1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/source4/auth
Douglas Bagnall 795f4729ca auth: keep track of lastLogon and lastLogonTimestamp
lastLogon is supposed to be updated for every interactive or kerberos
login, and (according to testing against Windows2012r2) when the bad
password count is non-zero but the lockout time is zero. It is not
replicated.

lastLogonTimestamp is updated if the old value is more than 14 -
random.choice([0, 1, 2, 3, 4, 5]) days old, and it is replicated. The
14 in this calculation is the default, stored as
"msDS-LogonTimeSyncInterval", which we offer no interface for
changing.

The authsam_zero_bad_pwd_count() function is a convenient place to
update these values, as it is called upon a successful logon however
that logon is performed. That makes the function's name inaccurate, so
we rename it authsam_logon_success_accounting(). It also needs to be
told whet5her the login is interactive.

The password_lockout tests are extended to test lastLogon and
lasLogonTimestamp.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
2015-12-15 00:08:57 +01:00
..
gensec gensec: Fix picky unused variable errors 2015-11-23 15:17:18 +01:00
kerberos s4-auth: Fix picky unused variable warning 2015-11-23 15:17:18 +01:00
ntlm auth: keep track of lastLogon and lastLogonTimestamp 2015-12-15 00:08:57 +01:00
auth.h auth: Provide a way to use the auth stack for winbindd authentication 2014-06-11 10:18:26 +02:00
pyauth.c samba:python - Py_RETURN_NONE remove compatibility code for releases < 2.4 2014-01-09 16:27:47 +01:00
pyauth.h pytalloc: Use consistent prefix for functions, add ABI file. 2011-08-10 15:36:21 +02:00
sam.c auth: keep track of lastLogon and lastLogonTimestamp 2015-12-15 00:08:57 +01:00
samba_server_gensec.c gensec: move event context from gensec_*_init() to gensec_update() 2011-10-18 13:13:33 +11:00
session.c CVE-2014-8143:auth: Force talloc type of session_info pointer to match 2015-01-15 12:33:08 +01:00
session.h Fix public header not to include private (not installed) ones. 2011-03-14 17:01:20 +01:00
system_session.c s4: fix wrong index usage PRIMARY_USER_SID_INDEX when it should have been PRIMARY_GROUP_SID_INDEX 2011-06-19 23:21:08 +02:00
unix_token.c auth4: auth_session_info_fill_unix only needs a tevent_context 2014-03-05 16:33:21 +01:00
wscript_build build: rename security → samba-security 2012-08-10 14:22:20 +02:00
wscript_configure s4:auth/gensec: remove unused and untested cyrus_sasl module 2015-06-23 22:12:08 +02:00