summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2008-11-27 17:29:30 +0100
committerGünther Deschner <gd@samba.org>2008-11-27 18:29:10 +0100
commit6a627b440e8b3f42db2a8a27047dd3482bad0d28 (patch)
tree1d8c40151a32ee1f34e805d02ed1dbace6c4539a
parent257d99d0cd441697d67b52f3e7c260c17a4a0916 (diff)
downloadsamba-6a627b440e8b3f42db2a8a27047dd3482bad0d28.tar.gz
samba-6a627b440e8b3f42db2a8a27047dd3482bad0d28.tar.bz2
samba-6a627b440e8b3f42db2a8a27047dd3482bad0d28.zip
s3-samr: never allow to alter pwdlastset directly.
Guenther
Diffstat
-rw-r--r--source3/rpc_server/srv_samr_nt.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 332d41b1b0..c45be02ab8 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -3959,6 +3959,11 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
+ if (id21->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) {
+ TALLOC_FREE(pwd);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* we need to separately check for an account rename first */
if (id21->account_name.string &&
@@ -4042,6 +4047,12 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
+ if (id23->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) {
+ TALLOC_FREE(pwd);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+
DEBUG(5, ("Attempting administrator password change (level 23) for user %s\n",
pdb_get_username(pwd)));
@@ -4220,6 +4231,11 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
+ if (id25->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) {
+ TALLOC_FREE(pwd);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
copy_id25_to_sam_passwd(pwd, id25);
/* write the change out */
generated by cgit (git 2.34.1) at 2024-07-07 10:10:11 +0000