Extend the 'netlogon' CLDAP and NBT implementation.

This now handles checking if the user exists, including validating the
ACB mask on the user.

This would be a nasty security hole, if Kerberos did not already
expose this information anonymously...

Andrew Bartlett
(This used to be commit 441b286c00f9a7743cdefeb243545bdbd2c94c5e)

1 files changed, 1 insertions, 1 deletions

diff --git a/source4/nbt_server/dgram/netlogon.c b/source4/nbt_server/dgram/netlogon.c
index 664cd56636..5e263a5854 100644
--- a/source4/nbt_server/dgram/netlogon.c
+++ b/source4/nbt_server/dgram/netlogon.c
@@ -139,7 +139,7 @@ static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot,
 	}
 
 	status = fill_netlogon_samlogon_response(samctx, packet, NULL, name->name, sid, NULL, 
-						 netlogon->req.logon.user_name, src->addr, 
+						 netlogon->req.logon.user_name, netlogon->req.logon.acct_control, src->addr, 
 						 netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.samlogon);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(2,("NBT netlogon query failed domain=%s sid=%s version=%d - %s\n",