diff options
author | Jeremy Allison <jra@samba.org> | 2004-08-12 18:20:02 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:52:20 -0500 |
commit | a8dca8b4b66aecc2eaac4292b6b6c5ab386de0a8 (patch) | |
tree | bd376eaeb36c545d267824697ae56f58a0683e0c | |
parent | d86f6ceeadd04dccf6b5d7a78e627f78bb424fc7 (diff) | |
download | samba-a8dca8b4b66aecc2eaac4292b6b6c5ab386de0a8.tar.gz samba-a8dca8b4b66aecc2eaac4292b6b6c5ab386de0a8.tar.bz2 samba-a8dca8b4b66aecc2eaac4292b6b6c5ab386de0a8.zip |
r1778: Fix based on code from Richard Renard <rrenard@idealx.com> to
enforce logon hours. ldap fixes to follow.
Jeremy.
(This used to be commit 9ce273ed662bd34987eaeedeeeb7cb1c99cd50a4)
-rw-r--r-- | source3/auth/auth_sam.c | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 44e0a1810f..0c59dbe049 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -65,6 +65,43 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, lm_pw, nt_pw, user_sess_key, lm_sess_key); } +/**************************************************************************** + Check if a user is allowed to logon at this time. Note this is the + servers local time, as logon hours are just specified as a weekly + bitmask. +****************************************************************************/ + +static BOOL logon_hours_ok(SAM_ACCOUNT *sampass) +{ + /* In logon hours first bit is Sunday from 12AM to 1AM */ + extern struct timeval smb_last_time; + const uint8 *hours; + struct tm *utctime; + uint8 bitmask, bitpos; + + hours = pdb_get_hours(sampass); + if (!hours) { + DEBUG(5,("logon_hours_ok: No hours restrictions for user %s\n",pdb_get_username(sampass))); + return True; + } + + utctime = localtime(&smb_last_time.tv_sec); + + /* find the corresponding byte and bit */ + bitpos = (utctime->tm_wday * 24 + utctime->tm_hour) % 168; + bitmask = 1 << (bitpos % 8); + + if (! (hours[bitpos/8] & bitmask)) { + DEBUG(1,("logon_hours_ok: Account for user %s not allowed to logon at this time (UTC %s).\n", + pdb_get_username(sampass), asctime(utctime) )); + return False; + } + + DEBUG(5,("logon_hours_ok: user %s allowed to logon at this time (UTC %s)\n", + pdb_get_username(sampass), asctime(utctime) )); + + return True; +} /**************************************************************************** Do a specific test for a SAM_ACCOUNT being vaild for this connection @@ -93,6 +130,11 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, return NT_STATUS_ACCOUNT_LOCKED_OUT; } + /* Quit if the account is not allowed to logon at this time. */ + if (! logon_hours_ok(sampass)) { + return NT_STATUS_INVALID_LOGON_HOURS; + } + /* Test account expire time */ kickoff_time = pdb_get_kickoff_time(sampass); |