s4-s3-upgrade: Max/min password age policy is in seconds, not days

This cases upgraded domains to have a too-long password expiry, which in extreme
cases can cause the KDC to misfunction.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun May  6 14:49:39 CEST 2012 on sn-devel-104

diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 7d6930681fc3aa9f716f8f65f2c6aa8150c42e1e..7055d0d6738265cfcf9eb981544aca2a08cfea29 100644 (file)
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -60,7 +60,7 @@ def import_sam_policy(samdb, policy, logger):
         ldb.FLAG_MOD_REPLACE, 'pwdHistoryLength')
 
     min_pw_age_unix = policy['minimum password age']
-    min_pw_age_nt = int(-min_pw_age_unix * (1e7 * 60 * 60 * 24))
+    min_pw_age_nt = int(-min_pw_age_unix * (1e7))
     m['a03'] = ldb.MessageElement(str(min_pw_age_nt), ldb.FLAG_MOD_REPLACE,
         'minPwdAge')
 
@@ -68,7 +68,7 @@ def import_sam_policy(samdb, policy, logger):
     if max_pw_age_unix == -1 or max_pw_age_unix == 0:
         max_pw_age_nt = -0x8000000000000000
     else:
-        max_pw_age_nt = int(-max_pw_age_unix * (1e7 * 60 * 60 * 24))
+        max_pw_age_nt = int(-max_pw_age_unix * (1e7))
 
     m['a04'] = ldb.MessageElement(str(max_pw_age_nt), ldb.FLAG_MOD_REPLACE,
                                   'maxPwdAge')