summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 620de755d8..0f8920c433 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -2188,8 +2188,14 @@ static int setup_io(struct ph_context *ac,
& (UF_INTERDOMAIN_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT
| UF_SERVER_TRUST_ACCOUNT));
- if ((io->u.userAccountControl & UF_PASSWD_NOTREQD) != 0) {
+ if (!ldb_req_is_untrusted(ac->req) &&
+ (io->u.userAccountControl & UF_PASSWD_NOTREQD))
+ {
/* see [MS-ADTS] 2.2.15 */
+ /*
+ * This seems to only happen for SAMR
+ * and not for LDAP clients
+ */
io->u.restrictions = 0;
}