diff options
author | Michael Adam <obnox@samba.org> | 2010-01-14 14:24:35 +0100 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2010-01-14 15:48:09 +0100 |
commit | 8573471154d63644bc581d0b6a80f73927ca3e93 (patch) | |
tree | 72407b46db32f62c4006f2b8412820e16ccedb34 | |
parent | 743adfda911e9123132fcc0d599080d869f419ab (diff) | |
download | samba-8573471154d63644bc581d0b6a80f73927ca3e93.tar.gz samba-8573471154d63644bc581d0b6a80f73927ca3e93.tar.bz2 samba-8573471154d63644bc581d0b6a80f73927ca3e93.zip |
s3:auth: fix account unlock regression introduced with fix for bug #4347
By an oversight, the patchset for #4347 made the unlocking of a locked
account after the lockout duration ineffective.
Thanks to Björn for finding this!
Michael
-rw-r--r-- | source3/auth/auth_sam.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 1dd8fc950e..01b25178ee 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -369,7 +369,6 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, DATA_BLOB user_sess_key = data_blob_null; DATA_BLOB lm_sess_key = data_blob_null; bool updated_autolock = False, updated_badpw = False; - uint32_t acct_ctrl; const char *username; const uint8_t *nt_pw; const uint8_t *lm_pw; @@ -399,22 +398,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, return NT_STATUS_NO_SUCH_USER; } - acct_ctrl = pdb_get_acct_ctrl(sampass); username = pdb_get_username(sampass); nt_pw = pdb_get_nt_passwd(sampass); lm_pw = pdb_get_lanman_passwd(sampass); /* see if autolock flag needs to be updated */ - if (acct_ctrl & ACB_NORMAL) + if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) pdb_update_autolock_flag(sampass, &updated_autolock); /* Quit if the account was locked out. */ - if (acct_ctrl & ACB_AUTOLOCK) { + if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) { DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username)); return NT_STATUS_ACCOUNT_LOCKED_OUT; } nt_status = sam_password_ok(auth_context, mem_ctx, - username, acct_ctrl, lm_pw, nt_pw, + username, pdb_get_acct_ctrl(sampass), lm_pw, nt_pw, user_info, &user_sess_key, &lm_sess_key); /* Notify passdb backend of login success/failure. If not @@ -426,7 +424,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, bool increment_bad_pw_count = false; if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && - acct_ctrl & ACB_NORMAL && + pdb_get_acct_ctrl(sampass) & ACB_NORMAL && NT_STATUS_IS_OK(update_login_attempts_status)) { increment_bad_pw_count = @@ -457,7 +455,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, goto done; } - if ((acct_ctrl & ACB_NORMAL) && + if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && (pdb_get_bad_password_count(sampass) > 0)){ pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); |