}
pdb_set_user_sid(sam, sid, PDB_SET);
- n = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0);
+ n = samdb_result_acct_flags(msg, "msDS-User-Account-Control-Computed");
if (n == 0) {
DEBUG(10, ("Could not pull userAccountControl\n"));
goto fail;
}
- pdb_set_acct_ctrl(sam, ds_uf2acb(n), PDB_SET);
+ pdb_set_acct_ctrl(sam, n, PDB_SET);
blob = ldb_msg_find_ldb_val(msg, "unicodePwd");
if (blob) {
"sAMAccountName", "displayName", "homeDirectory",
"homeDrive", "scriptPath", "profilePath", "description",
"userWorkstations", "comment", "userParameters", "objectSid",
- "primaryGroupID", "userAccountControl", "logonHours",
+ "primaryGroupID", "userAccountControl",
+ "msDS-User-Account-Control-Computed", "logonHours",
"badPwdCount", "logonCount", "countryCode", "codePage",
"unicodePwd", "dBCSPwd", NULL };
}
sid_peek_rid(sid, &e->rid);
- e->acct_flags = samdb_result_acct_flags(state->ldb, tmp_ctx,
- res->msgs[i],
- ldb_get_default_basedn(state->ldb));
+ e->acct_flags = samdb_result_acct_flags(res->msgs[i], "userAccountControl");
e->account_name = ldb_msg_find_attr_as_string(
res->msgs[i], "samAccountName", NULL);
if (e->account_name == NULL) {
struct samr_Password *lm_pwd, *nt_pwd;
NTSTATUS nt_status;
- uint16_t acct_flags = samdb_result_acct_flags(auth_context->sam_ctx, mem_ctx, msg, domain_dn);
+ uint16_t acct_flags = samdb_result_acct_flags(msg, "msDS-User-Account-Control-Computed");
/* Quit if the account was locked out. */
if (acct_flags & ACB_AUTOLOCK) {
"dBCSPwd", \
"unicodePwd", \
\
- "userAccountControl", \
+ "userAccountControl", \
+ "msDS-User-Account-Control-Computed", \
"objectSid", \
\
"pwdLastSet", \
DEBUG(4,("authsam_account_ok: Checking SMB password for user %s\n", name_for_logs));
- acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx, msg, domain_dn);
+ acct_flags = samdb_result_acct_flags(msg, "msDS-User-Account-Control-Computed");
acct_expiry = samdb_result_account_expires(msg);
info->bad_password_count = ldb_msg_find_attr_as_uint(msg, "badPwdCount",
0);
- info->acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx,
- msg, domain_dn);
+ info->acct_flags = samdb_result_acct_flags(msg, "msDS-User-Account-Control-Computed");
user_info_dc->user_session_key = data_blob_talloc(user_info_dc,
user_sess_key.data,
/*
pull a set of account_flags from a result set.
- This requires that the attributes:
- pwdLastSet
- userAccountControl
- be included in 'msg'
+ Naturally, this requires that userAccountControl and
+ (if not null) the attributes 'attr' be already
+ included in msg
*/
-uint32_t samdb_result_acct_flags(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
- struct ldb_message *msg, struct ldb_dn *domain_dn)
+uint32_t samdb_result_acct_flags(struct ldb_message *msg, const char *attr)
{
uint32_t userAccountControl = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0);
+ uint32_t attr_flags = 0;
uint32_t acct_flags = ds_uf2acb(userAccountControl);
- NTTIME must_change_time;
- NTTIME now;
-
- must_change_time = samdb_result_force_password_change(sam_ctx, mem_ctx,
- domain_dn, msg);
-
- /* Test account expire time */
- unix_to_nt_time(&now, time(NULL));
- /* check for expired password */
- if (must_change_time < now) {
- acct_flags |= ACB_PW_EXPIRED;
+ if (attr) {
+ attr_flags = ldb_msg_find_attr_as_uint(msg, attr, UF_ACCOUNTDISABLE);
+ if (attr_flags == UF_ACCOUNTDISABLE) {
+ DEBUG(0, ("Attribute %s not found, disabling account %s!\n", attr,
