The Samba-Bugzilla – Attachment 7105 Details for
Bug 8561
Password change settings not fully observed
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.2
0001-Fix-bug-8561-Password-change-settings-not-fully-obse.patch (text/plain), 4.40 KB, created by
Jeremy Allison
on 2011-11-15 23:43:59 UTC
(
hide
)
Description:
git-am fix for 3.6.2
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-11-15 23:43:59 UTC
Size:
4.40 KB
patch
obsolete
>From 1d47053c41a80867a458d759e732bf350efbf92e Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 15 Nov 2011 15:42:50 -0800 >Subject: [PATCH] Fix bug #8561 - Password change settings not fully observed. > >Based on commit 3ede4ffe969f806ba2363b62c09673c32a4ec296 in master >(with a change to set the header prototype in the correct file). >--- > source3/passdb/pdb_get_set.c | 38 +++++++++++++++++++++++++++++--- > source3/passdb/proto.h | 1 + > source3/rpc_server/samr/srv_samr_nt.c | 2 +- > 3 files changed, 36 insertions(+), 5 deletions(-) > >diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c >index 782c08f..a276c16 100644 >--- a/source3/passdb/pdb_get_set.c >+++ b/source3/passdb/pdb_get_set.c >@@ -39,6 +39,36 @@ > #define PDB_NOT_QUITE_NULL "" > > /********************************************************************* >+ Test if a change time is a max value. Copes with old and new values >+ of max. >+ ********************************************************************/ >+ >+bool pdb_is_password_change_time_max(time_t test_time) >+{ >+ if (test_time == get_time_t_max()) { >+ return true; >+ } >+#if (defined(SIZEOF_TIME_T) && (SIZEOF_TIME_T == 8)) >+ if (test_time == 0x7FFFFFFFFFFFFFFFLL) { >+ return true; >+ } >+#endif >+ if (test_time == 0x7FFFFFFF) { >+ return true; >+ } >+ return false; >+} >+ >+/********************************************************************* >+ Return an unchanging version of max password change time - 0x7FFFFFFF. >+ ********************************************************************/ >+ >+time_t pdb_password_change_time_max(void) >+{ >+ return 0x7FFFFFFF; >+} >+ >+/********************************************************************* > Collection of get...() functions for struct samu. > ********************************************************************/ > >@@ -86,7 +116,7 @@ time_t pdb_get_pass_can_change_time(const struct samu *sampass) > we're trying to update this real value from the sampass > to indicate that the user cannot change their password. jmcd > */ >- if (sampass->pass_can_change_time == get_time_t_max() && >+ if (pdb_is_password_change_time_max(sampass->pass_can_change_time) && > IS_SAM_CHANGED(sampass, PDB_CANCHANGETIME)) > return sampass->pass_can_change_time; > >@@ -112,7 +142,7 @@ time_t pdb_get_pass_must_change_time(const struct samu *sampass) > return (time_t) 0; > > if (sampass->acct_ctrl & ACB_PWNOEXP) >- return get_time_t_max(); >+ return pdb_password_change_time_max(); > > if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire) > || expire == (uint32_t)-1 || expire == 0) >@@ -123,7 +153,7 @@ time_t pdb_get_pass_must_change_time(const struct samu *sampass) > > bool pdb_get_pass_can_change(const struct samu *sampass) > { >- if (sampass->pass_can_change_time == get_time_t_max()) >+ if (pdb_is_password_change_time_max(sampass->pass_can_change_time)) > return False; > return True; > } >@@ -958,7 +988,7 @@ bool pdb_set_backend_private_data(struct samu *sampass, void *private_data, > bool pdb_set_pass_can_change(struct samu *sampass, bool canchange) > { > return pdb_set_pass_can_change_time(sampass, >- canchange ? 0 : get_time_t_max(), >+ canchange ? 0 : pdb_password_change_time_max(), > PDB_CHANGED); > } > >diff --git a/source3/passdb/proto.h b/source3/passdb/proto.h >index 8b95b72..0ac812f 100644 >--- a/source3/passdb/proto.h >+++ b/source3/passdb/proto.h >@@ -112,6 +112,7 @@ bool pdb_set_group_sid_from_rid (struct samu *sampass, uint32_t grid, enum pdb_v > > /* The following definitions come from passdb/pdb_get_set.c */ > >+bool pdb_is_password_change_time_max(time_t test_time); > uint32_t pdb_get_acct_ctrl(const struct samu *sampass); > time_t pdb_get_logon_time(const struct samu *sampass); > time_t pdb_get_logoff_time(const struct samu *sampass); >diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c >index dad06f7..78ef1ba 100644 >--- a/source3/rpc_server/samr/srv_samr_nt.c >+++ b/source3/rpc_server/samr/srv_samr_nt.c >@@ -2824,7 +2824,7 @@ static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, > unix_to_nt_time(&r->allow_password_change, pdb_get_pass_can_change_time(pw)); > > must_change_time = pdb_get_pass_must_change_time(pw); >- if (must_change_time == get_time_t_max()) { >+ if (pdb_is_password_change_time_max(must_change_time)) { > unix_to_nt_time_abs(&force_password_change, must_change_time); > } else { > unix_to_nt_time(&force_password_change, must_change_time); >-- >1.7.3.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 8561
:
7050
|
7055
|
7104
| 7105