s4:auth: Handle expired accounts in authsam_account_ok() (CID 1603594)

We check the ACB_PW_EXPIRED bit to determine whether the account is
expired. Since ACB_PW_EXPIRED can’t be represented in a 16‐bit integer,
we must increase the width of acct_flags so as not to lose that bit.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 963f3d4027cfb9e11c0b5935617608e0d4516259..093d29080ecf39143efb538b5188c1f8da8d1d4d 100644 (file)
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -213,7 +213,7 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
                                     bool allow_domain_trust,
                                     bool password_change)
 {
-       uint16_t acct_flags;
+       uint32_t acct_flags;
        const char *workstation_list;
        NTTIME acct_expiry;
        NTTIME must_change_time;