The branch, v3-2-test has been updated via 2089c692cfe5a4f9bbed1e658c6f73c310dbff57 (commit) from 1b9894622fccd044647abfe2c13c3018f72a6949 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log ----------------------------------------------------------------- commit 2089c692cfe5a4f9bbed1e658c6f73c310dbff57 Author: Jim McDonough <[EMAIL PROTECTED]> Date: Mon Jun 9 11:45:39 2008 -0400 Don't reset password last set time just because the expired flag is set to 0. If the account wasn't expired but autolocked, using "net user /dom <username> /active:y" would clear this, incorrectly setting the current time as the new "password last set" time. ----------------------------------------------------------------------- Summary of changes: source/rpc_server/srv_samr_util.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/rpc_server/srv_samr_util.c b/source/rpc_server/srv_samr_util.c index 74daf46..ef588ae 100644 --- a/source/rpc_server/srv_samr_util.c +++ b/source/rpc_server/srv_samr_util.c @@ -339,7 +339,15 @@ void copy_id21_to_sam_passwd(const char *log_prefix, if (from->password_expired == PASS_MUST_CHANGE_AT_NEXT_LOGON) { pdb_set_pass_last_set_time(to, 0, PDB_CHANGED); } else { - pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED); + /* A subtlety here: some windows commands will + clear the expired flag even though it's not + set, and we don't want to reset the time + in these caess. "net user /dom <user> /active:y" + for example, to clear an autolocked acct. + We must check to see if it's expired first. jmcd */ + stored_time = pdb_get_pass_last_set_time(to); + if (stored_time == 0) + pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED); } } } -- Samba Shared Repository