diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2013-10-29 17:30:18 +1300 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2014-04-02 17:12:46 +0200 |
| commit | 6f8fb163e02579d57e731c0c09eafee5627bec62 (patch) | |
| tree | 760a79f0d2718a0a5a696a1860a0ad247b07d582 /source4/auth | |
| parent | 77e4beb0e027bb49454716b86c782c98c2ed823b (diff) | |
| download | samba-6f8fb163e02579d57e731c0c09eafee5627bec62.tar.gz samba-6f8fb163e02579d57e731c0c09eafee5627bec62.tar.xz samba-6f8fb163e02579d57e731c0c09eafee5627bec62.zip | |
dsdb: Rework samdb_result_acct_flags to use either userAccountControl or msDS-User-Account-Control-Computed
This allows us to avoid the domain lookup in the constructed attribute
when not required.
By using msDS-User-Account-Control-Computed the lockout and password
expiry checks are now handled in the operational ldb module.
Andrew Bartlett
Change-Id: I6eb94933e4602e2e50c2126062e9dfa83a46191b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/ntlm/auth_sam.c | 2 | ||||
| -rw-r--r-- | source4/auth/sam.c | 8 |
2 files changed, 5 insertions, 5 deletions
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index c8d6e5b19f6..664908bfea7 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -180,7 +180,7 @@ static NTSTATUS authsam_authenticate(struct auth4_context *auth_context, struct samr_Password *lm_pwd, *nt_pwd; NTSTATUS nt_status; - uint16_t acct_flags = samdb_result_acct_flags(auth_context->sam_ctx, mem_ctx, msg, domain_dn); + uint16_t acct_flags = samdb_result_acct_flags(msg, "msDS-User-Account-Control-Computed"); /* Quit if the account was locked out. */ if (acct_flags & ACB_AUTOLOCK) { diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 8729ec59bb4..1c3b81ad0c6 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -47,7 +47,8 @@ "dBCSPwd", \ "unicodePwd", \ \ - "userAccountControl", \ + "userAccountControl", \ + "msDS-User-Account-Control-Computed", \ "objectSid", \ \ "pwdLastSet", \ @@ -170,7 +171,7 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, DEBUG(4,("authsam_account_ok: Checking SMB password for user %s\n", name_for_logs)); - acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx, msg, domain_dn); + acct_flags = samdb_result_acct_flags(msg, "msDS-User-Account-Control-Computed"); acct_expiry = samdb_result_account_expires(msg); @@ -451,8 +452,7 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, info->bad_password_count = ldb_msg_find_attr_as_uint(msg, "badPwdCount", 0); - info->acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx, - msg, domain_dn); + info->acct_flags = samdb_result_acct_flags(msg, "msDS-User-Account-Control-Computed"); user_info_dc->user_session_key = data_blob_talloc(user_info_dc, user_sess_key.data, |