/* handle the case where the auth was ok, but the password must expire right now */
/* good catch from Ralf Haferkamp: an expiry of "never" is translated to -1 */
- if ((response.data.auth.policy.expire > 0) &&
+ if ((response.data.auth.info3.user_rid != DOMAIN_USER_RID_ADMIN ) &&
+ (response.data.auth.policy.expire > 0) &&
(response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire < time(NULL))) {
ret = PAM_AUTHTOK_EXPIRED;
}
/* warn a user if the password is about to expire soon */
- if ((response.data.auth.policy.expire) &&
+ if ((response.data.auth.info3.user_rid != DOMAIN_USER_RID_ADMIN ) &&
+ (response.data.auth.policy.expire) &&
(response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire > time(NULL) ) ) {
int days = response.data.auth.policy.expire / SECONDS_PER_DAY;
struct winbindd_cli_state *state,
NET_USER_INFO_3 *info3)
{
- DOM_SID user_sid, group_sid;
fstring str_sid;
state->response.data.auth.info3.logon_time =
state->response.data.auth.info3.logon_count = info3->logon_count;
state->response.data.auth.info3.bad_pw_count = info3->bad_pw_count;
- sid_copy(&user_sid, &(info3->dom_sid.sid));
- sid_append_rid(&user_sid, info3->user_rid);
-
- sid_to_string(str_sid, &user_sid);
- fstrcpy(state->response.data.auth.info3.user_sid, str_sid);
-
- sid_copy(&group_sid, &(info3->dom_sid.sid));
- sid_append_rid(&group_sid, info3->group_rid);
-
- sid_to_string(str_sid, &group_sid);
- fstrcpy(state->response.data.auth.info3.group_sid, str_sid);
-
+ state->response.data.auth.info3.user_rid = info3->user_rid;
+ state->response.data.auth.info3.group_rid = info3->group_rid;
sid_to_string(str_sid, &(info3->dom_sid.sid));
fstrcpy(state->response.data.auth.info3.dom_sid, str_sid);