summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-10-13 17:06:28 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-10-13 18:46:13 +0200
commit3411e71c76dd01ae505c0c87fa43b794e63c4091 (patch)
tree6f0d69bc5b48be31a2dd5c13dd5604cefaa1743d
parented68189c5f6c39d075d4c08a92994acf5e5a9a51 (diff)
downloadsamba-3411e71c76dd01ae505c0c87fa43b794e63c4091.tar.gz
samba-3411e71c76dd01ae505c0c87fa43b794e63c4091.tar.bz2
samba-3411e71c76dd01ae505c0c87fa43b794e63c4091.zip
s4:samldb LDB module - deny creation of temporary duplicate accounts
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index c31e1ad4bf..4d7b8a1b6d 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -830,6 +830,12 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
/* Step 1.3: "userAccountControl" -> "sAMAccountType" mapping */
user_account_control = strtoul((const char *)el->values[0].data,
NULL, 0);
+
+ /* Temporary duplicate accounts aren't allowed */
+ if ((user_account_control & UF_TEMP_DUPLICATE_ACCOUNT) != 0) {
+ return LDB_ERR_OTHER;
+ }
+
account_type = ds_uf2atype(user_account_control);
if (account_type == 0) {
ldb_set_errstring(ldb, "samldb: Unrecognized account type!");
@@ -1386,6 +1392,12 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
user_account_control = strtoul((const char *)el->values[0].data,
NULL, 0);
+
+ /* Temporary duplicate accounts aren't allowed */
+ if ((user_account_control & UF_TEMP_DUPLICATE_ACCOUNT) != 0) {
+ return LDB_ERR_OTHER;
+ }
+
account_type = ds_uf2atype(user_account_control);
if (account_type == 0) {
ldb_set_errstring(ldb, "samldb: Unrecognized account type!");