summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-05-09 00:03:50 +0200
committerGünther Deschner <gd@samba.org>2009-05-09 00:03:50 +0200
commita21bfc4daff9e67750021d96ffa0c1e6e4cd3472 (patch)
treeb6ae837564b971db9c6694a67c587d99fa3894bc
parent705f36b804093f656498f7963768a418672cd422 (diff)
downloadsamba-a21bfc4daff9e67750021d96ffa0c1e6e4cd3472.tar.gz
samba-a21bfc4daff9e67750021d96ffa0c1e6e4cd3472.tar.bz2
samba-a21bfc4daff9e67750021d96ffa0c1e6e4cd3472.zip
s3-samr: Fix SetUserInfo level 16 and 21 w.r.t. ACB_AUTOLOCK acct_flag.
It is not allowed to *set* this flag remotely if it has been not set already. Found by torture test. Guenther
-rw-r--r--source3/rpc_server/srv_samr_util.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c
index 8f136b1216..69daa31e9c 100644
--- a/source3/rpc_server/srv_samr_util.c
+++ b/source3/rpc_server/srv_samr_util.c
@@ -534,6 +534,16 @@ void copy_id21_to_sam_passwd(const char *log_prefix,
DEBUG(10,("%s SAMR_FIELD_ACCT_FLAGS: %08X -> %08X\n", l,
pdb_get_acct_ctrl(to), from->acct_flags));
if (from->acct_flags != pdb_get_acct_ctrl(to)) {
+
+ /* You cannot autolock an unlocked account via
+ * setuserinfo calls, so make sure to remove the
+ * ACB_AUTOLOCK bit here - gd */
+
+ if ((from->acct_flags & ACB_AUTOLOCK) &&
+ !(pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) {
+ from->acct_flags &= ~ACB_AUTOLOCK;
+ }
+
if (!(from->acct_flags & ACB_AUTOLOCK) &&
(pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) {
/* We're unlocking a previously locked user. Reset bad password counts.