Add bad password reset and display of bad password count/time

(This used to be commit 34fe16e445bd9da762cedb0dd0872959f31ecd67)

1 files changed, 25 insertions, 3 deletions

diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index 83663c52b6..733a1289da 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -48,6 +48,7 @@
 #define BIT_IMPORT	0x01000000
 #define BIT_EXPORT	0x02000000
 #define BIT_FIX_INIT    0x04000000
+#define BIT_BADPWRESET	0x08000000
 
 #define MASK_ALWAYS_GOOD	0x0000001F
 #define MASK_USER_GOOD		0x00401F00
@@ -153,6 +154,11 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst
 		
 		tmp = pdb_get_pass_must_change_time(sam_pwent);
 		printf ("Password must change: %s\n", tmp ? http_timestring(tmp) : "0");
+
+		tmp = pdb_get_bad_password_time(sam_pwent);
+		printf ("Last bad password   : %s\n", tmp ? http_timestring(tmp) : "0");
+		printf ("Bad password count  : %d\n", 
+			pdb_get_bad_password_count(sam_pwent));
 		
 	} else if (smbpwdstyle) {
 		char lm_passwd[33];
@@ -277,7 +283,8 @@ static int set_user_info (struct pdb_context *in, const char *username,
 			  const char *fullname, const char *homedir, 
 			  const char *drive, const char *script, 
 			  const char *profile, const char *account_control,
-			  const char *user_sid, const char *group_sid)
+			  const char *user_sid, const char *group_sid,
+			  const BOOL badpw)
 {
 	SAM_ACCOUNT *sam_pwent=NULL;
 	BOOL ret;
@@ -348,6 +355,11 @@ static int set_user_info (struct pdb_context *in, const char *username,
 		}
 		pdb_set_group_sid (sam_pwent, &g_sid, PDB_CHANGED);
 	}
+
+	if (badpw) {
+		pdb_set_bad_password_count(sam_pwent, 0, PDB_CHANGED);
+		pdb_set_bad_password_time(sam_pwent, 0, PDB_CHANGED);
+	}
 	
 	if (NT_STATUS_IS_OK(in->pdb_update_sam_account (in, sam_pwent)))
 		print_user_info (in, username, True, False);
@@ -595,6 +607,7 @@ int main (int argc, char **argv)
 	static char *group_sid = NULL;
 	static long int account_policy_value = 0;
 	BOOL account_policy_value_set = False;
+	static BOOL badpw_reset = False;
 
 	struct pdb_context *bin;
 	struct pdb_context *bout;
@@ -625,6 +638,7 @@ int main (int argc, char **argv)
 		{"value",       'C', POPT_ARG_LONG, &account_policy_value, 'C',"set the account policy to this value", NULL},
 		{"account-control",	'c', POPT_ARG_STRING, &account_control, 0, "Values of account control", NULL},
 		{"force-initialized-passwords", 0, POPT_ARG_NONE, &force_initialised_password, 0, "Force initialization of corrupt password strings in a passdb backend", NULL},
+		{"bad-password-count-reset", 'z', POPT_ARG_NONE, &badpw_reset, 0, "reset bad password count", NULL},
 		POPT_COMMON_SAMBA
 		POPT_TABLEEND
 	};
@@ -677,7 +691,8 @@ int main (int argc, char **argv)
 			(account_policy ? BIT_ACCPOLICY : 0) +
 			(account_policy_value_set ? BIT_ACCPOLVAL : 0) +
 			(backend_in ? BIT_IMPORT : 0) +
-			(backend_out ? BIT_EXPORT : 0);
+			(backend_out ? BIT_EXPORT : 0) +
+			(badpw_reset ? BIT_BADPWRESET : 0);
 
 	if (setparms & BIT_BACKEND) {
 		if (!NT_STATUS_IS_OK(make_pdb_context_string(&bdef, backend))) {
@@ -774,6 +789,12 @@ int main (int argc, char **argv)
 	
 	/* mask out users options */
 	checkparms &= ~MASK_USER_GOOD;
+
+	/* if bad password count is reset, we must be modifying */
+	if (checkparms & BIT_BADPWRESET) {
+		checkparms |= BIT_MODIFY;
+		checkparms &= ~BIT_BADPWRESET;
+	}
 	
 	/* account operation */
 	if ((checkparms & BIT_CREATE) || (checkparms & BIT_MODIFY) || (checkparms & BIT_DELETE)) {
@@ -810,7 +831,8 @@ int main (int argc, char **argv)
 					      home_drive,
 					      logon_script,
 					      profile_path, account_control,
-					      user_sid, group_sid);
+					      user_sid, group_sid,
+					      badpw_reset);
 		}
 	}