libds: UF_PARTIAL_SECRETS_ACCOUNT is a flag, not an account type
authorAndrew Bartlett <abartlet@samba.org>
Wed, 10 Dec 2014 01:15:54 +0000 (14:15 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 22 Jan 2015 06:50:06 +0000 (07:50 +0100)
This list should only be of the account exclusive account type bits.

Note, this corrects the behaviour in samldb modifies of
userAccountControl.

This reverts 6cb91a8f33516a33210a25e4019f3f3fbbfe61f2

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
libds/common/flags.h
source4/dsdb/samdb/ldb_modules/samldb.c

index 4975024..96709af 100644 (file)
@@ -64,8 +64,7 @@
                UF_NORMAL_ACCOUNT |\
                UF_INTERDOMAIN_TRUST_ACCOUNT |\
                UF_WORKSTATION_TRUST_ACCOUNT |\
-               UF_SERVER_TRUST_ACCOUNT |\
-               UF_PARTIAL_SECRETS_ACCOUNT \
+               UF_SERVER_TRUST_ACCOUNT \
                 )
 
 #define UF_SETTABLE_BITS (\
index 54e2e5e..f491a00 100644 (file)
@@ -1746,17 +1746,16 @@ static int samldb_user_account_control_change(struct samldb_ctx *ac)
 
        case UF_WORKSTATION_TRUST_ACCOUNT:
                new_is_critical = false;
-               break;
-
-       case (UF_WORKSTATION_TRUST_ACCOUNT|UF_PARTIAL_SECRETS_ACCOUNT):
-               if (!is_computer) {
-                       ldb_asprintf_errstring(ldb,
-                               "%08X: samldb: UF_PARTIAL_SECRETS_ACCOUNT "
-                               "requires objectclass 'computer'!",
-                               W_ERROR_V(WERR_DS_MACHINE_ACCOUNT_CREATED_PRENT4));
-                       return LDB_ERR_UNWILLING_TO_PERFORM;
+               if (new_uac & UF_PARTIAL_SECRETS_ACCOUNT) {
+                       if (!is_computer) {
+                               ldb_asprintf_errstring(ldb,
+                                                      "%08X: samldb: UF_PARTIAL_SECRETS_ACCOUNT "
+                                                      "requires objectclass 'computer'!",
+                                                      W_ERROR_V(WERR_DS_MACHINE_ACCOUNT_CREATED_PRENT4));
+                               return LDB_ERR_UNWILLING_TO_PERFORM;
+                       }
+                       new_is_critical = true;
                }
-               new_is_critical = true;
                break;
 
        case UF_SERVER_TRUST_ACCOUNT: