diff options
author | Volker Lendecke <vlendec@samba.org> | 2007-01-17 15:47:36 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:17:13 -0500 |
commit | b385a40f592ae7e9962f4034e9cbe66352681e2c (patch) | |
tree | b61f1faeafb25988ab6242ee9285e6f1fdd6e6cf | |
parent | 51dad2a56015c4b7b646fcdbff3e334c8c1b7e90 (diff) | |
download | samba-b385a40f592ae7e9962f4034e9cbe66352681e2c.tar.gz samba-b385a40f592ae7e9962f4034e9cbe66352681e2c.tar.bz2 samba-b385a40f592ae7e9962f4034e9cbe66352681e2c.zip |
r20851: To read account policies from LDAP we need root.
Volker
(This used to be commit b48ea4d7775dfc3216771fd328640c2c100a014d)
-rw-r--r-- | source3/passdb/passdb.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 266b28fe95..fa9337ec10 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -1382,6 +1382,7 @@ BOOL pdb_update_bad_password_count(struct samu *sampass, BOOL *updated) time_t LastBadPassword; uint16 BadPasswordCount; uint32 resettime; + BOOL res; BadPasswordCount = pdb_get_bad_password_count(sampass); if (!BadPasswordCount) { @@ -1389,7 +1390,11 @@ BOOL pdb_update_bad_password_count(struct samu *sampass, BOOL *updated) return True; } - if (!pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime)) { + become_root_uid_only(); + res = pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime); + unbecome_root_uid_only(); + + if (!res) { DEBUG(0, ("pdb_update_bad_password_count: pdb_get_account_policy failed.\n")); return False; } @@ -1422,6 +1427,7 @@ BOOL pdb_update_autolock_flag(struct samu *sampass, BOOL *updated) { uint32 duration; time_t LastBadPassword; + BOOL res; if (!(pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK)) { DEBUG(9, ("pdb_update_autolock_flag: Account %s not autolocked, no check needed\n", @@ -1429,7 +1435,11 @@ BOOL pdb_update_autolock_flag(struct samu *sampass, BOOL *updated) return True; } - if (!pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration)) { + become_root_uid_only(); + res = pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration); + unbecome_root_uid_only(); + + if (!res) { DEBUG(0, ("pdb_update_autolock_flag: pdb_get_account_policy failed.\n")); return False; } |