r18722: Fix up password change times. The can change and must change times are

calculated based on the last change time, policies, and acb flags.

Next step will be to not bother storing them.  Right now I'm just trying to
get them reported correctly.
(This used to be commit fd5761c9e52cbf8f1f7e45e71693598b27ecbf57)

diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 6d437867af69fe109d4fe8fec2c0f787ee6a62ae..7aac8f585691e51672611a9bb28035af228e040f 100644 (file)
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -72,12 +72,32 @@ time_t pdb_get_pass_last_set_time(const struct samu *sampass)
 
 time_t pdb_get_pass_can_change_time(const struct samu *sampass)
 {
-       return sampass->pass_can_change_time;
+       uint32 allow;
+
+       if (sampass->pass_last_set_time == 0)
+               return (time_t) 0;
+       
+       if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow))
+               allow = 0;
+
+       return sampass->pass_last_set_time + allow;
 }
 
 time_t pdb_get_pass_must_change_time(const struct samu *sampass)
 {
-       return sampass->pass_must_change_time;
+       uint32 expire;
+
+       if (sampass->pass_last_set_time == 0)
+               return (time_t) 0;
+
+       if (sampass->acct_ctrl & ACB_PWNOEXP)
+               return get_time_t_max();
+
+       if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
+           || expire == (uint32)-1 || expire == 0) 
+               return get_time_t_max();
+
+       return sampass->pass_last_set_time + expire;
 }
 
 uint16 pdb_get_logon_divs(const struct samu *sampass)

diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index dd98d6281042f1ad7656b85ebe1af06a8e5c0ec3..4173b0169b7ca67017f93034e171a1479d3f2cd6 100644 (file)
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -6270,6 +6270,7 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, struct samu *pw, DOM_SID *
                        pass_last_set_time, pass_can_change_time,
                        pass_must_change_time;
                        
+       time_t must_change_time;
        const char*             user_name = pdb_get_username(pw);
        const char*             full_name = pdb_get_fullname(pw);
        const char*             home_dir  = pdb_get_homedir(pw);
@@ -6294,12 +6295,16 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, struct samu *pw, DOM_SID *
        }
 
        /* Create NTTIME structs */
-       unix_to_nt_time (&logon_time,           pdb_get_logon_time(pw));
-       unix_to_nt_time (&logoff_time,          pdb_get_logoff_time(pw));
+       unix_to_nt_time (&logon_time,           pdb_get_logon_time(pw));
+       unix_to_nt_time (&logoff_time,  pdb_get_logoff_time(pw));
        unix_to_nt_time (&kickoff_time,         pdb_get_kickoff_time(pw));
-       unix_to_nt_time (&pass_last_set_time,   pdb_get_pass_last_set_time(pw));
-       unix_to_nt_time (&pass_can_change_time, pdb_get_pass_can_change_time(pw));
-       unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(pw));
+       unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw));
+       unix_to_nt_time (&pass_can_change_time,pdb_get_pass_can_change_time(pw));
+       must_change_time = pdb_get_pass_must_change_time(pw);
+       if (must_change_time == get_time_t_max())
+               unix_to_nt_time_abs(&pass_must_change_time, must_change_time);
+       else
+               unix_to_nt_time(&pass_must_change_time, must_change_time);
        
        /* structure assignment */
        usr->logon_time            = logon_time;

diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c
index 4fbd9d07d2503b0e690c140e646aa4f78a1430f1..08a2fb92bbbdece1e3bcd1614fc3506d03bc1c72 100644 (file)
--- a/source3/rpc_server/srv_samr_util.c
+++ b/source3/rpc_server/srv_samr_util.c
@@ -283,26 +283,16 @@ void copy_id21_to_sam_passwd(struct samu *to, SAM_USER_INFO_21 *from)
                }
        }
 
-       DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
-       if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
-               pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
-       } else {
-               uint32 expire;
-               time_t new_time;
-               if (pdb_get_pass_must_change_time(to) == 0) {
-                       if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
-                           || expire == (uint32)-1) {
-                               new_time = get_time_t_max();
-                       } else {
-                               time_t old_time = pdb_get_pass_last_set_time(to);
-                               new_time = old_time + expire;
-                               if ((new_time) < time(0)) {
-                                       new_time = time(0) + expire;
-                               }
-                       }
-                       if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) {
-                               DEBUG (0, ("pdb_set_pass_must_change_time failed!\n"));
-                       }
+       /* If the must change flag is set, the last set time goes to zero.
+          the must change and can change fields also do, but they are 
+          calculated from policy, not set from the wire */
+
+       if (from->fields_present & ACCT_EXPIRED_FLAG) {
+               DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
+               if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
+                       pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);         
+               } else {
+                       pdb_set_pass_last_set_time(to, time(0), PDB_CHANGED);
                }
        }
 
@@ -522,26 +512,16 @@ void copy_id23_to_sam_passwd(struct samu *to, SAM_USER_INFO_23 *from)
                }
        }
 
-       DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
-       if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
-               pdb_set_pass_must_change_time(to,0, PDB_CHANGED);               
-       } else {
-               uint32 expire;
-               time_t new_time;
-               if (pdb_get_pass_must_change_time(to) == 0) {
-                       if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
-                           || expire == (uint32)-1) {
-                               new_time = get_time_t_max();
-                       } else {
-                               time_t old_time = pdb_get_pass_last_set_time(to);
-                               new_time = old_time + expire;
-                               if ((new_time) < time(0)) {
-                                       new_time = time(0) + expire;
-                               }
-                       }
-                       if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) {
-                               DEBUG (0, ("pdb_set_pass_must_change_time failed!\n"));
-                       }
+       /* If the must change flag is set, the last set time goes to zero.
+          the must change and can change fields also do, but they are 
+          calculated from policy, not set from the wire */
+
+       if (from->fields_present & ACCT_EXPIRED_FLAG) {
+               DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
+               if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
+                       pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);         
+               } else {
+                       pdb_set_pass_last_set_time(to, time(0), PDB_CHANGED);
                }
        }