From ee5dd175e5ac17112e0837dbba6d02e4dd7aa972 Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Sat, 21 Feb 2004 17:41:28 +0000
Subject: Add calls to password lockout functions.  Should now work against
 tdbsam only. (This used to be commit
 3e8a9c3584ff2a3c2e120c97569676ac45ec8e59)

---
 source3/auth/auth_sam.c | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

(limited to 'source3/auth/auth_sam.c')

diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index ebb1e3d861..b35cc78d6b 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -179,6 +179,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 	NTSTATUS nt_status;
 	DATA_BLOB user_sess_key = data_blob(NULL, 0);
 	DATA_BLOB lm_sess_key = data_blob(NULL, 0);
+	BOOL updated_autolock = False, updated_badpw = False;
 
 	if (!user_info || !auth_context) {
 		return NT_STATUS_UNSUCCESSFUL;
@@ -202,14 +203,51 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
+	/* see if autolock flag needs to be updated */
+	if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL)
+		pdb_update_autolock_flag(sampass, &updated_autolock);
+	/* Quit if the account was locked out. */
+	if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
+		DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", pdb_get_username(sampass)));
+		return NT_STATUS_ACCOUNT_LOCKED_OUT;
+	}
+
 	nt_status = sam_password_ok(auth_context, mem_ctx, sampass, 
 				    user_info, &user_sess_key, &lm_sess_key);
 	
 	if (!NT_STATUS_IS_OK(nt_status)) {
+		if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && 
+		    pdb_get_acct_ctrl(sampass) &ACB_NORMAL) {  
+			pdb_increment_bad_password_count(sampass);
+			updated_badpw = True;
+		} else {
+			pdb_update_bad_password_count(sampass, 
+						      &updated_badpw);
+		}
+		if (updated_autolock || updated_badpw){
+			become_root();
+			if(!pdb_update_sam_account(sampass))
+				DEBUG(1, ("Failed to modify entry.\n"));
+			unbecome_root();
+		}
 		pdb_free_sam(&sampass);
 		return nt_status;
 	}
 
+	if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && 
+	    (pdb_get_bad_password_count(sampass) > 0)){
+		pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
+		pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
+		updated_badpw = True;
+	}
+
+	if (updated_autolock || updated_badpw){
+		become_root();
+		if(!pdb_update_sam_account(sampass))
+			DEBUG(1, ("Failed to modify entry.\n"));
+		unbecome_root();
+ 	}
+
 	nt_status = sam_account_ok(mem_ctx, sampass, user_info);
 
 	if (!NT_STATUS_IS_OK(nt_status)) {
-- 
cgit