diff options
| author | Stefan Metzmacher <metze@samba.org> | 2014-03-25 07:23:04 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2014-04-02 17:12:47 +0200 |
| commit | 1a483a8b4ba9640c2f57c34366433b6e219c27b2 (patch) | |
| tree | 505a7a0415b549f37a42812fc77954a1a685d6d5 | |
| parent | 3ed55210ff5301ca06ec924c5fb4b08bc8832d4b (diff) | |
| download | samba-1a483a8b4ba9640c2f57c34366433b6e219c27b2.tar.gz samba-1a483a8b4ba9640c2f57c34366433b6e219c27b2.tar.xz samba-1a483a8b4ba9640c2f57c34366433b6e219c27b2.zip | |
s4:dsdb/samldb: add let lockoutTime=0 reset badPwdCount=0
See [MS-SAMR] 3.1.1.8.3 lockoutTime.
Change-Id: Ic384a8e2b88c8e9eb1859df99ee09451ebd49fec
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 91a9680741d..a8dcf91f23c 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -1648,6 +1648,54 @@ static int samldb_user_account_control_change(struct samldb_ctx *ac) return LDB_SUCCESS; } +static int samldb_lockout_time(struct samldb_ctx *ac) +{ + struct ldb_context *ldb = ldb_module_get_ctx(ac->module); + NTTIME lockoutTime; + struct ldb_message_element *el; + struct ldb_message *tmp_msg; + int ret; + + el = dsdb_get_single_valued_attr(ac->msg, "lockoutTime", + ac->req->operation); + if (el == NULL || el->num_values == 0) { + ldb_asprintf_errstring(ldb, + "%08X: samldb: 'lockoutTime' can't be deleted!", + W_ERROR_V(WERR_DS_ILLEGAL_MOD_OPERATION)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + + /* Create a temporary message for fetching the "lockoutTime" */ + tmp_msg = ldb_msg_new(ac->msg); + if (tmp_msg == NULL) { + return ldb_module_oom(ac->module); + } + ret = ldb_msg_add(tmp_msg, el, 0); + if (ret != LDB_SUCCESS) { + return ret; + } + lockoutTime = ldb_msg_find_attr_as_int64(tmp_msg, + "lockoutTime", + 0); + talloc_free(tmp_msg); + + if (lockoutTime != 0) { + return LDB_SUCCESS; + } + + /* lockoutTime == 0 resets badPwdCount */ + ldb_msg_remove_attr(ac->msg, "badPwdCount"); + ret = samdb_msg_add_int(ldb, ac->msg, ac->msg, + "badPwdCount", 0); + if (ret != LDB_SUCCESS) { + return ret; + } + el = ldb_msg_find_element(ac->msg, "badPwdCount"); + el->flags = LDB_FLAG_MOD_REPLACE; + + return LDB_SUCCESS; +} + static int samldb_group_type_change(struct samldb_ctx *ac) { struct ldb_context *ldb = ldb_module_get_ctx(ac->module); @@ -2437,6 +2485,15 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) } } + el = ldb_msg_find_element(ac->msg, "lockoutTime"); + if (el != NULL) { + modified = true; + ret = samldb_lockout_time(ac); + if (ret != LDB_SUCCESS) { + return ret; + } + } + el = ldb_msg_find_element(ac->msg, "groupType"); if (el != NULL) { modified = true; |