1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s4:auth/sam: only reset badPwdCount when the effetive value is not 0 already

Non interactive logons doesn't reset badPwdCount to 0
when the effective badPwdCount is already 0
(with (badPasswordTime + lockOutObservationWindows) < now).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-02-03 19:33:51 +01:00 committed by Andrew Bartlett
parent a35a5e9022
commit 1acd477960

View File

@ -810,19 +810,25 @@ NTSTATUS authsam_logon_success_accounting(struct ldb_context *sam_ctx,
NTTIME lastLogonTimestamp; NTTIME lastLogonTimestamp;
NTTIME lastLogon; NTTIME lastLogon;
mem_ctx = talloc_new(msg);
if (mem_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
}
lockoutTime = ldb_msg_find_attr_as_int64(msg, "lockoutTime", 0); lockoutTime = ldb_msg_find_attr_as_int64(msg, "lockoutTime", 0);
if (interactive_or_kerberos) {
badPwdCount = ldb_msg_find_attr_as_int(msg, "badPwdCount", 0); badPwdCount = ldb_msg_find_attr_as_int(msg, "badPwdCount", 0);
lastLogonTimestamp = \ } else {
badPwdCount = samdb_result_effective_badPwdCount(sam_ctx, mem_ctx,
domain_dn, msg);
}
lastLogonTimestamp =
ldb_msg_find_attr_as_int64(msg, "lastLogonTimestamp", 0); ldb_msg_find_attr_as_int64(msg, "lastLogonTimestamp", 0);
lastLogon = ldb_msg_find_attr_as_int64(msg, "lastLogon", 0); lastLogon = ldb_msg_find_attr_as_int64(msg, "lastLogon", 0);
DEBUG(5, ("lastLogonTimestamp is %lld\n", DEBUG(5, ("lastLogonTimestamp is %lld\n",
(long long int)lastLogonTimestamp)); (long long int)lastLogonTimestamp));
mem_ctx = talloc_new(msg);
if (mem_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
}
msg_mod = ldb_msg_new(mem_ctx); msg_mod = ldb_msg_new(mem_ctx);
if (msg_mod == NULL) { if (msg_mod == NULL) {
TALLOC_FREE(mem_ctx); TALLOC_FREE(mem_ctx);