Always initialise this variable - and don't set the 'must change now' if it was

last changed at '0'.

We need to actually change this password sometime...

Andrew Bartlett
(This used to be commit 740bf439d2d1512127c873cf0e57697161d6566b)

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 79cf5b156d56fecbf8a357c63c1afde243ff86b1..b3f50072bcb6ea965b23a0c78bf073c8b1cd72ec 100644 (file)
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -432,7 +432,8 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
 
        /* Test if machine password has expired and needs to be changed */
        if (lp_machine_password_timeout()) {
-               if (time(NULL) > (last_change_time + 
+               if (last_change_time > 0 && 
+                   time(NULL) > (last_change_time + 
                                  lp_machine_password_timeout())) {
                        global_machine_password_needs_changing = True;
                }

diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index d30b13c3b6efd5d8e18d7caf9e3ea68eec994132..5ba9f1dc1e178d238f0e36c6f2d477a046c4107c 100644 (file)
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -240,6 +240,7 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
                DEBUG(4,("Using ADS machine password\n"));
                E_md4hash(plaintext, ret_pwd);
                SAFE_FREE(plaintext);
+               pass_last_set_time = 0;
                return True;
        }