb_get_pass_last_set_time(to); + if (stored_time == 0) + pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED); } } } -- Samba Shared Repository