diff options
author | Stefan Metzmacher <metze@samba.org> | 2016-02-03 19:33:51 +0100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2016-06-30 03:30:24 +0200 |
commit | 1acd477960dc30e6a3b9d6480a2d78437520a959 (patch) | |
tree | c64244c04f303c6245437700092160094bf168fc /source4/auth | |
parent | a35a5e90223604aaa15bd14b42a67f39dd34e047 (diff) | |
download | samba-1acd477960dc30e6a3b9d6480a2d78437520a959.tar.gz |
s4:auth/sam: only reset badPwdCount when the effetive value is not 0 already
Non interactive logons doesn't reset badPwdCount to 0
when the effective badPwdCount is already 0
(with (badPasswordTime + lockOutObservationWindows) < now).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/sam.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 23c53682e14..7d3e0755340 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -810,19 +810,25 @@ NTSTATUS authsam_logon_success_accounting(struct ldb_context *sam_ctx, NTTIME lastLogonTimestamp; NTTIME lastLogon; + mem_ctx = talloc_new(msg); + if (mem_ctx == NULL) { + return NT_STATUS_NO_MEMORY; + } + lockoutTime = ldb_msg_find_attr_as_int64(msg, "lockoutTime", 0); - badPwdCount = ldb_msg_find_attr_as_int(msg, "badPwdCount", 0); - lastLogonTimestamp = \ + if (interactive_or_kerberos) { + badPwdCount = ldb_msg_find_attr_as_int(msg, "badPwdCount", 0); + } else { + badPwdCount = samdb_result_effective_badPwdCount(sam_ctx, mem_ctx, + domain_dn, msg); + } + lastLogonTimestamp = ldb_msg_find_attr_as_int64(msg, "lastLogonTimestamp", 0); lastLogon = ldb_msg_find_attr_as_int64(msg, "lastLogon", 0); DEBUG(5, ("lastLogonTimestamp is %lld\n", (long long int)lastLogonTimestamp)); - mem_ctx = talloc_new(msg); - if (mem_ctx == NULL) { - return NT_STATUS_NO_MEMORY; - } msg_mod = ldb_msg_new(mem_ctx); if (msg_mod == NULL) { TALLOC_FREE(mem_ctx); |