diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-12-05 16:06:46 +1300 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2014-04-02 17:12:45 +0200 |
commit | c8e4c6a022046e70461e9faa2a7e39d9489f9b42 (patch) | |
tree | de36ddbd565564b52d9967096ffa78cbac196e18 /source3/auth | |
parent | 56d3e528bd31a4ee0d24fa476aeff8eaf2da236b (diff) | |
download | samba-c8e4c6a022046e70461e9faa2a7e39d9489f9b42.tar.gz samba-c8e4c6a022046e70461e9faa2a7e39d9489f9b42.tar.xz samba-c8e4c6a022046e70461e9faa2a7e39d9489f9b42.zip |
s3-auth: Do not reset bad password count to 0 if account is disabled
Change-Id: I895435fb278eae5d92b4a8e15d062769c0e8a71a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/check_samsec.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c index 8bcd40e2de..ff634aa496 100644 --- a/source3/auth/check_samsec.c +++ b/source3/auth/check_samsec.c @@ -458,15 +458,21 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, goto done; } + /* + * We must only reset the bad password count if the login was + * successful, including checking account policies + */ + nt_status = sam_account_ok(mem_ctx, sampass, user_info); + if (!NT_STATUS_IS_OK(nt_status)) { + goto done; + } + if ((acct_ctrl & ACB_NORMAL) && (pdb_get_bad_password_count(sampass) > 0)){ + NTSTATUS status; + pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); - updated_badpw = True; - } - - if (updated_badpw){ - NTSTATUS status; become_root(); status = pdb_update_sam_account(sampass); @@ -478,12 +484,6 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, } } - nt_status = sam_account_ok(mem_ctx, sampass, user_info); - - if (!NT_STATUS_IS_OK(nt_status)) { - goto done; - } - become_root(); nt_status = make_server_info_sam(mem_ctx, sampass, server_info); unbecome_root(); |