From: Andrew Bartlett Date: Wed, 10 Dec 2014 01:15:54 +0000 (+1300) Subject: libds: UF_PARTIAL_SECRETS_ACCOUNT is a flag, not an account type X-Git-Tag: ldb-1.1.20~47 X-Git-Url: http://git.samba.org/samba.git/?p=sfrench%2Fsamba-autobuild%2F.git;a=commitdiff_plain;h=412b602314e1174824d86940eacd74fb76774aba libds: UF_PARTIAL_SECRETS_ACCOUNT is a flag, not an account type This list should only be of the account exclusive account type bits. Note, this corrects the behaviour in samldb modifies of userAccountControl. This reverts 6cb91a8f33516a33210a25e4019f3f3fbbfe61f2 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Pair-programmed-with: Garming Sam Signed-off-by: Andrew Bartlett Signed-off-by: Garming Sam Reviewed-by: Stefan Metzmacher --- diff --git a/libds/common/flags.h b/libds/common/flags.h index 49750241202..96709af118e 100644 --- a/libds/common/flags.h +++ b/libds/common/flags.h @@ -64,8 +64,7 @@ UF_NORMAL_ACCOUNT |\ UF_INTERDOMAIN_TRUST_ACCOUNT |\ UF_WORKSTATION_TRUST_ACCOUNT |\ - UF_SERVER_TRUST_ACCOUNT |\ - UF_PARTIAL_SECRETS_ACCOUNT \ + UF_SERVER_TRUST_ACCOUNT \ ) #define UF_SETTABLE_BITS (\ diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 54e2e5e6299..f491a0035c7 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -1746,17 +1746,16 @@ static int samldb_user_account_control_change(struct samldb_ctx *ac) case UF_WORKSTATION_TRUST_ACCOUNT: new_is_critical = false; - break; - - case (UF_WORKSTATION_TRUST_ACCOUNT|UF_PARTIAL_SECRETS_ACCOUNT): - if (!is_computer) { - ldb_asprintf_errstring(ldb, - "%08X: samldb: UF_PARTIAL_SECRETS_ACCOUNT " - "requires objectclass 'computer'!", - W_ERROR_V(WERR_DS_MACHINE_ACCOUNT_CREATED_PRENT4)); - return LDB_ERR_UNWILLING_TO_PERFORM; + if (new_uac & UF_PARTIAL_SECRETS_ACCOUNT) { + if (!is_computer) { + ldb_asprintf_errstring(ldb, + "%08X: samldb: UF_PARTIAL_SECRETS_ACCOUNT " + "requires objectclass 'computer'!", + W_ERROR_V(WERR_DS_MACHINE_ACCOUNT_CREATED_PRENT4)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + new_is_critical = true; } - new_is_critical = true; break; case UF_SERVER_TRUST_ACCOUNT: