s3-winbind: BUG 8166 - Don't lockout users when offline.

Windows does not track bad password attempts when offline. We were locking users out but not honoring the lockout duration. Autobuild-User: Jim McDonough <jmcd@samba.org> Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104 (cherry picked from commit b58534f1fca27e3e72f4f4107538ec05734bd42a) (cherry picked from commit a73963dd49d33bcfdd5cbc310dad0f895683eadf)
author: Jim McDonough <jmcd@samba.org> 2011-05-25 10:49:41 -0400
committer: Karolin Seeger <kseeger@samba.org> 2011-06-14 12:58:53 +0200
commit: 9225920bdff24b4a0b0f53f27616d069ba2081da (patch)
tree: d20faff690d27cc173d091db53e20394014ec783
parent: b152f505a9b0fe310ea1d0899c70b395290fade9 (diff)
download: samba-9225920bdff24b4a0b0f53f27616d069ba2081da.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index aab3b722718..df83dc6d118 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1071,7 +1071,10 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 
 	}
 
-	/* User does *NOT* know the correct password, modify info3 accordingly */
+	/* User does *NOT* know the correct password, modify info3 accordingly, but only if online */
+	if (domain->online == false) {
+		goto failed;
+	}
 
 	/* failure of this is not critical */
 	result = get_max_bad_attempts_from_lockout_policy(domain, state->mem_ctx, &max_allowed_bad_attempts);
author	Jim McDonough <jmcd@samba.org>	2011-05-25 10:49:41 -0400
committer	Karolin Seeger <kseeger@samba.org>	2011-06-14 12:58:53 +0200
commit	9225920bdff24b4a0b0f53f27616d069ba2081da (patch)
tree	d20faff690d27cc173d091db53e20394014ec783
parent	b152f505a9b0fe310ea1d0899c70b395290fade9 (diff)
download	samba-9225920bdff24b4a0b0f53f27616d069ba2081da.tar.gz