From 179e63ae9aa93984ea3d237c1039460c5acf01a5 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 14 Jan 2010 14:24:35 +0100 Subject: [PATCH] s3:auth: fix account unlock regression introduced with fix for bug #4347 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit By an oversight, the patchset for #4347 made the unlocking of a locked account after the lockout duration ineffective. Thanks to Björn for finding this! Michael --- source3/auth/auth_sam.c | 12 +++++------- 1 files changed, 5 insertions(+), 7 deletions(-) diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 1dd8fc9..01b2517 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -369,7 +369,6 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, DATA_BLOB user_sess_key = data_blob_null; DATA_BLOB lm_sess_key = data_blob_null; bool updated_autolock = False, updated_badpw = False; - uint32_t acct_ctrl; const char *username; const uint8_t *nt_pw; const uint8_t *lm_pw; @@ -399,22 +398,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, return NT_STATUS_NO_SUCH_USER; } - acct_ctrl = pdb_get_acct_ctrl(sampass); username = pdb_get_username(sampass); nt_pw = pdb_get_nt_passwd(sampass); lm_pw = pdb_get_lanman_passwd(sampass); /* see if autolock flag needs to be updated */ - if (acct_ctrl & ACB_NORMAL) + if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) pdb_update_autolock_flag(sampass, &updated_autolock); /* Quit if the account was locked out. */ - if (acct_ctrl & ACB_AUTOLOCK) { + if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) { DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username)); return NT_STATUS_ACCOUNT_LOCKED_OUT; } nt_status = sam_password_ok(auth_context, mem_ctx, - username, acct_ctrl, lm_pw, nt_pw, + username, pdb_get_acct_ctrl(sampass), lm_pw, nt_pw, user_info, &user_sess_key, &lm_sess_key); /* Notify passdb backend of login success/failure. If not @@ -426,7 +424,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, bool increment_bad_pw_count = false; if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && - acct_ctrl & ACB_NORMAL && + pdb_get_acct_ctrl(sampass) & ACB_NORMAL && NT_STATUS_IS_OK(update_login_attempts_status)) { increment_bad_pw_count = @@ -457,7 +455,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, goto done; } - if ((acct_ctrl & ACB_NORMAL) && + if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && (pdb_get_bad_password_count(sampass) > 0)){ pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); -- 1.6.3.3