+ ldb_dn_get_linearized(msg->dn)));
+ }
+ acct_flags |= ds_uf2acb(attr_flags);
}
+
return acct_flags;
}
#define QUERY_LHOURS(msg, field, attr) \
info->field = samdb_result_logon_hours(mem_ctx, msg, attr);
#define QUERY_AFLAGS(msg, field, attr) \
- info->field = samdb_result_acct_flags(sam_ctx, mem_ctx, msg, a_state->domain_state->domain_dn);
+ info->field = samdb_result_acct_flags(msg, attr);
#define QUERY_PARAMETERS(msg, field, attr) \
info->field = samdb_result_parameters(mem_ctx, msg, attr);
for (i=0;i<ldb_cnt;i++) {
/* Check if a mask has been requested */
if (r->in.acct_flags
- && ((samdb_result_acct_flags(d_state->sam_ctx, mem_ctx,
- res[i], d_state->domain_dn) & r->in.acct_flags) == 0)) {
+ && ((samdb_result_acct_flags(res[i], NULL) & r->in.acct_flags) == 0)) {
continue;
}
entries[count].idx = samdb_result_rid_from_sid(mem_ctx, res[i],
"badPwdCount",
"logonCount",
"userAccountControl",
+ "msDS-User-Account-Control-Computed",
NULL};
attrs = attrs2;
break;
"pwdLastSet",
"accountExpires",
"userAccountControl",
+ "msDS-User-Account-Control-Computed",
NULL};
attrs = attrs2;
break;
case 16:
{
static const char * const attrs2[] = {"userAccountControl",
+ "msDS-User-Account-Control-Computed",
"pwdLastSet",
NULL};
attrs = attrs2;
"objectSid",
"primaryGroupID",
"userAccountControl",
+ "msDS-User-Account-Control-Computed",
"logonHours",
"badPwdCount",
"logonCount",
QUERY_LHOURS(msg, info3.logon_hours, "logonHours");
QUERY_UINT (msg, info3.bad_password_count, "badPwdCount");
QUERY_UINT (msg, info3.logon_count, "logonCount");
- QUERY_AFLAGS(msg, info3.acct_flags, "userAccountControl");
+ QUERY_AFLAGS(msg, info3.acct_flags, "msDS-User-Account-Control-Computed");
break;
case 4:
QUERY_UINT (msg, info5.logon_count, "logonCount");
QUERY_UINT64(msg, info5.last_password_change, "pwdLastSet");
QUERY_UINT64(msg, info5.acct_expiry, "accountExpires");
- QUERY_AFLAGS(msg, info5.acct_flags, "userAccountControl");
+ QUERY_AFLAGS(msg, info5.acct_flags, "msDS-User-Account-Control-Computed");
break;
case 6:
break;
case 16:
- QUERY_AFLAGS(msg, info16.acct_flags, "userAccountControl");
+ QUERY_AFLAGS(msg, info16.acct_flags, "msDS-User-Account-Control-Computed");
break;
case 17:
QUERY_PARAMETERS(msg, info21.parameters, "userParameters");
QUERY_RID (msg, info21.rid, "objectSid");
QUERY_UINT (msg, info21.primary_gid, "primaryGroupID");
- QUERY_AFLAGS(msg, info21.acct_flags, "userAccountControl");
+ QUERY_AFLAGS(msg, info21.acct_flags, "msDS-User-Account-Control-Computed");
info->info21.fields_present = 0x08FFFFFF;
QUERY_LHOURS(msg, info21.logon_hours, "logonHours");
QUERY_UINT (msg, info21.bad_password_count, "badPwdCount");
entriesGeneral[count].rid =
objectsid->sub_auths[objectsid->num_auths-1];
entriesGeneral[count].acct_flags =
- samdb_result_acct_flags(d_state->sam_ctx,
- mem_ctx,
- res->msgs[i],
- d_state->domain_dn);
+ samdb_result_acct_flags(res->msgs[i], NULL);
entriesGeneral[count].account_name.string =
ldb_msg_find_attr_as_string(res->msgs[i],
"sAMAccountName", "");
/* No idea why we need to or in ACB_NORMAL here, but this is what Win2k3 seems to do... */
entriesFull[count].acct_flags =
- samdb_result_acct_flags(d_state->sam_ctx,
- mem_ctx,
- res->msgs[i],
- d_state->domain_dn) | ACB_NORMAL;
+ samdb_result_acct_flags(res->msgs[i],
+ NULL) | ACB_NORMAL;
entriesFull[count].account_name.string =
ldb_msg_find_attr_as_string(res->msgs[i],
"sAMAccountName", "");
git.samba.org / samba.git / commitdiff