diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-10-13 17:06:28 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-10-13 18:46:13 +0200 |
commit | 3411e71c76dd01ae505c0c87fa43b794e63c4091 (patch) | |
tree | 6f0d69bc5b48be31a2dd5c13dd5604cefaa1743d | |
parent | ed68189c5f6c39d075d4c08a92994acf5e5a9a51 (diff) | |
download | samba-3411e71c76dd01ae505c0c87fa43b794e63c4091.tar.gz samba-3411e71c76dd01ae505c0c87fa43b794e63c4091.tar.bz2 samba-3411e71c76dd01ae505c0c87fa43b794e63c4091.zip |
s4:samldb LDB module - deny creation of temporary duplicate accounts
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index c31e1ad4bf..4d7b8a1b6d 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -830,6 +830,12 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac) /* Step 1.3: "userAccountControl" -> "sAMAccountType" mapping */ user_account_control = strtoul((const char *)el->values[0].data, NULL, 0); + + /* Temporary duplicate accounts aren't allowed */ + if ((user_account_control & UF_TEMP_DUPLICATE_ACCOUNT) != 0) { + return LDB_ERR_OTHER; + } + account_type = ds_uf2atype(user_account_control); if (account_type == 0) { ldb_set_errstring(ldb, "samldb: Unrecognized account type!"); @@ -1386,6 +1392,12 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) user_account_control = strtoul((const char *)el->values[0].data, NULL, 0); + + /* Temporary duplicate accounts aren't allowed */ + if ((user_account_control & UF_TEMP_DUPLICATE_ACCOUNT) != 0) { + return LDB_ERR_OTHER; + } + account_type = ds_uf2atype(user_account_control); if (account_type == 0) { ldb_set_errstring(ldb, "samldb: Unrecognized account type!"); |