diff options
author | Günther Deschner <gd@samba.org> | 2009-05-07 23:54:58 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-05-08 00:43:24 +0200 |
commit | c400fc1e1e9a0c3db82c9a96e9684c8debfb3b74 (patch) | |
tree | 4b6e9a86c31dc43c3b3259e419d5752ec7118bc6 /source3 | |
parent | b9fa8285f77a8748b815f6ca6eaaf77767223bff (diff) | |
download | samba-c400fc1e1e9a0c3db82c9a96e9684c8debfb3b74.tar.gz samba-c400fc1e1e9a0c3db82c9a96e9684c8debfb3b74.tar.bz2 samba-c400fc1e1e9a0c3db82c9a96e9684c8debfb3b74.zip |
s3-samr: disable check for ACB_DISABLED in check_oem_password().
It is a bad idea to just tell everyone that an account is disabled without
really having checked the password first.
Found by torture test.
Guenther
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/chgpasswd.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 5e89b6c80c..dd1864e08b 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -860,12 +860,15 @@ static NTSTATUS check_oem_password(const char *user, bool lm_pass_set = (password_encrypted_with_lm_hash && old_lm_hash_encrypted); acct_ctrl = pdb_get_acct_ctrl(sampass); +#if 0 + /* I am convinced this check here is wrong, it is valid to + * change a password of a user that has a disabled account - gd */ if (acct_ctrl & ACB_DISABLED) { DEBUG(2,("check_lanman_password: account %s disabled.\n", user)); return NT_STATUS_ACCOUNT_DISABLED; } - +#endif if ((acct_ctrl & ACB_PWNOTREQ) && lp_null_passwords()) { /* construct a null password (in case one is needed */ no_pw[0] = 0; |