From 545c02975238b9cf1a05483b48ede88eb29bf3b0 Mon Sep 17 00:00:00 2001
From: Simon Smith <simonsmith5521@gmail.com>
Date: Wed, 20 Sep 2023 19:24:30 +0100
Subject: [PATCH] deny sspi and ldap password change

---
 meshuser.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/meshuser.js b/meshuser.js
index b81a3bf2..18945489 100644
--- a/meshuser.js
+++ b/meshuser.js
@@ -1820,7 +1820,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
 
                     // If this account is settings locked, return here.
                     if ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 1024) != 0)) return;
-
+                    
+                    // Do not allow change password if sspi or ldap
+                    if ((domain.auth == 'sspi') || (domain.auth == 'ldap')) return;
+                    
                     // Change our own password
                     if (common.validateString(command.oldpass, 1, 256) == false) break;
                     if (common.validateString(command.newpass, 1, 256) == false) break;