diff options
author | Günther Deschner <gd@samba.org> | 2009-05-09 00:03:50 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-05-09 00:03:50 +0200 |
commit | a21bfc4daff9e67750021d96ffa0c1e6e4cd3472 (patch) | |
tree | b6ae837564b971db9c6694a67c587d99fa3894bc | |
parent | 705f36b804093f656498f7963768a418672cd422 (diff) | |
download | samba-a21bfc4daff9e67750021d96ffa0c1e6e4cd3472.tar.gz samba-a21bfc4daff9e67750021d96ffa0c1e6e4cd3472.tar.bz2 samba-a21bfc4daff9e67750021d96ffa0c1e6e4cd3472.zip |
s3-samr: Fix SetUserInfo level 16 and 21 w.r.t. ACB_AUTOLOCK acct_flag.
It is not allowed to *set* this flag remotely if it has been not set already.
Found by torture test.
Guenther
-rw-r--r-- | source3/rpc_server/srv_samr_util.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c index 8f136b1216..69daa31e9c 100644 --- a/source3/rpc_server/srv_samr_util.c +++ b/source3/rpc_server/srv_samr_util.c @@ -534,6 +534,16 @@ void copy_id21_to_sam_passwd(const char *log_prefix, DEBUG(10,("%s SAMR_FIELD_ACCT_FLAGS: %08X -> %08X\n", l, pdb_get_acct_ctrl(to), from->acct_flags)); if (from->acct_flags != pdb_get_acct_ctrl(to)) { + + /* You cannot autolock an unlocked account via + * setuserinfo calls, so make sure to remove the + * ACB_AUTOLOCK bit here - gd */ + + if ((from->acct_flags & ACB_AUTOLOCK) && + !(pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) { + from->acct_flags &= ~ACB_AUTOLOCK; + } + if (!(from->acct_flags & ACB_AUTOLOCK) && (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) { /* We're unlocking a previously locked user. Reset bad password counts. |