sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

r1778: Fix based on code from Richard Renard <rrenard@idealx.com> to

Browse Source 
enforce logon hours. ldap fixes to follow.
Jeremy.
(This used to be commit 9ce273ed66)
This commit is contained in:
Jeremy Allison 2004-08-12 18:20:02 +00:00 committed by Gerald (Jerry) Carter
parent d86f6ceead
commit a8dca8b4b6
1 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
source3/auth/auth_sam.c
View File

@ -65,6 +65,43 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
lm_pw, nt_pw, user_sess_key, lm_sess_key);
}
/****************************************************************************
Check if a user is allowed to logon at this time. Note this is the
servers local time, as logon hours are just specified as a weekly
bitmask.
****************************************************************************/
static BOOL logon_hours_ok(SAM_ACCOUNT *sampass)
{
/* In logon hours first bit is Sunday from 12AM to 1AM */
extern struct timeval smb_last_time;
const uint8 *hours;
struct tm *utctime;
uint8 bitmask, bitpos;
hours = pdb_get_hours(sampass);
if (!hours) {
DEBUG(5,("logon_hours_ok: No hours restrictions for user %s\n",pdb_get_username(sampass)));
return True;
}
utctime = localtime(&smb_last_time.tv_sec);
/* find the corresponding byte and bit */
bitpos = (utctime->tm_wday * 24 + utctime->tm_hour) % 168;
bitmask = 1 << (bitpos % 8);
if (! (hours[bitpos/8] & bitmask)) {
DEBUG(1,("logon_hours_ok: Account for user %s not allowed to logon at this time (UTC %s).\n",
pdb_get_username(sampass), asctime(utctime) ));
return False;
}
DEBUG(5,("logon_hours_ok: user %s allowed to logon at this time (UTC %s)\n",
pdb_get_username(sampass), asctime(utctime) ));
return True;
}
/****************************************************************************
Do a specific test for a SAM_ACCOUNT being vaild for this connection
@ -93,6 +130,11 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
return NT_STATUS_ACCOUNT_LOCKED_OUT;
}
/* Quit if the account is not allowed to logon at this time. */
if (! logon_hours_ok(sampass)) {
return NT_STATUS_INVALID_LOGON_HOURS;
}
/* Test account expire time */
kickoff_time = pdb_get_kickoff_time(sampass);