diff options
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 332d41b1b0..c45be02ab8 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3959,6 +3959,11 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } + if (id21->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { + TALLOC_FREE(pwd); + return NT_STATUS_ACCESS_DENIED; + } + /* we need to separately check for an account rename first */ if (id21->account_name.string && @@ -4042,6 +4047,12 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } + if (id23->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { + TALLOC_FREE(pwd); + return NT_STATUS_ACCESS_DENIED; + } + + DEBUG(5, ("Attempting administrator password change (level 23) for user %s\n", pdb_get_username(pwd))); @@ -4220,6 +4231,11 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } + if (id25->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { + TALLOC_FREE(pwd); + return NT_STATUS_ACCESS_DENIED; + } + copy_id25_to_sam_passwd(pwd, id25); /* write the change out */ |