summaryrefslogtreecommitdiff
path: root/source3/include
diff options
context:
space:
mode:
authorJim McDonough <jmcd@samba.org>2004-03-18 19:22:51 +0000
committerJim McDonough <jmcd@samba.org>2004-03-18 19:22:51 +0000
commit357998ddbdeb2fae0a30c578e747154fec22c180 (patch)
treee1d3c687163e603256b60dad9d56333bdc70e5c4 /source3/include
parent5d40499b9f46aff4a70aeda0b8b3b147d2d69c2a (diff)
downloadsamba-357998ddbdeb2fae0a30c578e747154fec22c180.tar.gz
samba-357998ddbdeb2fae0a30c578e747154fec22c180.tar.bz2
samba-357998ddbdeb2fae0a30c578e747154fec22c180.zip
Password lockout for LDAP backend. Caches autolock flag, bad count, and
bad time locally, updating the directory only for hitting the policy limit or resetting. This needed to be done at the passdb level rather than auth, because some of the functions need to be supported from tools such as pdbedit. It was done at the LDAP backend level instead of generically after discussion, because of the complexity of inserting it at a higher level. The login cache read/write/delete is outside of the ldap backend, so it could easily be called by other backends. tdbsam won't call it for obvious reasons, and authors of other backends need to decide if they want to implement it. (This used to be commit 2a679cbc87a2a9111e9e6cdebbb62dec0ab3a0c0)
Diffstat (limited to 'source3/include')
-rw-r--r--source3/include/passdb.h9
-rw-r--r--source3/include/smbldap.h1
2 files changed, 10 insertions, 0 deletions
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 9eab46bbff..75c4fd215b 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -125,6 +125,15 @@ enum pdb_value_state {
#define IS_SAM_SET(x, flag) (pdb_get_init_flags(x, flag) == PDB_SET)
#define IS_SAM_CHANGED(x, flag) (pdb_get_init_flags(x, flag) == PDB_CHANGED)
#define IS_SAM_DEFAULT(x, flag) (pdb_get_init_flags(x, flag) == PDB_DEFAULT)
+
+/* cache for bad password lockout data, to be used on replicated SAMs */
+typedef struct logon_cache_struct
+{
+ time_t entry_timestamp;
+ uint16 acct_ctrl;
+ uint16 bad_password_count;
+ time_t bad_password_time;
+} LOGIN_CACHE;
typedef struct sam_passwd
{
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index 2f71f971d9..68a2c00afe 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -92,6 +92,7 @@
#define LDAP_ATTR_LOGON_COUNT 36
#define LDAP_ATTR_MUNGED_DIAL 37
#define LDAP_ATTR_BAD_PASSWORD_TIME 38
+#define LDAP_ATTR_MOD_TIMESTAMP 39
typedef struct _attrib_map_entry {
int attrib;