Fix edge case in LDAP last_admin_unlock processing

In the LDAP KDB module, set appropriate flags when zeroing entry->fail_auth_count due to an administrative unlock. ticket: 6849 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24601 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2011-01-21 05:00:53 +0000
committer: Greg Hudson <ghudson@mit.edu> 2011-01-21 05:00:53 +0000
commit: 49204ef76a83dcc3e8f6f152980562b8ce5433e0 (patch)
tree: 5a458a66a4573770678ef29995374f47fb45e826 /src/plugins/kdb
parent: 3c9233e48185e9dca15a1118fe54322776258427 (diff)
download: krb5-49204ef76a83dcc3e8f6f152980562b8ce5433e0.tar.gz
krb5-49204ef76a83dcc3e8f6f152980562b8ce5433e0.tar.xz
krb5-49204ef76a83dcc3e8f6f152980562b8ce5433e0.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
index 509c692e6..a218dc7e0 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
@@ -196,6 +196,7 @@ krb5_ldap_lockout_audit(krb5_context context,
             entry->last_failed <= unlock_time) {
             /* Reset fail_auth_count after administrative unlock. */
             entry->fail_auth_count = 0;
+            entry->mask |= KADM5_FAIL_AUTH_COUNT;
         }
 
         if (failcnt_interval != 0 &&
author	Greg Hudson <ghudson@mit.edu>	2011-01-21 05:00:53 +0000
committer	Greg Hudson <ghudson@mit.edu>	2011-01-21 05:00:53 +0000
commit	49204ef76a83dcc3e8f6f152980562b8ce5433e0 (patch)
tree	5a458a66a4573770678ef29995374f47fb45e826 /src/plugins/kdb
parent	3c9233e48185e9dca15a1118fe54322776258427 (diff)
download	krb5-49204ef76a83dcc3e8f6f152980562b8ce5433e0.tar.gz krb5-49204ef76a83dcc3e8f6f152980562b8ce5433e0.tar.xz krb5-49204ef76a83dcc3e8f6f152980562b8ce5433e0.zip