summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2007-01-17 15:47:36 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:17:13 -0500
commitb385a40f592ae7e9962f4034e9cbe66352681e2c (patch)
treeb61f1faeafb25988ab6242ee9285e6f1fdd6e6cf /source3
parent51dad2a56015c4b7b646fcdbff3e334c8c1b7e90 (diff)
downloadsamba-b385a40f592ae7e9962f4034e9cbe66352681e2c.tar.gz
samba-b385a40f592ae7e9962f4034e9cbe66352681e2c.tar.bz2
samba-b385a40f592ae7e9962f4034e9cbe66352681e2c.zip
r20851: To read account policies from LDAP we need root.
Volker (This used to be commit b48ea4d7775dfc3216771fd328640c2c100a014d)
Diffstat (limited to 'source3')
-rw-r--r--source3/passdb/passdb.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 266b28fe95..fa9337ec10 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1382,6 +1382,7 @@ BOOL pdb_update_bad_password_count(struct samu *sampass, BOOL *updated)
time_t LastBadPassword;
uint16 BadPasswordCount;
uint32 resettime;
+ BOOL res;
BadPasswordCount = pdb_get_bad_password_count(sampass);
if (!BadPasswordCount) {
@@ -1389,7 +1390,11 @@ BOOL pdb_update_bad_password_count(struct samu *sampass, BOOL *updated)
return True;
}
- if (!pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime)) {
+ become_root_uid_only();
+ res = pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime);
+ unbecome_root_uid_only();
+
+ if (!res) {
DEBUG(0, ("pdb_update_bad_password_count: pdb_get_account_policy failed.\n"));
return False;
}
@@ -1422,6 +1427,7 @@ BOOL pdb_update_autolock_flag(struct samu *sampass, BOOL *updated)
{
uint32 duration;
time_t LastBadPassword;
+ BOOL res;
if (!(pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK)) {
DEBUG(9, ("pdb_update_autolock_flag: Account %s not autolocked, no check needed\n",
@@ -1429,7 +1435,11 @@ BOOL pdb_update_autolock_flag(struct samu *sampass, BOOL *updated)
return True;
}
- if (!pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration)) {
+ become_root_uid_only();
+ res = pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration);
+ unbecome_root_uid_only();
+
+ if (!res) {
DEBUG(0, ("pdb_update_autolock_flag: pdb_get_account_policy failed.\n"));
return False;
}