summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2004-07-17 01:37:04 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:52:14 -0500
commit1fca1fd8d7b9e12c6d4a3c2ad2e69a27aa65a9e1 (patch)
tree3722d7c546da9b7833866fef03fc59e306c6e6d6
parent14ba47482fba59323b37ee5b101e7aa46450a15c (diff)
downloadsamba-1fca1fd8d7b9e12c6d4a3c2ad2e69a27aa65a9e1.tar.gz
samba-1fca1fd8d7b9e12c6d4a3c2ad2e69a27aa65a9e1.tar.bz2
samba-1fca1fd8d7b9e12c6d4a3c2ad2e69a27aa65a9e1.zip
r1539: If a account was locked out by an admin (and has a bad password count of zero)
leave it locked out until an admin unlocks it (but log a message). Jeremy. (This used to be commit 14bd2a9ffc30d55d9737b4819797db8c38b46c66)
-rw-r--r--source3/passdb/passdb.c25
1 files changed, 19 insertions, 6 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index ea1ce80442..2f9742e17d 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -2249,7 +2249,9 @@ BOOL pdb_update_bad_password_count(SAM_ACCOUNT *sampass, BOOL *updated)
if (time(NULL) > (LastBadPassword + (time_t)resettime*60)){
pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
- if (updated) *updated = True;
+ if (updated) {
+ *updated = True;
+ }
}
return True;
@@ -2267,7 +2269,8 @@ BOOL pdb_update_autolock_flag(SAM_ACCOUNT *sampass, BOOL *updated)
if (!sampass) return False;
if (!(pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK)) {
- DEBUG(9, ("Account not autolocked, no check needed\n"));
+ DEBUG(9, ("pdb_update_autolock_flag: Account %s not autolocked, no check needed\n",
+ pdb_get_username(sampass)));
return True;
}
@@ -2278,20 +2281,30 @@ BOOL pdb_update_autolock_flag(SAM_ACCOUNT *sampass, BOOL *updated)
/* First, check if there is a duration to compare */
if ((duration == (uint32) -1) || (duration == 0)) {
- DEBUG(9, ("No reset duration, can't reset autolock\n"));
+ DEBUG(9, ("pdb_update_autolock_flag: No reset duration, can't reset autolock\n"));
return True;
}
LastBadPassword = pdb_get_bad_password_time(sampass);
- DEBUG(7, ("LastBadPassword=%d, duration=%d, current time =%d.\n",
- (uint32)LastBadPassword, duration*60, (uint32)time(NULL)));
+ DEBUG(7, ("pdb_update_autolock_flag: Account %s, LastBadPassword=%d, duration=%d, current time =%d.\n",
+ pdb_get_username(sampass), (uint32)LastBadPassword, duration*60, (uint32)time(NULL)));
+
+ if (LastBadPassword == (time_t)0) {
+ DEBUG(1,("pdb_update_autolock_flag: Account %s administratively locked out with no \
+bad password time. Leaving locked out.\n",
+ pdb_get_username(sampass) ));
+ return True;
+ }
+
if ((time(NULL) > (LastBadPassword + (time_t) duration * 60))) {
pdb_set_acct_ctrl(sampass,
pdb_get_acct_ctrl(sampass) & ~ACB_AUTOLOCK,
PDB_CHANGED);
pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
- if (updated) *updated = True;
+ if (updated) {
+ *updated = True;
+ }
}
return True;