mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s4:auth/sam: only reset badPwdCount when the effetive value is not 0 already
Non interactive logons doesn't reset badPwdCount to 0 when the effective badPwdCount is already 0 (with (badPasswordTime + lockOutObservationWindows) < now). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
a35a5e9022
commit
1acd477960
@ -810,19 +810,25 @@ NTSTATUS authsam_logon_success_accounting(struct ldb_context *sam_ctx,
|
|||||||
NTTIME lastLogonTimestamp;
|
NTTIME lastLogonTimestamp;
|
||||||
NTTIME lastLogon;
|
NTTIME lastLogon;
|
||||||
|
|
||||||
|
mem_ctx = talloc_new(msg);
|
||||||
|
if (mem_ctx == NULL) {
|
||||||
|
return NT_STATUS_NO_MEMORY;
|
||||||
|
}
|
||||||
|
|
||||||
lockoutTime = ldb_msg_find_attr_as_int64(msg, "lockoutTime", 0);
|
lockoutTime = ldb_msg_find_attr_as_int64(msg, "lockoutTime", 0);
|
||||||
|
if (interactive_or_kerberos) {
|
||||||
badPwdCount = ldb_msg_find_attr_as_int(msg, "badPwdCount", 0);
|
badPwdCount = ldb_msg_find_attr_as_int(msg, "badPwdCount", 0);
|
||||||
lastLogonTimestamp = \
|
} else {
|
||||||
|
badPwdCount = samdb_result_effective_badPwdCount(sam_ctx, mem_ctx,
|
||||||
|
domain_dn, msg);
|
||||||
|
}
|
||||||
|
lastLogonTimestamp =
|
||||||
ldb_msg_find_attr_as_int64(msg, "lastLogonTimestamp", 0);
|
ldb_msg_find_attr_as_int64(msg, "lastLogonTimestamp", 0);
|
||||||
lastLogon = ldb_msg_find_attr_as_int64(msg, "lastLogon", 0);
|
lastLogon = ldb_msg_find_attr_as_int64(msg, "lastLogon", 0);
|
||||||
|
|
||||||
DEBUG(5, ("lastLogonTimestamp is %lld\n",
|
DEBUG(5, ("lastLogonTimestamp is %lld\n",
|
||||||
(long long int)lastLogonTimestamp));
|
(long long int)lastLogonTimestamp));
|
||||||
|
|
||||||
mem_ctx = talloc_new(msg);
|
|
||||||
if (mem_ctx == NULL) {
|
|
||||||
return NT_STATUS_NO_MEMORY;
|
|
||||||
}
|
|
||||||
msg_mod = ldb_msg_new(mem_ctx);
|
msg_mod = ldb_msg_new(mem_ctx);
|
||||||
if (msg_mod == NULL) {
|
if (msg_mod == NULL) {
|
||||||
TALLOC_FREE(mem_ctx);
|
TALLOC_FREE(mem_ctx);
|
||||||
|
Loading…
Reference in New Issue
Block a user