diff options
author | Andreas Schneider <asn@samba.org> | 2010-08-23 10:08:53 +0200 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2010-08-30 10:43:41 -0400 |
commit | c5cfad142c6bc5cd4819726cf2444108bc7639c3 (patch) | |
tree | b190f330a9b24cb274e445a024571bd0c7ef8b87 /source3/passdb | |
parent | 2ab0b63bd89d2d833695dc33aecec7a63ccbab0c (diff) | |
download | samba-c5cfad142c6bc5cd4819726cf2444108bc7639c3.tar.gz samba-c5cfad142c6bc5cd4819726cf2444108bc7639c3.tar.bz2 samba-c5cfad142c6bc5cd4819726cf2444108bc7639c3.zip |
s3-passdb: Try to unlock the account if it is locked out.
Signed-off-by: Simo Sorce <idra@samba.org>
Diffstat (limited to 'source3/passdb')
-rw-r--r-- | source3/passdb/pdb_interface.c | 63 |
1 files changed, 53 insertions, 10 deletions
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 611afdbdd5..4f93b33a54 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -291,17 +291,36 @@ static bool pdb_try_account_unlock(struct samu *sampass) return true; } -/********************************************************************** -**********************************************************************/ - +/** + * @brief Get a sam user structure by the given username. + * + * This functions also checks if the account has been automatically locked out + * and unlocks it if a lockout duration time has been defined and the time has + * elapsed. + * + * @param[in] sam_acct The sam user structure to fill. + * + * @param[in] username The username to look for. + * + * @return True on success, false on error. + */ bool pdb_getsampwnam(struct samu *sam_acct, const char *username) { struct pdb_methods *pdb = pdb_get_methods(); struct samu *for_cache; const struct dom_sid *user_sid; + NTSTATUS status; + bool ok; - if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) { - return False; + status = pdb->getsampwnam(pdb, sam_acct, username); + if (!NT_STATUS_IS_OK(status)) { + return false; + } + + ok = pdb_try_account_unlock(sam_acct); + if (!ok) { + DEBUG(1, ("pdb_getsampwnam: Failed to unlock account %s\n", + username)); } for_cache = samu_new(NULL); @@ -345,14 +364,26 @@ static bool guest_user_info( struct samu *user ) return NT_STATUS_IS_OK( result ); } -/********************************************************************** -**********************************************************************/ - +/** + * @brief Get a sam user structure by the given username. + * + * This functions also checks if the account has been automatically locked out + * and unlocks it if a lockout duration time has been defined and the time has + * elapsed. + * + * + * @param[in] sam_acct The sam user structure to fill. + * + * @param[in] sid The user SDI to look up. + * + * @return True on success, false on error. + */ bool pdb_getsampwsid(struct samu *sam_acct, const struct dom_sid *sid) { struct pdb_methods *pdb = pdb_get_methods(); uint32_t rid; void *cache_data; + bool ok = false; /* hard code the Guest RID of 501 */ @@ -373,10 +404,22 @@ bool pdb_getsampwsid(struct samu *sam_acct, const struct dom_sid *sid) struct samu *cache_copy = talloc_get_type_abort( cache_data, struct samu); - return pdb_copy_sam_account(sam_acct, cache_copy); + ok = pdb_copy_sam_account(sam_acct, cache_copy); + } else { + ok = NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid)); + } + + if (!ok) { + return false; } - return NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid)); + ok = pdb_try_account_unlock(sam_acct); + if (!ok) { + DEBUG(1, ("pdb_getsampwsid: Failed to unlock account %s\n", + sam_acct->username)); + } + + return true; } static NTSTATUS pdb_default_create_user(struct pdb_methods *methods, |