r20851: To read account policies from LDAP we need root.

Volker
(This used to be commit b48ea4d7775dfc3216771fd328640c2c100a014d)

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 266b28fe95cf3cc15e7abee5a47281f72f6a7081..fa9337ec10fbb8952def2071fd22174207f2a54c 100644 (file)
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1382,6 +1382,7 @@ BOOL pdb_update_bad_password_count(struct samu *sampass, BOOL *updated)
        time_t LastBadPassword;
        uint16 BadPasswordCount;
        uint32 resettime; 
+       BOOL res;
 
        BadPasswordCount = pdb_get_bad_password_count(sampass);
        if (!BadPasswordCount) {
@@ -1389,7 +1390,11 @@ BOOL pdb_update_bad_password_count(struct samu *sampass, BOOL *updated)
                return True;
        }
 
-       if (!pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime)) {
+       become_root_uid_only();
+       res = pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime);
+       unbecome_root_uid_only();
+
+       if (!res) {
                DEBUG(0, ("pdb_update_bad_password_count: pdb_get_account_policy failed.\n"));
                return False;
        }
@@ -1422,6 +1427,7 @@ BOOL pdb_update_autolock_flag(struct samu *sampass, BOOL *updated)
 {
        uint32 duration;
        time_t LastBadPassword;
+       BOOL res;
 
        if (!(pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK)) {
                DEBUG(9, ("pdb_update_autolock_flag: Account %s not autolocked, no check needed\n",
@@ -1429,7 +1435,11 @@ BOOL pdb_update_autolock_flag(struct samu *sampass, BOOL *updated)
                return True;
        }
 
-       if (!pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration)) {
+       become_root_uid_only();
+       res = pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration);
+       unbecome_root_uid_only();
+
+       if (!res) {
                DEBUG(0, ("pdb_update_autolock_flag: pdb_get_account_policy failed.\n"));
                return False;
        }