sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-27 14:04:05 +03:00
Code

s3:auth: fix account unlock regression introduced with fix for bug #4347

Browse Source 
By an oversight, the patchset for #4347 made the unlocking of a locked
account after the lockout duration ineffective.
Thanks to Björn for finding this!

Michael
This commit is contained in:
Michael Adam 2010-01-14 14:24:35 +01:00
parent 743adfda91
commit 8573471154
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
source3/auth/auth_sam.c
View File

@ -369,7 +369,6 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
DATA_BLOB user_sess_key = data_blob_null;
DATA_BLOB lm_sess_key = data_blob_null;
bool updated_autolock = False, updated_badpw = False;
uint32_t acct_ctrl;
const char *username;
const uint8_t *nt_pw;
const uint8_t *lm_pw;
@ -399,22 +398,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
return NT_STATUS_NO_SUCH_USER;
}
acct_ctrl = pdb_get_acct_ctrl(sampass);
username = pdb_get_username(sampass);
nt_pw = pdb_get_nt_passwd(sampass);
lm_pw = pdb_get_lanman_passwd(sampass);
/* see if autolock flag needs to be updated */
if (acct_ctrl & ACB_NORMAL)
if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL)
pdb_update_autolock_flag(sampass, &updated_autolock);
/* Quit if the account was locked out. */
if (acct_ctrl & ACB_AUTOLOCK) {
if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
return NT_STATUS_ACCOUNT_LOCKED_OUT;
}
nt_status = sam_password_ok(auth_context, mem_ctx,
username, acct_ctrl, lm_pw, nt_pw,
username, pdb_get_acct_ctrl(sampass), lm_pw, nt_pw,
user_info, &user_sess_key, &lm_sess_key);
/* Notify passdb backend of login success/failure. If not
@ -426,7 +424,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
bool increment_bad_pw_count = false;
if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) &&
acct_ctrl & ACB_NORMAL &&
pdb_get_acct_ctrl(sampass) & ACB_NORMAL &&
NT_STATUS_IS_OK(update_login_attempts_status))
{
increment_bad_pw_count =
@ -457,7 +455,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
goto done;
}
if ((acct_ctrl & ACB_NORMAL) &&
if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) &&
(pdb_get_bad_password_count(sampass) > 0)){
pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);