summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
authorJim McDonough <jmcd@samba.org>2004-02-19 18:35:43 +0000
committerJim McDonough <jmcd@samba.org>2004-02-19 18:35:43 +0000
commite507a836179080cc9efded6afb883996042a6445 (patch)
tree903f5db5ec023f7caa9d6d3847c19551901136f9 /source3/passdb
parentb3508ea61e19a8618989d4fe41cc6a742702a60d (diff)
downloadsamba-e507a836179080cc9efded6afb883996042a6445.tar.gz
samba-e507a836179080cc9efded6afb883996042a6445.tar.bz2
samba-e507a836179080cc9efded6afb883996042a6445.zip
Add bad pw count and autolock flag update fn()s
(This used to be commit 600fcd534b6e101b6a12774946b0e9814c6f54a8)
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/passdb.c129
1 files changed, 127 insertions, 2 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index ddba4c6897..86e3af4a2a 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1395,7 +1395,7 @@ BOOL init_sam_from_buffer_v0(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen)
&logon_count,
&unknown_6);
- if (len == -1) {
+ if (len == (uint32) -1) {
ret = False;
goto done;
}
@@ -1811,7 +1811,7 @@ BOOL init_sam_from_buffer_v1(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen)
&logon_count,
&unknown_6);
- if (len == -1) {
+ if (len == (uint32) -1) {
ret = False;
goto done;
}
@@ -2198,3 +2198,128 @@ BOOL get_free_rid_range(uint32 *low, uint32 *high)
return True;
}
+
+/*********************************************************************
+ Update the bad password count checking the AP_RESET_COUNT_TIME
+*********************************************************************/
+
+BOOL pdb_update_bad_password_count(SAM_ACCOUNT *sampass, BOOL *updated)
+{
+ time_t LastBadPassword;
+ uint16 BadPasswordCount;
+ uint32 resettime;
+
+ BadPasswordCount = pdb_get_bad_password_count(sampass);
+ if(BadPasswordCount > 0){
+ if (!account_policy_get(AP_RESET_COUNT_TIME, &resettime)) {
+ DEBUG(0, ("account_policy_get failed.\n"));
+ return False;
+ } else {
+ LastBadPassword = pdb_get_bad_password_time(sampass);
+ DEBUG(10, ("LastBadPassword=%d, resettime=%d.\n",
+ (uint32) LastBadPassword, resettime));
+ if (resettime &&
+ (time(NULL) > (LastBadPassword +
+ (time_t)resettime*60))){
+ pdb_set_bad_password_count(sampass,
+ 0, PDB_CHANGED);
+ pdb_set_bad_password_time(sampass, 0,
+ PDB_CHANGED);
+ *updated =True;
+ }
+ }
+ }
+ return True;
+}
+
+/*********************************************************************
+ Update the ACB_AUTOLOCK flag checking the AP_LOCK_ACCOUNT_DURATION
+*********************************************************************/
+
+BOOL pdb_update_autolock_flag(SAM_ACCOUNT *sampass, BOOL *updated)
+{
+ uint32 duration;
+ time_t LastBadPassword;
+
+ if (!sampass)
+ return False;
+
+ if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
+ if (!account_policy_get(AP_LOCK_ACCOUNT_DURATION,
+ &duration)) {
+ DEBUG(0, ("pdb_update_autolock_flag: account_policy_get failed.\n"));
+ return False;
+ } else {
+ LastBadPassword = pdb_get_bad_password_time(sampass);
+ DEBUG(10, ("LastBadPassword=%d, duration=%d.\n",
+ (uint32) LastBadPassword, duration*60 ));
+ if (duration &&
+ (time(NULL) >
+ (LastBadPassword + (time_t)duration*60))){
+ DEBUG(10, ("LastBadPassword=%d, duration=%d.\n",
+ (uint32) LastBadPassword,
+ duration*60 ));
+ pdb_set_acct_ctrl(sampass,
+ pdb_get_acct_ctrl(sampass) & ~ACB_AUTOLOCK,
+ PDB_CHANGED);
+ pdb_set_bad_password_count(sampass,
+ 0, PDB_CHANGED);
+ pdb_set_bad_password_time(sampass, 0,
+ PDB_CHANGED);
+ *updated =True;
+ }
+ }
+ }
+
+ return True;
+}
+
+/*********************************************************************
+ Increment the bad_password_count
+*********************************************************************/
+
+BOOL pdb_increment_bad_password_count(SAM_ACCOUNT *sampass)
+{
+ uint32 resettime;
+ uint32 account_policy_lockout;
+ time_t LastBadPassword;
+
+ if (!sampass)
+ return False;
+
+ if (!account_policy_get(AP_RESET_COUNT_TIME, &resettime)) {
+ DEBUG(0, ("account_policy_get failed.\n"));
+ return False;
+ } else {
+ LastBadPassword = pdb_get_bad_password_time(sampass);
+ DEBUG(10, ("LastBadPassword=%d, resettime=%d.\n",
+ (uint32) LastBadPassword, resettime));
+ DEBUG(10, ("time(null) = %d\n", (uint32) time(NULL)));
+ if ((resettime) && (LastBadPassword) &&
+ (time(NULL) > (LastBadPassword + (time_t)resettime*60))){
+ pdb_set_bad_password_count(sampass, 1, PDB_CHANGED);
+ } else {
+ pdb_set_bad_password_count(sampass,
+ pdb_get_bad_password_count(sampass)+1,
+ PDB_CHANGED);
+ }
+ pdb_set_bad_password_time(sampass, time(NULL), PDB_CHANGED);
+
+ if (!account_policy_get(AP_BAD_ATTEMPT_LOCKOUT,
+ &account_policy_lockout)) {
+ DEBUG(0, ("account_policy_get failed.\n"));
+ return False;
+ } else {
+ if (account_policy_lockout &&
+ (pdb_get_bad_password_count(sampass) >= account_policy_lockout)) {
+ if (!pdb_set_acct_ctrl (sampass,
+ pdb_get_acct_ctrl(sampass) |ACB_AUTOLOCK,
+ PDB_CHANGED)) {
+ DEBUG(1, ("pdb_increment_bad_password_count:failed to set 'autolock' flag. \n"));
+ return False;
+ }
+ }
+ }
+ return True;
+ }
+}