diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2014-12-10 14:15:54 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2015-01-22 07:50:06 +0100 |
| commit | 412b602314e1174824d86940eacd74fb76774aba (patch) | |
| tree | ec673aac2051cc2f193bc6e39f4f125e63cddce2 | |
| parent | 7e41bcf3053e147a6511071bd61f45db8e055165 (diff) | |
| download | samba-412b602314e1174824d86940eacd74fb76774aba.tar.gz | |
libds: UF_PARTIAL_SECRETS_ACCOUNT is a flag, not an account type
This list should only be of the account exclusive account type bits.
Note, this corrects the behaviour in samldb modifies of
userAccountControl.
This reverts 6cb91a8f33516a33210a25e4019f3f3fbbfe61f2
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
| -rw-r--r-- | libds/common/flags.h | 3 | ||||
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 19 |
2 files changed, 10 insertions, 12 deletions
diff --git a/libds/common/flags.h b/libds/common/flags.h index 49750241202..96709af118e 100644 --- a/libds/common/flags.h +++ b/libds/common/flags.h @@ -64,8 +64,7 @@ UF_NORMAL_ACCOUNT |\ UF_INTERDOMAIN_TRUST_ACCOUNT |\ UF_WORKSTATION_TRUST_ACCOUNT |\ - UF_SERVER_TRUST_ACCOUNT |\ - UF_PARTIAL_SECRETS_ACCOUNT \ + UF_SERVER_TRUST_ACCOUNT \ ) #define UF_SETTABLE_BITS (\ diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 54e2e5e6299..f491a0035c7 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -1746,17 +1746,16 @@ static int samldb_user_account_control_change(struct samldb_ctx *ac) case UF_WORKSTATION_TRUST_ACCOUNT: new_is_critical = false; - break; - - case (UF_WORKSTATION_TRUST_ACCOUNT|UF_PARTIAL_SECRETS_ACCOUNT): - if (!is_computer) { - ldb_asprintf_errstring(ldb, - "%08X: samldb: UF_PARTIAL_SECRETS_ACCOUNT " - "requires objectclass 'computer'!", - W_ERROR_V(WERR_DS_MACHINE_ACCOUNT_CREATED_PRENT4)); - return LDB_ERR_UNWILLING_TO_PERFORM; + if (new_uac & UF_PARTIAL_SECRETS_ACCOUNT) { + if (!is_computer) { + ldb_asprintf_errstring(ldb, + "%08X: samldb: UF_PARTIAL_SECRETS_ACCOUNT " + "requires objectclass 'computer'!", + W_ERROR_V(WERR_DS_MACHINE_ACCOUNT_CREATED_PRENT4)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + new_is_critical = true; } - new_is_critical = true; break; case UF_SERVER_TRUST_ACCOUNT: |