summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2010-01-14 14:24:35 +0100
committerMichael Adam <obnox@samba.org>2010-01-14 15:48:09 +0100
commit8573471154d63644bc581d0b6a80f73927ca3e93 (patch)
tree72407b46db32f62c4006f2b8412820e16ccedb34
parent743adfda911e9123132fcc0d599080d869f419ab (diff)
downloadsamba-8573471154d63644bc581d0b6a80f73927ca3e93.tar.gz
samba-8573471154d63644bc581d0b6a80f73927ca3e93.tar.bz2
samba-8573471154d63644bc581d0b6a80f73927ca3e93.zip
s3:auth: fix account unlock regression introduced with fix for bug #4347
By an oversight, the patchset for #4347 made the unlocking of a locked account after the lockout duration ineffective. Thanks to Björn for finding this! Michael
-rw-r--r--source3/auth/auth_sam.c12
1 files changed, 5 insertions, 7 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 1dd8fc950e..01b25178ee 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -369,7 +369,6 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
DATA_BLOB user_sess_key = data_blob_null;
DATA_BLOB lm_sess_key = data_blob_null;
bool updated_autolock = False, updated_badpw = False;
- uint32_t acct_ctrl;
const char *username;
const uint8_t *nt_pw;
const uint8_t *lm_pw;
@@ -399,22 +398,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
return NT_STATUS_NO_SUCH_USER;
}
- acct_ctrl = pdb_get_acct_ctrl(sampass);
username = pdb_get_username(sampass);
nt_pw = pdb_get_nt_passwd(sampass);
lm_pw = pdb_get_lanman_passwd(sampass);
/* see if autolock flag needs to be updated */
- if (acct_ctrl & ACB_NORMAL)
+ if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL)
pdb_update_autolock_flag(sampass, &updated_autolock);
/* Quit if the account was locked out. */
- if (acct_ctrl & ACB_AUTOLOCK) {
+ if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
return NT_STATUS_ACCOUNT_LOCKED_OUT;
}
nt_status = sam_password_ok(auth_context, mem_ctx,
- username, acct_ctrl, lm_pw, nt_pw,
+ username, pdb_get_acct_ctrl(sampass), lm_pw, nt_pw,
user_info, &user_sess_key, &lm_sess_key);
/* Notify passdb backend of login success/failure. If not
@@ -426,7 +424,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
bool increment_bad_pw_count = false;
if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) &&
- acct_ctrl & ACB_NORMAL &&
+ pdb_get_acct_ctrl(sampass) & ACB_NORMAL &&
NT_STATUS_IS_OK(update_login_attempts_status))
{
increment_bad_pw_count =
@@ -457,7 +455,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
goto done;
}
- if ((acct_ctrl & ACB_NORMAL) &&
+ if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) &&
(pdb_get_bad_password_count(sampass) > 0)){
pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);