s3-passdb: Use DSDB_PASSWORD_BYPASS_LAST_SET flags in pdb_samba4

[ira/wip.git] / source3 / passdb / pdb_samba4.c

diff --git a/source3/passdb/pdb_samba4.c b/source3/passdb/pdb_samba4.c
index 8da9b3cf5a0254a7396ebfe8a2d264d50dc19832..f336b8a9c61c0fe019cfecc4094f3426203d6e9b 100644 (file)
--- a/source3/passdb/pdb_samba4.c
+++ b/source3/passdb/pdb_samba4.c
@@ -357,6 +357,15 @@ static int pdb_samba4_replace_by_sam(struct pdb_samba4_state *state,
                return ret;
         }
 
+       /* If we set a plaintext password, the system will
+        * force the pwdLastSet to now() */
+       if (need_update(sam, PDB_PASSLASTSET)) {
+               dsdb_flags = DSDB_PASSWORD_BYPASS_LAST_SET;
+               
+               ret |= pdb_samba4_add_time(msg, "pwdLastSet",
+                                          pdb_get_pass_last_set_time(sam));
+       }
+
        pw = pdb_get_plaintext_passwd(sam);
        if (need_update(sam, PDB_PLAINTEXT_PW)) {
                if (pw == NULL) {
@@ -407,15 +416,6 @@ static int pdb_samba4_replace_by_sam(struct pdb_samba4_state *state,
 
                }
 
-               /* If we set a plaintext password, the system will
-                * force the pwdLastSet to now(), and it isn't worth
-                * working around this for the real world use cases of
-                * pdb_samba4 */
-               if (need_update(sam, PDB_PASSLASTSET)) {
-                       ret |= pdb_samba4_add_time(msg, "pwdLastSet",
-                                                  pdb_get_pass_last_set_time(sam));
-               }
-
                if (need_update(sam, PDB_PWHISTORY)) {
                        uint32_t current_hist_len;
                        const uint8_t *history = pdb_get_pw_history(sam, &current_hist_len);