oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Patch to handle sambaPwdLastSet, sambaPwdMustChange was drop some Samba versions ago.

Browse Source 
From David Markey

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23929 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-10-18 21:16:35 +00:00
parent 8eb11663ce
commit 9f696b11c2
1 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
lib/hdb/hdb-ldap.c
View File

@@ -629,6 +629,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
&& ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) { && ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
char *ntHexPassword; char *ntHexPassword;
char *nt; char *nt;
time_t now = time(NULL);
/* the key might have been 'sealed', but samba passwords /* the key might have been 'sealed', but samba passwords
are clear in the directory */ are clear in the directory */
@@ -650,6 +651,10 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
free(ntHexPassword); free(ntHexPassword);
if (ret) if (ret)
goto out; goto out;
ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
"sambaPwdLastSet", now);
if (ret)
goto out;
/* have to kill the LM passwod if it exists */ /* have to kill the LM passwod if it exists */
vals = ldap_get_values_len(HDB2LDAP(db), msg, "sambaLMPassword"); vals = ldap_get_values_len(HDB2LDAP(db), msg, "sambaLMPassword");
@@ -1172,6 +1177,27 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->entry.pw_end = NULL; ent->entry.pw_end = NULL;
} }
ret = LDAP_get_integer_value(db, msg, "sambaPwdLastSet", &tmp_time);
if (ret == 0) {
time_t delta;
if (ent->entry.pw_end == NULL) {
ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end));
if (ent->entry.pw_end == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
}
delta = krb5_config_get_time_default(context, NULL,
365 * 24 * 60 * 60,
"kadmin",
"password_lifetime",
NULL);
*ent->entry.pw_end = tmp_time + delta;
}
ret = LDAP_get_integer_value(db, msg, "sambaPwdMustChange", &tmp_time); ret = LDAP_get_integer_value(db, msg, "sambaPwdMustChange", &tmp_time);
if (ret == 0) { if (ret == 0) {
if (ent->entry.pw_end == NULL) { if (ent->entry.pw_end == NULL) {